RE: how secure is a vlan

["Timothy Donahue" <tdonahue () Haynes-Group com>]

>   We only just recently fixed a configuration of some parts
> of our network which was allowing packets that should have
> been internal to one VLAN to leak into another.  Without
> knowing the makes/models and precise configurations of your
> equipment, any such statement as
>
> > There used to be a way to break out of a VLAN, but it has
> > been fixed.
>
> CANNOT be relied upon.

I was basing my statement on old information, the design flaws I hinted
at had been fixed years ago.  Appearantly other flaws have been found
since then, which I did not know about, or I have been given unreliable
information from a friend that used to do a lot of Cisco work.  

As I said, but obviously not clearly enough, anything with strict
security concerns, ie, a network segment that is directly attached to
the internet, or a segment that needs absolute control because of
security concerns, you should use physically separate
switches/equipment.

Again, I appologize for any confusion caused by the way I worded my
response.

Tim Donahue

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------