VLAN Question
From: Steven Williams (Steven.Williams_at_computershare.com.au)
Date: 08/20/03
- Previous message: Joe McCray: "Re: validating vulnerability on the network"
- Next in thread: David Gillett: "RE: VLAN Question"
- Reply: David Gillett: "RE: VLAN Question"
- Reply: Bennett Todd: "Re: VLAN Question"
- Maybe reply: Meidinger Chris: "RE: VLAN Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Security-basics@securityfocus.com Date: Wed, 20 Aug 2003 17:09:24 +1000
Hi all,
I'm after some opinions of yours and your companies policy regarding the use
of VLAN's as a method of isolating the internet to internal VLAN's on the
same physical layer 2 / 3 switch and access controlled by ACL's or
firewalls.
Would you or your company allow this, relying on permanant FDB entries,
disabled MAC learning ability, Layer 2 VLAN only, no routing or IP
forwarding enabled or purely stick with a physical isolation of a separate
switch etc.
I've been told that Extreme switches implement VLAN's in hardware ASICs and
are not vulnerable to the compromises and denial of service attacks that
other vendors may be due to VLANs implemented in software.
It's clearly indicated by numerous sources including SAN's and some
penetration testing outfits that VLAN's can be compromised.
Any feedback would be greatly appreciated....
Steve
Steve Williams
Communications Support Engineer
Computershare Technology Services
Melbourne Australia
steven.williams@computershare.com.au
+61 3 9235 5651
www.computershare.com
--- This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged. If you receive this email in error, please advise us by return email immediately. Please also disregard the contents of the email, delete it and destroy any copies immediately. Computershare Limited and its subsidiaries do not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email. This email is also subject to copyright. No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Joe McCray: "Re: validating vulnerability on the network"
- Next in thread: David Gillett: "RE: VLAN Question"
- Reply: David Gillett: "RE: VLAN Question"
- Reply: Bennett Todd: "Re: VLAN Question"
- Maybe reply: Meidinger Chris: "RE: VLAN Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
