Re: VLAN as a DMZ

Ahasome great reading here: http://www.sans.org/newlook/resources/IDFAQ/vlan.htm http://rr.sans.org/switchednet/switch_security.php http://online.securityfocus.com/archive/1/26008 http://security-archive.merton.ox.ac.uk/bugtraq-199909/0223.html http://lists.synfin.net/Archives/firewall-wizard

Re: VLAN as a DMZ

If I understand your question correctly... Ultimately, avoid giving external access to an internal switch. It's a bad idea. There are a number of attacks that can be done, either from the outside or if a machine that resides on the VLAN were to be compromised. Not factoring in redunancy, I wou

Re: VLAN as a DMZ

Note: Cisco's new-fangled private VLAN stuff may change this picture, but some years ago, I bounced the question off a cisco engineer, and he strongly agreed with this statement: VLANs were divised when switch ports were exceedingly expensive, and sold in units of 16 or more. At that point i

Re: VLAN as a DMZ

- Original Message - From: Mike Shaw <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 07, 2002 06:25 Subject: VLAN as a DMZ > There are definitely textbook reasons (secondary compromize issues, etc), > but does anyone know of a specific technical reaso

RE: VLAN as a DMZ

ailto:[EMAIL PROTECTED]] Sent: Wednesday, March 06, 2002 1:26 PM To: [EMAIL PROTECTED] Subject: VLAN as a DMZ There are definitely textbook reasons (secondary compromize issues, etc), but does anyone know of a specific technical reason why using a VLAN for a DMZ segment is a bad idea (cisco

RE: VLAN as a DMZ

>There are definitely textbook reasons (secondary compromize issues, etc), >but does anyone know of a specific technical reason why using a VLAN for a >DMZ segment is a bad idea (cisco 5500 switch)? >The VLAN would have no telnet interface living on it, and no level 3 >switching/routing going

Re: VLAN as a DMZ

There are ways and tools available to do ARP spoofing and basically jam up the cam table of the switch. I'm not sure offhand how susceptible the 5500 is to this kind of attack though. You're probably aware of this though. The Cat 6000 series has Private VLANs which let you have Isolated or Commun

Re: VLAN as a DMZ

Hallo Mike Shaw, am Mittwoch, 6. März 2002 um 21:25:37 schrieben Sie: MS> There are definitely textbook reasons (secondary compromize issues, etc), MS> but does anyone know of a specific technical reason why using a VLAN for a MS> DMZ segment is a bad idea (cisco 5500 switch)? MS> The VLAN wou

VLAN as a DMZ

There are definitely textbook reasons (secondary compromize issues, etc), but does anyone know of a specific technical reason why using a VLAN for a DMZ segment is a bad idea (cisco 5500 switch)? The VLAN would have no telnet interface living on it, and no level 3 switching/routing going to/fr