Firewall Wizards mailing list archives
Re: need opinion of security experts on network design
From: "Higham, Josh" <jhigham () epri com>
Date: Tue, 17 Jun 2008 08:41:35 -0700
Behalf Of shadow floating Hi All, I've been asked to give an opinion on a network design in which the designer did the following to a network on multiple buildings of multiple floors: 1-each floor is a separate VLAN 2-all switches in the floors are layer 3 switches (no layer 2 switches at all) 3-no VLAN spans multiple swtiches, 4-each of the floors' switches are connected via point-to-point interconnecting VLAN to a core switch 5-No spanning tree at all in the network as each switch is a different unique VLAN 6-All VLANs routing are done via OSPF protocol so i have about 50 VLANs with about 50 interconecting VLANs can any one gives me his opinion from security point of view on that design?
You need to start by defining your requirements. If you just want to keep users from sniffing passwords, that's overkill (any switch will do that). If you want to prevent any intercommunication between users on different floors, then you need to define a firewall somewhere. Define your requirements, then build to it. I'll say that what you have defined is very flexible so it can probably work as a base for any security requirements, and your biggest concern will probably be avoiding management complexity. Thanks, Josh _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- need opinion of security experts on network design shadow floating (Jun 17)
- Re: need opinion of security experts on network design Higham, Josh (Jun 17)
- Re: need opinion of security experts on network design Andrew Girling (Jun 19)
- Re: need opinion of security experts on network design Patrick M. Hausen (Jun 30)