LOL... can you say obsessive compulsive
Maybe he was into security but not a DRA plan.... one without the other
doesn't do much good.
""Howard C. Berkowitz"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 03:01 PM 3/22/2001 -0800, you wrote:
> >The user is a very high political figure who is real cautious about
security
> >and paranoid. I like the idea of a seperate nic in the server and two
> >subnets. The cost of switches could be a deciding factor. Thanks for the
> >input guys!
> >
> >Brad
>
> It's scary to find someone that's paranoid and demanding about security,
> yet doesn't want to pay for it. I'd like to assume that such a person, of
> course,
> have done everything they should about making their host secure, including
> encrypting the sensitive files, rather than just obsessing about the
network.
>
> Of course, I've also had a customer that insisted on being BGP multihomed
> to two providers, connected to one provider at two sites and having
> redundant SONET local loops at one of the site, yet only had one physical
> server. Yes, they had a tape backup on the server. No, they had no spare
> machine to which they could restore the tape.
>
>
> >-----Original Message-----
> >From: Howard C. Berkowitz [mailto:[EMAIL PROTECTED]]
> >Sent: Thursday, March 22, 2001 12:44 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: Vlan Question
> >
> >
> >At 02:01 PM 3/22/2001 -0600, you wrote:
> > >We'll he could be wanting to isolate consultants to their own VLAN but
have
> > >a need to update files on the server. In our case we have auditors come
in
> > >from time to time and so we don't want them in with the rest of the
world
> >so
> > >we isolate them in their own VLAN and then setup an access list. They
are
> > >only here temporary. So I could see how this is a legit question.
> >
> >but if the server isn't on the same VLAN, how do they get to it? How
does
> >it get to them?
> >
> >Routing between VLANs, and VLAN-aware NICs, are pretty much the
> >only alternatives. VLANs were introduced to isolate groups, but there's
> >nothing magical about them.
> >
> >If there is sensitive data around, you also want host-level security.
> >
> >
> >
> >
> > >""Howard C. Berkowitz"" <[EMAIL PROTECTED]> wrote in message
> > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > > > At 08:26 AM 3/22/2001 -0800, you wrote:
> > > > >Scenario:
> > > > > Got a client who has a person on the network that does not
> >want
> > >to
> > > > >be on the network but wants access to the server.
> > > >
> > > > I'm somewhat confused. First, if he is somehow hidden, how does the
> >server
> > > > send back to the client?
> > > >
> > > > Second, if he is on one VLAN/subnet and the server is on another,
> > > > sounds like a fairly basic routing application. Another would be to
> > > > have a VLAN-aware NIC on the server.
> > > >
> > > > Without further information, this sounds like a user whim rather
than
> > > > a real requirement. There's a flavor of the user wanting security
> > > > by obscurity.
> > > >
> > > > >My thought was to install
> > > > >a switch, setup to Vlans, one for all the users (10 or so) and the
> >second
> > > > >Vlan for the 1 user by himself. This way no one can get to his
machine,
> > >then
> > > > >setup an access list to permit his Vlan to access the first Vlan
and
> >deny
> > > > >all the other users to his Vlan. Does this sound right? Anything I
am
> > > > >missing? Seeing if I understand Vlans correctly or not.
> > > > >
> > > > >Brad Shifflett
> > > > >[EMAIL PROTECTED]
> > > > >Micromenders, Inc.
> > > > >
> > >
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
