Firewall Wizards mailing list archives

Re: Layer 4 switch vs. firewall

From: "Tony Miedaner" <miedaner () twcny rr com>
Date: Thu, 15 Feb 2001 09:40:39 -0500

It depends on what you are protecting doesn't it.

If you are physically present, VLAN'd Switches alone are easy to get around.
Layer 3/4 access lists are also easy to get around - change your IP and
hookup to the right port and you are talking to something.

If your goal is improve LAN performance and get limited visibility to
sniffers and the like. A switch will work fine, but I am hesitant to totally
rely on switch security.

If the environment is secure and subnetting is well defined by geography
(i.e., dept.) the L3/4 access list provides as much protection as a router
with ACL's would.  But this goes against VLAN'ing.

Also my experience is that switches are difficult to manage (not to mention
access lists in general) - too easy to make a mistake.
Also I do believe that some switches do have the ability to tie MACs to IP
hard. but this is probably a management nightmare.

That's my 2 cents.

----- Original Message -----
From: "kince@hvbs" <kursat.ince () hvbs havelsan com tr>
To: "Firewall Wizards" <firewall-wizards () nfr com>
Cc: "Özgür Ergül" <ozgur () tis havelsan com tr>
Sent: Wednesday, February 14, 2001 3:22 AM
Subject: [fw-wiz] Layer 4 switch vs. firewall

Hi there,

I have a question which I couldn't find an answer.

Our LAN w/ 500+ computers (mostly PCs. Sun servers and NT servers also
exist). We want some kind of separation (and security) b/w the departments
of the company.

Shall we use a layer 3/4 switch or a firewall we couldn't decide.

Can anybody compare layer 3/4 switches w/ firewalls w/ stateful inspection
using the following criteria:

* Management
* Thruput
* Access control
* Logging
* Availability
* Address translation
* Any other useful criteria

Thank you in advance

Kursat INCE
kince () tis havelsan com tr


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Layer 4 switch vs. firewall kince@hvbs (Feb 14)
- Re: Layer 4 switch vs. firewall Drew Simonis (Feb 15)
- Re: Layer 4 switch vs. firewall Tony Miedaner (Feb 15)
  - Re: Layer 4 switch vs. firewall istong (Feb 16)
  - Re: Layer 4 switch vs. firewall hesselsp (Feb 20)
    - Re: Layer 4 switch vs. firewall Drew Simonis (Feb 20)
    - Re: Layer 4 switch vs. firewall Crist Clark (Feb 20)
- <Possible follow-ups>
- RE: Layer 4 switch vs. firewall agetchel (Feb 20)
  - RE: Layer 4 switch vs. firewall hesselsp (Feb 20)
- RE: Layer 4 switch vs. firewall agetchel (Feb 20)