Re: Security in DMZ itself
From: x y (jamescagney90210@excite.com)Date: 04/29/02
- Next message: Eirik Seim: "Re: IMO"
- Previous message: Eric Frost - MP2KMag.com: "WatchGuard <-> Aries One / CheckPoint Small Office"
- In reply to: Greg Hennessy: "Re: Security in DMZ itself"
- Next in thread: Greg Hennessy: "Re: Security in DMZ itself"
- Reply: Greg Hennessy: "Re: Security in DMZ itself"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "x y" <jamescagney90210@excite.com> Date: Mon, 29 Apr 2002 14:44:26 GMT
Yes, I would think most modern medium-quality switches should give you the
ability to set up VLANs, though personally I would feel more secure with
different network cards in the FW-1 box to create different physical LANs.
Otherwise, if you're using the switch to create VLANs, I think you're
relying on the switch for the security instead of the firewall. If someone
hacked into one of the boxes and used, say, SNMP or telnet to reconfigure
your switch, you'd be owned. It sounds unlikely, but possible. I guess you
just have to do what you can with what you can afford to get the most
security you can.
"Greg Hennessy" <nntp@NOSPAM.cmkrnl.cix.co.uk> wrote in message
news:vd8qcugtronlbuj6dvhvg6mlaskujfh8gj@4ax.com...
> On Mon, 29 Apr 2002 11:08:05 +0200, "Sjoerd" <skrol@inter.nl.net> wrote:
>
>
> >Any ideas to accomplish this?
>
> Yes, you can keep them all on the same network and configure up per port
> private VLANS for each server.
ev'rything's all right.
- Next message: Eirik Seim: "Re: IMO"
- Previous message: Eric Frost - MP2KMag.com: "WatchGuard <-> Aries One / CheckPoint Small Office"
- In reply to: Greg Hennessy: "Re: Security in DMZ itself"
- Next in thread: Greg Hennessy: "Re: Security in DMZ itself"
- Reply: Greg Hennessy: "Re: Security in DMZ itself"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
