Re: security opinions please [7:3666]

Wed, 09 May 2001 10:21:44 -0700 

And my point is that for the cost of 2 small 10/100 switches, you 
can eliminate even the possibility of this problem occuring.  To me, 
the _only_ reason to use a single switch is cost.  

To talk reality, 6509's are not cheap, depending on the cards 
installed they can run upwards of $100K a piece.  You can get 8-12 
port 10/100 switches for $1-2k a piece.  So, for 1-2% incremental 
cost, you increase security.  Even if you never have any issues, 
isn't that small cost worth it?  The cost of a the few extra switches 
would only be a factor in very low-end environments.  

In such environments, extra switches are probably not warranted, 
but that doesn't mean the risk is not there.

As far as ideals and reality, as I said before, all vulnerabilities are 
theoretical until someone exploits them.  If you look at the history 
of information security over the past 5 years, there are 
compromises that people thought would never occur, until they 
happened. 

One thing is certain, you will never be wrong if you predict that we 
will see new, creative never-before-seen exploits in the years to 
come.

-Kent



On 9 May 2001, at 18:10, Jacques Atlas wrote:

> On Wed, 9 May 2001 [EMAIL PROTECTED] wrote:
> 
> |Do you disagree based on the idea that you can blame someone
> |when a problem occurs?  While it may be nice to know you can
> |point a finger at someone when there are problems, I believe its
> |better to eliminate the source of the problem to begin with.
> 
> what i was trying to say is that there is not much that can be done
> about human error, as you have mentioned it happens and will always
> happen (well there is alot but i think it would be best to disscuss
> that offline). so i just wanted to get rid of that thought and focus
> on the switches, in this case cisco switches.
> 
> you also need to seperate ideals from reality (a problem i have),
> there is no way someone building a network in africa is going to waste
> a switch for every service, when venders get the rfi on this it is up
> to them to meet the requirements and if they lie about security ... we
> then can point :-)
> 
> thanks )
> 
> -- 
> jacques




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3854&t=3666
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to