RE: security opinions please [7:3666]

Wed, 09 May 2001 11:20:23 -0700 

Agreed.  The question doesn't relate directly to a 6509 but more towards the
security of VLAN's and the separation of broadcast domains via software.
>From there depending on your perspective the focus changes to the specific
flaws and exploits relating to the subject of VLANs (optimistic view) or to
the higher level view which includes the history of security exploits in
general and the risks associated in relying on software versus hardware
(pessimistic view).  Although I like to think I'm somewhat security savvy
I've always been a geek at heart trying to play with the latest and greatest
in speed and features with a casual glance in the security direction.
Although I still stand by my opinion of using a 6509 with both internal and
external VLANs, I think most people focused strictly on security would agree
with Kent...

Cheers,

-Mike

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, May 09, 2001 12:50 PM
To: [EMAIL PROTECTED]
Subject: RE: security opinions please [7:3666]


Perhaps I wasn't clear, so let me re-phrase:

"Suppose the code running on the Catalyst 6509 switch has a bug
that causes VLAN failures of various sorts."

In the configuration that started this thread, this could lead to
external networks having direct access to internal networks.  This
is completely different from any layer 3 problems, but the core
issue is that if you setup your security perimeter to rely on lots of
things being configured correctly and lots of software not having
bugs, your asking for trouble.

The question was about a 6509, but the problem is more generic.
Simply asking "is there a specific problem with the 6509 and
VLANs" misses the point entirely.


Regards,
Kent

On 9 May 2001, at 18:27, Jacques Atlas wrote:

> On Wed, 9 May 2001, [EMAIL PROTECTED] wrote:
>
> |For example, what if a bug occured under certain network
> |conditions that caused a switch to lose its VLAN configuration,
> |even though the config showed they were there?
>
> that is like saying .... what happens if the router drop a route or
> even a packet.
>
> i thought we were ment to be talking about 65xx's and vlans on them ?
>
> --
> jacques
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3868&t=3666
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to