Re: Different terms for the same or more secure?

["Brian Loe" <knobdy () gmail com>]

> >   One definition of "subnet" is that it is a contiguous block of
> > host addresses.  One typically uses such a block of addresses on
> > a LAN, whether it's physical or virtual.
> Physical meaning actually there and virtual meaning there but no physically?

If its physically subnetted then there's a router between the subnets.
Logically seperated subnets, I suppose, would be vlaned subnets
(virtual being logical - not real/physical).


> Similar to  an IP being divided into subnets ie one for accounting,
> another for sales etc? How are the node MAC addresses grouped? I would
> assume by their subnet, which is exactly what a subnet does. A subnet
> groups similar nodes together so that they can  communicate easily with
> one another and the switches do not need to liaise with those subnet
> nodes re other services on other subnets. So what does a VLAN do that a
> subnet doesn't and why is one better than the other?

The only thing a VLAN does is break up broadcast domains. Subnets, on
the other hand, are controlled and limited by your IP addressing
scheme - and provide nothing, a router or other such device (firewall
for instance) is divide them up.


> OK. You're starting to get fuzzy as there must be ethernet interference
> :) Let me get the basics right and solid then I'll explore the other
> features.
> >

The switch adds vlan tags to the packets being passed on the network.
When you trunk a port you're allowing that port to pass all of those
tags as opposed to just one.

> OK so a physical subnetted network is 'safer'/'more secure' than a VLAN
> network.

You will have to "subnet" your VLANs - subnets and VLANS are not
interchangable, they're not equivelant. Neither provides security
features.

> I'm still not getting the difference between a virtual and a physical
> LAN. Can anyone give me an example of say a company with two branches in
> different locations with each branch have its own sales and accounts
> department. I would subnet my IP such:

The two locations will almost always be physically seperate networks
because you will need to route between them, same for floors (if each
floor has a switch), etc.. In this instance the benefit of a VLAN
*may* be the ability to put to similar groups in disparate geographic
areas in the same VLAN allowing them to talk to each other "directly".
I, however, do not see the benefit in it at all, perhaps someone else
can explain the benefit (and I'm talking user VLANs).

I would highly suggest picking up a basic networking book. Even an
old/used Microsoft Networking study book would go a long ways in your
education. A CCNA book would also be a superb step in the right
direction.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------