Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: need opinion of security experts on network design

From: "Higham, Josh" <jhigham () epri com>
Date: Tue, 17 Jun 2008 08:41:35 -0700
Behalf Of shadow floating

Hi All,
I've been asked to give an opinion on a network design in which the
designer did the following to a network on multiple buildings of
multiple floors:
1-each floor is a separate VLAN
2-all switches in the floors are layer 3 switches (no layer 2 
switches at all)
3-no VLAN spans multiple swtiches,
4-each of the floors' switches are connected via point-to-point
interconnecting VLAN to a core switch
5-No spanning tree at all in the network as each switch is a different
unique VLAN
6-All VLANs routing are done via OSPF protocol
so i have about 50 VLANs with about 50 interconecting VLANs

can any one gives me his opinion from security point of view 
on that design?


You need to start by defining your requirements.  If you just want to
keep users from sniffing passwords, that's overkill (any switch will do
that).  If you want to prevent any intercommunication between users on
different floors, then you need to define a firewall somewhere.

Define your requirements, then build to it.  I'll say that what you have
defined is very flexible so it can probably work as a base for any
security requirements, and your biggest concern will probably be
avoiding management complexity.

Thanks,
Josh
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: