RE: Switch Network Design Question

From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Thu Nov 03 2005 - 15:12:40 GMT-3

• Next message: James Ventre: "Re: Switch Network Design Question"
• Previous message: serge Hacobian: "FW: Lab exam date DO NOT BLOCK"
• Maybe in reply to: bud selig: "Switch Network Design Question"
• Next in thread: James Ventre: "Re: Switch Network Design Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

But that's the real issue here isn't it? Sure you can control how it gets
setup now but how will the config and connectivity evolve over time? Will
those changes at some point compromise the security? What if a new
undiscovered bug becomes known at a later time? Cisco tests IOS pretty
thoroughly before releasing it but yet they are constantly releasing
security notifications and pushing out patched IOS versions. Cisco can only
assure the security of their products now, not next year. Do you want to
take a chance on missing one of those bug notices?

For the Enterprise I believe in bullet-proof design and sharing a switch for
private and public networks is not bullet-proof. True the risk factor may
be low but I want to know that I've eliminated every possible security
breach I can for now and hopefully the future too. Nobody was ever
compromised by using separate devices around the firewall. Make it as
secure as you can now and you will greatly reduce the potential for problems
later.

My .02

Rik

-----Original Message-----
From: Richard Dumoulin [mailto:Richard.Dumoulin@vanco.fr]
Sent: Wednesday, November 02, 2005 4:49 PM
To: 'CCIEin2006'; bud selig
Cc: Cisco certification
Subject: RE : Switch Network Design Question

Normally, VLANs are secure enough if no bugs in the IOS and no error in the
config!

-- Richard

-----Message d'origine-----
De : nobody@groupstudy.com [mailto:nobody@groupstudy.com] De la part de
CCIEin2006
Envoyi : mercredi 2 novembre 2005 22:36
@ : bud selig
Cc : Cisco certification
Objet : Re: Switch Network Design Question

Check out this link on VLAN hopping:

http://searchsecurity.techtarget.com/sDefinition/0,290660,sid14_gci1122494,0
0
.html

 On 11/2/05, bud selig <bud4bud@gmail.com> wrote:
>
> Thanks for all the responses on this. They were very helpful.
>
>
> On 11/2/05, bud selig <bud4bud@gmail.com> wrote:
> >
> > Hello,
> >
> > I was wondering what everyone's thoughts were on having a single
> > switch house the outside, inside, DMZ VLANs. I prefer to keep the
> > inside VLAN
> on a
> > different physical switch for a more secure environment.
> >
> > Thanks
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: James Ventre: "Re: Switch Network Design Question"
• Previous message: serge Hacobian: "FW: Lab exam date DO NOT BLOCK"
• Maybe in reply to: bud selig: "Switch Network Design Question"
• Next in thread: James Ventre: "Re: Switch Network Design Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3