Penetration Testing mailing list archives
Re: HP BL30's and VLAN's
From: jkowall <jkowall () shocking net>
Date: Thu, 03 Mar 2005 14:41:47 -0500
VLANs are just as secure as different switches. Just ensure that you don't have any management features of the switch from the "external" or lower security VLAN. Better yet, make a management port which has its own run to a management network. Its normal for switches to be segmented this way, especially when you get to core switches just as cisco 65xx+ models.
We use many BL20/40p blades with and without the integrated switching, and we have employed VLANs (dmz, backup, lan), spans, and management networks without an issue on the integrated switches. Just make sure you do proper trunking design with these as they used shared uplinks for the blade chassis.
Merrick, Carl wrote:
I am not a pen tester and this is more of a theoretical question for the experts. We are in the process of installing HP BL30p blade servers which use the GBE2 integrated switch for network connectivity. One of the servers installed will be a web server which will run in the DMZ. Connectivity to the DMZ will be provided from the GBE2 to a port on the firewall via a VLAN. Other internal VLAN's will be running on the same GBE2 switch. The question is, how secure will this setup be? Is it possible to hack across VLANs on the same switch? My preferred configuration is to physically isolate web servers. Thanks. Carl
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- HP BL30's and VLAN's Merrick, Carl (Mar 03)
- Re: HP BL30's and VLAN's jkowall (Mar 03)
- Message not available
- Re: HP BL30's and VLAN's jkowall (Mar 04)
- Message not available
- Re: HP BL30's and VLAN's jkowall (Mar 03)
- Re: HP BL30's and VLAN's Ricardo Oliveira (Mar 03)
- RE: HP BL30's and VLAN's Jerry Shenk (Mar 03)
- Re: HP BL30's and VLAN's Brendan Dolan-Gavitt (Mar 03)
- Re: HP BL30's and VLAN's Ulric Eriksson (Mar 04)
- <Possible follow-ups>
- RE: HP BL30's and VLAN's MILES John M (Mar 03)