Security Basics mailing list archives
Re: VALN hopping
From: Micheal Espinola Jr <michealespinola () gmail com>
Date: Fri, 30 Sep 2005 13:48:07 -0400
Agreed. I would not trust logical seperation for a DMZ. On 9/28/05, Hayes, Ian <Ian.Hayes () wynnlasvegas com> wrote:
Safeguard against traversing VLANs is getting better, but I still don't like the idea of having mixed security VLANs on the same switch. There are still a number of exploits that have a chance of working, such as CAM table flooding. IMHO, good design physically separates the security zones- you really can't rely that logical constraints are going to always work, but then I'm a belt-and-suspenders kind of guy when it comes to network design. I'm expecting something to fail. Ian Hayes | Senior Systems Engineer Wynn Las Vegas 3131 South Las Vegas Blvd, Las Vegas, NV 89109 Ph (702) 770-3252 | Cell (702) 266-6002 Ian.hayes () wynnlasvegas com-----Original Message----- From: josh () tstc edu [mailto:josh () tstc edu] Sent: Wednesday, September 28, 2005 9:59 AM To: security-basics () securityfocus com Subject: VALN hopping WWe are having a heated discussion about using VLAN's as a type ofDMZ, soI am asking the experts. I prsonally like to see physical isolation; however, our network person doesn't feel there is a threat of VLAN hopping. Please let me know your opinions. Thank you,
-- ME2 <http://www.santeriasys.net/>
Current thread:
- VALN hopping josh (Sep 28)
- RE: VALN hopping David Gillett (Sep 30)
- Re: VALN hopping Kenton Smith (Sep 30)
- <Possible follow-ups>
- RE: VALN hopping Hayes, Ian (Sep 30)
- Re: VALN hopping David Barroso (Sep 30)
- Re: VALN hopping Micheal Espinola Jr (Sep 30)
- RE: VALN hopping Payton, Zack (Sep 30)
- RE: VALN hopping Payton, Zack (Sep 30)
- RE: VALN hopping Scott Fuhriman (Sep 30)
- Re: VALN hopping nidude (Sep 30)