Re: [fw-wiz] Firewalls and 802.1q trunking
From: David Pick (d.m.pick@qmul.ac.uk)
Date: 11/27/02
- Next message: Mikael Olsson: "Re: [fw-wiz] Active to Passive FTP translator?"
- Previous message: Carson Gaspar: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- In reply to: Steffen Kluge: "[fw-wiz] Firewalls and 802.1q trunking"
- Next in thread: ark@eltex.ru: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- Reply: ark@eltex.ru: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- Reply: R. DuFresne: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Steffen Kluge <kluge@fujitsu.com.au> From: David Pick <d.m.pick@qmul.ac.uk> Date: Wed Nov 27 08:08:01 2002
> My concern is that the "fan-out" boxes are typically run-of-the-mill
> switches, like Cisco Catalysts, that probably have been design without
> any security aspirations. I wouldn't be surprised if those switches
> could be attacked and tricked into leaking packets between VLANs.
A valid concern. My attitude is simple:
* If the switches are secure enough to keep VLANs seperated for
normal traffic then they're secure enough to use as interfaces
to your firewall
* If they're not, well, they're not!
-- David Pick
- Next message: Mikael Olsson: "Re: [fw-wiz] Active to Passive FTP translator?"
- Previous message: Carson Gaspar: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- In reply to: Steffen Kluge: "[fw-wiz] Firewalls and 802.1q trunking"
- Next in thread: ark@eltex.ru: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- Reply: ark@eltex.ru: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- Reply: R. DuFresne: "Re: [fw-wiz] Firewalls and 802.1q trunking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
