Firewall Wizards mailing list archives

Re: DMZ and ELAN

From: "Roelof JT Jonkman" <rjonkman () ittc ukans edu>
Date: Mon, 10 Apr 2000 16:05:12 -0500

Melissa,

Elan's are sort of ok for dmz, but if you have atm, why not set up CLIP with
pvc's. Disable signalling on the switch ports, and just set up blunt pvc's.
Have Joe Hacker defeat that! You can control very specifically what goes where
in a configuration like that, and broadcast is history, and therefore sniffing
the wire will not give you any more info than what is destined for the machine
you're on. As far as security goes this would be probably among my most 
favorite ways to configure a dmz. As far as complexity this would score rather
low though.

ELAN suffers pretty much from the same troubles as ethernet does in a dmz app.
(It's ethernet over atm essentially..., so as a matter of fact you get some
gratuitous holes on the atm side, that you wouldn't have with just ethernet.)

roel

Current thread:

DMZ and ELAN Melissa Stockman (Apr 10)
- Re: DMZ and ELAN Roelof JT Jonkman (Apr 11)
- Re: DMZ and ELAN Ryan Russell (Apr 13)
- <Possible follow-ups>
- RE: DMZ and ELAN Tiseo, Paul (Apr 18)
  - Re: DMZ and ELAN Roelof JT Jonkman (Apr 18)