And my point is that for the cost of 2 small 10/100 switches, you
can eliminate even the possibility of this problem occuring. To me,
the _only_ reason to use a single switch is cost.
To talk reality, 6509's are not cheap, depending on the cards
installed they can run upwards of $100K a piece. You can get 8-12
port 10/100 switches for $1-2k a piece. So, for 1-2% incremental
cost, you increase security. Even if you never have any issues,
isn't that small cost worth it? The cost of a the few extra switches
would only be a factor in very low-end environments.
In such environments, extra switches are probably not warranted,
but that doesn't mean the risk is not there.
As far as ideals and reality, as I said before, all vulnerabilities are
theoretical until someone exploits them. If you look at the history
of information security over the past 5 years, there are
compromises that people thought would never occur, until they
happened.
One thing is certain, you will never be wrong if you predict that we
will see new, creative never-before-seen exploits in the years to
come.
-Kent
On 9 May 2001, at 18:10, Jacques Atlas wrote:
> On Wed, 9 May 2001 [EMAIL PROTECTED] wrote:
>
> |Do you disagree based on the idea that you can blame someone
> |when a problem occurs? While it may be nice to know you can
> |point a finger at someone when there are problems, I believe its
> |better to eliminate the source of the problem to begin with.
>
> what i was trying to say is that there is not much that can be done
> about human error, as you have mentioned it happens and will always
> happen (well there is alot but i think it would be best to disscuss
> that offline). so i just wanted to get rid of that thought and focus
> on the switches, in this case cisco switches.
>
> you also need to seperate ideals from reality (a problem i have),
> there is no way someone building a network in africa is going to waste
> a switch for every service, when venders get the rfi on this it is up
> to them to meet the requirements and if they lie about security ... we
> then can point :-)
>
> thanks )
>
> --
> jacques
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3854&t=3666
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]