[fw-wiz] VLAN Security

• Previous message: Paul D. Robertson: "RE: [fw-wiz] Putting MS servers behind firewalls"
• Next in thread: Melson, Paul: "RE: [fw-wiz] VLAN Security"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] VLAN Security"
• Reply: Carson Gaspar: "Re: [fw-wiz] VLAN Security"
• Reply: Mason: "Re: [fw-wiz] VLAN Security"
• Reply: Vinicius Moreira Mello: "RE: [fw-wiz] VLAN Security"
• Maybe reply: DCSIM Subscriptions (IA): "RE: [fw-wiz] VLAN Security"
• Maybe reply: DCSIM Subscriptions (IA): "RE: [fw-wiz] VLAN Security"
• Maybe reply: Irwin Lazar: "RE: [fw-wiz] VLAN Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Tue, 8 Jun 2004 10:18:02 -0700 (PDT)

FW List:

Anyone care to voice their consensus on contemporary
VLAN implementations as a security measure? I'm
looking at a WAN design using a newly rolled out
MetroEthernet product, and provider network is built
on catalyst switches and VLAN's. Every customer rides
a separate VLAN. The provider's intention is to also
provide ISP services across this cloud.

Additionally, I have some internal needs that it is
tempting to fit into VLAN's - i.e. I need to load
balance some public traffic across sites, and I'm
tempted to do it by throwing the traffic in an
encrypted tunnel, and dropping it into a separate VLAN
across that same MetroEthernet cloud.

All of these solutions ride the same wire. I used to
have some good educational material on the
vulnerabilities in VLAN's, but I no longer have it,
and I'm having little success in finding new material.

Anybody care to voice an argument on on VLAN integrity
in the provider network?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Paul D. Robertson: "RE: [fw-wiz] Putting MS servers behind firewalls"
• Next in thread: Melson, Paul: "RE: [fw-wiz] VLAN Security"
• Maybe reply: Melson, Paul: "RE: [fw-wiz] VLAN Security"
• Reply: Carson Gaspar: "Re: [fw-wiz] VLAN Security"
• Reply: Mason: "Re: [fw-wiz] VLAN Security"
• Reply: Vinicius Moreira Mello: "RE: [fw-wiz] VLAN Security"
• Maybe reply: DCSIM Subscriptions (IA): "RE: [fw-wiz] VLAN Security"
• Maybe reply: DCSIM Subscriptions (IA): "RE: [fw-wiz] VLAN Security"
• Maybe reply: Irwin Lazar: "RE: [fw-wiz] VLAN Security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: PIX firewalling web servers ... How would using a VLAN help me to firewall the ... >things behind the firewall are servers. ... switch will take care of the routing between the VLANs for you. ... (comp.security.firewalls) Re: [PATCH 3/3] deinline a few large functions in vlan code - v3 ... It takes care of those BIG inlines. ... If we're not going to do the ifdef mess, ... by putting a "VLAN" function into generic networking core ... (Linux-Kernel) Re: Cisco 877w: Fa0-3 Interfaces up but no traffic passes ... I propose to work with voice only and data only ... desc Voice VLAN announced via CDP ... switchport trunk native vlan 101 ... (comp.dcom.sys.cisco)