Re: vlan
From: Brooks Davis (brooks@one-eyed-alien.net)
Date: 02/27/01
- Next message: George.Giles@mcmail.vanderbilt.edu: "ftp access"
- Previous message: Spades: "Re: firewall"
- In reply to: Olivier Nicole: "Re: vlan"
- Next in thread: Rocco Lucia: "Re: vlan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Feb 2001 10:14:16 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Olivier Nicole <on@cs.ait.ac.th>
On Tue, Feb 27, 2001 at 03:58:15PM +0700, Olivier Nicole wrote:
> Well, as I once heard a guy sayinf in a seminar about security, if you
> plan to deal with security, do NOT use vlan.
>
> Vlan only goal is to present broadcast packets to leak to every
> interface. Vlan should not be trusted beyond that.
>
> So maybe security list is not the best place to ask :)
This is not really accurate. While there are a number of implemenations
out there with this problem, modern vlan implementations are intended to
be fully secure. For instance, Cisco intends their VLANs in conjunction
with 802.1X (or a similar propriotary protocol) to allow things like
having a visitor be able to plug their laptop in to get internet access
but not end up behind the local firewall while an employee could plug
their laptop into the same port and have local access. Cisco implements
this switching functionality at the ASIC level.
-- Brooks
-- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored
- Next message: George.Giles@mcmail.vanderbilt.edu: "ftp access"
- Previous message: Spades: "Re: firewall"
- In reply to: Olivier Nicole: "Re: vlan"
- Next in thread: Rocco Lucia: "Re: vlan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
