Firewall Wizards mailing list archives
Re: Connecting networks securely with a switch
From: tweir () paradise net nz
Date: Tue, 12 Dec 2000 01:14:19 GMT
I neglected to mention that it is a Layer 3 swtich (Cisco 6006), configured with all the secure options based on cisco and other guidance. Any thoughts now? From: "Brian Denehy" <B.Denehy () securegate net> Subject: Re: [fw-wiz] Connecting networks securely with a switch
Repeat after me - a switch has no security enforcing
function. Throw away
the firewall, it's not doing anything for you if you
bypass it. There are
known attacks against switches which can't be fixed until
the protocols
(particularly 802.1q) are fixed.
Original Message:
To: firewall-wizards () nfr com From: tweir () paradise net nz Subject: Connecting networks securely with a switch Date: Mon, 11 Dec 2000 02:35:01 GMT ----- Wizards, I work for a large solutions company which wants to
connect
a network that we have specifically created to our
customers
networks via a firewall AND a switch in paralell. The reason for the parallel connections is that we intend to
use
the firewall for X, ftp, telnet and some other systems management protocols (Tivoli) and use the switch for
backup
data requiring high (multi gig) throughput. The switch
will
be configured to allow only 2 ports for Tivoli Storage Manager backup traffic. So basic architecture is: |----------------------------------- | | | | Customer A |--Switch-----Backup Server-- | | |--Firewall------------------ |(Mgmnt | | |Network) | | | | Customer B |-----| | |----------------------------------------- We have hardened the switch per all available guidance. The reason we are using the switch rather than a high powered firewall the throughput and the cost. My questions are: Has anyone implemented a similar architecture as this? .. . if so do they consider it secure and have they taken
any
other risk mitigation steps? Is there a better way to do this? Thanks wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Connecting networks securely with a switch tweir (Dec 12)
- <Possible follow-ups>
- Re: Connecting networks securely with a switch tweir (Dec 14)
- RE: Connecting networks securely with a switch Ben Nagy (Dec 15)