Firewall Wizards mailing list archives
Re: Q on external router
From: tqbf () secnet com
Date: Fri, 24 Apr 1998 02:27:39 -0500 (CDT)
Do not misread me, I'm by no way saying that a `mostly dumb' ethernet switch can replace a firewall... I'm just saying that instead of using a hub for a DMZ, you can use another device that can increase your security.
Don't get me wrong, I'm not saying "don't deploy switches". On the contrary, it is becoming apparent that deployment of switched Ethernet is pretty much mandatory in production networks, for performance reasons. What I am saying is that it is foolish to deploy switches in a manner that forces your network to rely on them for security. When designing a secure system, you should work from the assumption that attackers will be able to sniff through switched Ethernet. ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "If you're so special, why aren't you dead?"
Current thread:
- Q on external router Vinci Chou (Apr 22)
- Re: Q on external router Vinci Chou (Apr 22)
- Re: Q on external router Bennett Todd (Apr 22)
- Re: Q on external router Bernhard Schneck (Apr 22)
- Re: Q on external router Eric Vyncke (Apr 23)
- Re: Q on external router tqbf (Apr 23)
- Re: Q on external router Eric Vyncke (Apr 24)
- Re: Q on external router tqbf (Apr 24)
- Re: Q on external router Vinci Chou (Apr 22)
- RE: Q on external router Andrew J. Luca (Apr 24)
- Re: Q on external router Marcus J. Ranum (Apr 23)
- Re: Q on external router tqbf (Apr 23)
- Re: Q on external router Paul D. Robertson (Apr 24)
- Re: Q on external router Eric Vyncke (Apr 24)
- Re: Q on external router tqbf (Apr 24)