Re: Different terms for the same or more secure?

David Gillett wrote:

-----Original Message-----
From: Hylton Conacher(ZR1HPC) [mailto:hylton@xxxxxxxxxxxxxx] Sent: Thursday, August 24, 2006 8:49 AM
To: Security basics
Subject: Re: Different terms for the same or more secure?

OK so a physical subnetted network is 'safer'/'more secure' than a VLAN network.

I'm still not getting the difference between a virtual and a physical LAN. Can anyone give me an example of say a company with two branches in different locations with each branch have its own sales and accounts department. I would subnet my IP such:
Office A 192.168.0.x
Office B 192.168.1.x
The departments of each office would have IP's from their respective subnet.
Sales A 192.168.0.1
Sales B 192.168.1.1
Accounts A 192.168.0.2
Accounts B 192.168.1.2

Make sense?
tnx for the help


Different locations? Then you want two physical LANs, each with
their own address block, and you might use a third (tiny) block
to manage the WAN link between locations.

Where you would use VLANs is to separate different departments
(or organizational units or security contexts) *in the same
physical vicinity*. Instead of mounting two adjacent devices
(physical), you install a single device and ("logically") partition it (virtual).
so, in the example above although I might have 2 physical LANs I could also have 2 VLANS, one for sales and one for accounts?

Regards
Hylton


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: Possible to restict client logon byIP/Subnet?
    ... You can control that ny using proxy or FW that restricts the access to the Net based on Subnet. ... school where the middle school and high school have individual usernames, ... the elementary schools have generic logon accounts. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Client configuration for multiple DHCP scope
    ... The Hosts would be "subnet agnostic" meaning the Hosts would not care what ... Since VLANs have been invented the reason for a Multi-Net to exist has ... physical wire but the VLAN technology separates the physical "wire" into ... technology and the Superscope feature of DHCP could potentially be dropped ...
    (microsoft.public.windows.server.networking)
  • Re: Cant ping by name outside of subnet
    ... It really doesn't matter whether this is a Switch with separate ... VLANs or Routerwith separate physically subnet (except ... If both/ALL DNS servers work with NSLookup, ...
    (microsoft.public.win2000.dns)
  • Re: Event ID 5807 - No Client Site.... dont understand why..
    ... Those clients, therefore, have undefined ... mapping of its subnet to one of the existing sites. ... So i check the log mentioned and it shows that the computers in question ... currently have it split up into 3 VLANs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Adding a second domain.
    ... You'll need a router to pass traffic between the VLANs if your ... server and a DC on each VLAN (and yes, they'll have to be different subnets ... If the Internet router is in the subnet for domain 1, ...
    (microsoft.public.win2000.networking)