Hi David,
On Thu, Nov 08, 2001 at 10:47:25AM -0500, David J. Cavuto wrote:
> Despite leaving off my diagrams from the online version, and including some
> odd acronym explanations (e.g. MPLS), I think it came out OK.
Yes, it reads quite well, also the diagrams would be helpful.
I have a question concerned with VLAN (Trunk Ports). Do you made some basic
research on available VLAN Switches. Are those implementations secure to
single out virtual LANs, or are those vulnerable to attacks?
Instead of using a VLAN and a Trunk-able Firewall (one can do that with a
Linux Packet filter which is then connected to a "normal" Firewall) another
option is to use a switch in a secure mode where ports are locked to
communicate with a single point (i.e. Cisco ones). I consider the later is
older and proofed technology and it does not need special support in the
Firewall. (On the other hand, I am not sure how good IP-Spoofing Protection
on those switches work).
> I'd love to hear any comments or suggestions regarding the "virtual data
> center" architecture I proposed..
This is not only good for DCs which are hosting custoemr access. It is also
good for Networks with multiple applications, to isolate one DMZ Host from
the other.
Greetings
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
