While we are on the subject..... Care to go into detail about why VLAN's
shouldn't be assumed to be secure either? I can't tell you how many
"discussions" I have had why the firewall shouldn't be in just another VLAN
off the 6509.
I am sure the list would benefit.
<snip>
I'm a huge fan of buying more small routers and dumb hubs if possible
rather than switches, because I really, really, really like layer 3
seperation- I think it provides significant protection, which is why you'll
often see me ranting about things like VLANs being bad.
Since it's next to impossible to get people not to deploy switches and
VLANs, I think it's the best we can do to at least ensure they know that
they're assuming some quantifyable risk to trivial exploits.
<snip>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
