Bennett Samowich wrote:
>
> Would adding a switch to a DMZ increase its security? Would it create the
> case that even if the a web server were compromised, mail traffic could not
> be captured? (assuming they are on separate machines)
Absolutely, provided the switch is unmanaged and does not have an IP
address to attack.
Also, use a dedicated box. Don't VLAN a larger switch which also
services your internal network. A number of vulnerabilities have been
found that can allow an attacker to jump VLANS.
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
