Security Basics mailing list archives
Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports
From: David Gress <dgress91 () gmail com>
Date: Wed, 19 Aug 2009 15:58:50 -0400
A switch would be best but a router would be better than a hub. Because a switch will create multiple collision domains(one per port) a router will create multiple collision and broadcast domains one per port. Hubs do neither they actually create
Sent from my mobile deviceOn Aug 18, 2009, at 7:07 PM, "David Gillett" <gillettdavid () fhda edu> wrote:
Ok... let's change the situation around a bit. If your router only has four ethernet ports on it and you want to connect seven computers to the LAN, do you buy a router or a hub? If you buy a router, you'll be creating a LAN within a LAN - if you buy a hub, you'll just be extending the existing LAN.For such a small network, it is extremely unlikely that your router has four interfaces; odds are that it has two interfaces and that one of them connects to a switch inside the same box. To extend it, I would ideally cascade a second (external) switch off of one of those switched ports.Let's say the network my ISP connects me to is, itself, a LAN. Technically, the fact that they provide my internet service qualifies them as an ISP, does it not? That this, shall we say, pseudo ISP wants to ban me, however, does not mean their ISP wants to ban me. Indeed, thanks to network address translation, they wouldn't be able to distinguish me from anyone else.IF, indeed, they are doing network address translation. They probably are not, which means that providers upstream from them can single out your LAN's traffic from anyone else's. I don't know what you mean by "pseudo ISP", and I suspect you're not sure either.Or lets say you're the US Department of Defense and have multiple /8 IP address blocks. If you have a hub plugged directly into their OC-192 modem do you still need 20 modems / routers for 20 users? I actually don't know the answer to that one, although I suspect you don't, either.At the top I said that it was unlikely that your small router had more than two interfaces. A router that would be used in this situation probably has more than two *physical* interfaces -- a fiber interface for the hypothetical OC-192, and multiple Ethernet interfaces pointing into the internal network. Some of those may trunked, providing multiple virtual interfaces; some of the subnets that connect directly to this border router may be WAN links to additional routers in other locations which similarly connect to multiple subnets. Nothing dictates that any of these routers needs to be doing NAT. The DOD undoubtedly owns plenty of globally routable addresses, and the tables on the various routers will make sure that packets are delivered to where they need to be. The "modem" is part of the outside interface of the gateway router. This has nothing to do with whether addresses behind that router are distinguishable outside of it. Routers throughout the rest of the Internet either know that those clients lie somewhere behind that gateway router -- or by default will pass traffic for those addresses to some router that does know. I think you're conflating the layer 2 "routing" that switches do with the layer 3 routing that routers do (to which NAT may be added as an option, but rarely is outside of SOHO deployments). That can lead to all sorts of confusion. David Gillett CCNP CISSP--- ---------------------------------------------------------------------Securing Apache Web Server with thawte Digital CertificateIn this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1--- ---------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Offsite confidential data storage?, (continued)
- RE: Offsite confidential data storage? Ian Bradshaw (Aug 19)
- Message not available
- Re: Offsite confidential data storage? { Feeyo|NixDevs } (Aug 19)
- RE: Offsite confidential data storage? Rene Groothuis (Aug 19)
- Re: Offsite confidential data storage? Simone (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Richard Golodner (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Message not available
- Message not available
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Justin Mitchell (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gillett (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gress (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports Thomas Anderson (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports David Gillett (Aug 18)