VLAN Question

From: Steven Williams (Steven.Williams_at_computershare.com.au)
Date: 08/20/03

  • Next message: chort: "Re: nessus on linux 9.0"
    To: Security-basics@securityfocus.com
    Date: Wed, 20 Aug 2003 17:09:24 +1000

    Hi all,

    I'm after some opinions of yours and your companies policy regarding the use
    of VLAN's as a method of isolating the internet to internal VLAN's on the
    same physical layer 2 / 3 switch and access controlled by ACL's or

    Would you or your company allow this, relying on permanant FDB entries,
    disabled MAC learning ability, Layer 2 VLAN only, no routing or IP
    forwarding enabled or purely stick with a physical isolation of a separate
    switch etc.

    I've been told that Extreme switches implement VLAN's in hardware ASICs and
    are not vulnerable to the compromises and denial of service attacks that
    other vendors may be due to VLANs implemented in software.

    It's clearly indicated by numerous sources including SAN's and some
    penetration testing outfits that VLAN's can be compromised.

    Any feedback would be greatly appreciated....


    Steve Williams
    Communications Support Engineer
    Computershare Technology Services
    Melbourne Australia
    +61 3 9235 5651


    This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged.  If you receive this email in error, please advise us by return email immediately.  Please also disregard the contents of the email, delete it and destroy any copies immediately.
    Computershare Limited and its subsidiaries do not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email.
    This email is also subject to copyright.  No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.

  • Next message: chort: "Re: nessus on linux 9.0"

    Relevant Pages