Educause Security Discussion mailing list archives
Private Vlans
From: Dennis Bohn <bohn () ADELPHI EDU>
Date: Thu, 28 Jul 2011 13:01:38 -0400
We are in a position to make a few changes on our network, and are kicking around the idea of private vlans on our server segments. Our thoughts so far are: Advantages: Prevent a compromised machine from nmapping the segment. Make it harder (but not impossible) for the compromised machine to communicate with other machines on the segment. The idea of servers being isolated, and only able to communicate with the gateway is attractive. Disadvantages: Time/energy to configure Time/energy to maintain: no matter how much the server admin swears that server A will never ever ever need to communicate with Server B, .... that day will come! It seems like the permutations of necessary server-to-server communication could be prohibitive. Has anyone tried this and are there any lessons learned that you would like to share? TIA, Dennis Bohn Manager of Network and Systems Adelphi University bohn () adelphi edu 5168773327
Current thread:
- Private Vlans Dennis Bohn (Jul 28)
- Re: Private Vlans Everett, Alex D (Jul 28)
- Re: Private Vlans Jeff Kell (Jul 28)
- Re: Private Vlans Flynn, Gary - flynngn (Jul 28)
- Re: Private Vlans Everett, Alex D (Jul 28)
- Re: Private Vlans Rich Graves (Jul 29)
- Re: Private Vlans Everett, Alex D (Jul 28)
- Re: Private Vlans Russ Leathe (Jul 29)
- University e-mail addresses dumped to pastebin Justin C. Klein Keane (Aug 02)
- Re: University e-mail addresses dumped to pastebin Vincent Ohprecio (Aug 02)
- University e-mail addresses dumped to pastebin Justin C. Klein Keane (Aug 02)