HP ProCurve switches (and others) let you protect the console of the
switch, even down to restricting the IP that can manage the switch. You can
then set the security to restrict what mac addresses can send to which port
on the switch. only allow the nic to connect to each vendors port. No
sniffing unless they break security of the switch or your box they connect
with.
At 05:26 PM 10/21/99 -0400, Ivan Fox wrote:
>It is a semi-Firewall related question.
>
>A firewall for the Extranet allows, say 10 vendors, contractors, to connect
>to it. There are two options that we can think of:
>
>Option 1:
>Have 10 NICs in the firewall. This option is clumsy, but it is secure in
>the sense that competitive suppliers cannot sniff each other's data.
>
>Option 2:
>A smarter approach, one says. Have an intelligent switch connecting to a
>NIC in the firewall. Each port of the switch is isolated, a VLAN approach.
>Competitive suppliers cannot "peer" into each other's data.
>
>Being a non-router/switch guy. How can I configure and secure the switch?
>I have also heard a router guru mentioned that, in order to provide
>security, we should not use intelligent switch as someone connect to the
>console of a switch, he/she can sniff the packets.
>
>Any pointers are appreciated.
>
>Thanks,
>
>C.K.
>
>
--
John Painter,
ConfluX.net / Grand Designs, Ltd.
Information Technology for a new millenium.
(425) 710 - 9006
http://www.conflux.net/ & http://www.gdltd.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
