On 21 Oct 99, at 17:26, Ivan Fox (C.K.) wrote:
> It is a semi-Firewall related question.
>
> A firewall for the Extranet allows, say 10 vendors, contractors, to connect
> to it. There are two options that we can think of:
>
> Option 1:
> Have 10 NICs in the firewall. This option is clumsy, but it is secure in
> the sense that competitive suppliers cannot sniff each other's data.
>
> Option 2:
> A smarter approach, one says. Have an intelligent switch connecting to a
> NIC in the firewall. Each port of the switch is isolated, a VLAN approach.
> Competitive suppliers cannot "peer" into each other's data.
>
> Being a non-router/switch guy. How can I configure and secure the switch?
> I have also heard a router guru mentioned that, in order to provide
> security, we should not use intelligent switch as someone connect to the
> console of a switch, he/she can sniff the packets.
>
> Any pointers are appreciated.
Rather than a switch, my inclination would be to put in a router
(or more) with (minimalist) ACLs set for each port. If
bandwidth/performance is critical, you might go to something like an
RSM (router switch module).
Unless you have a weird physical layout, I would say the likelihood
of someone having access to the console of a switch, a router, or the
firewall itself should all be about equal -- if your physical
security is worth anything and you've turned off any telnet access,
pretty negligible.
David G
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
