From: James Ventre (messageboard@ventrefamily.com)
Date: Thu Nov 03 2005 - 15:19:35 GMT-3
And it's not like a 2950-12 or 2950-24 is all that expensive!
Guyler, Rik wrote:
> But that's the real issue here isn't it? Sure you can control how it gets
> setup now but how will the config and connectivity evolve over time? Will
> those changes at some point compromise the security? What if a new
> undiscovered bug becomes known at a later time? Cisco tests IOS pretty
> thoroughly before releasing it but yet they are constantly releasing
> security notifications and pushing out patched IOS versions. Cisco can only
> assure the security of their products now, not next year. Do you want to
> take a chance on missing one of those bug notices?
>
> For the Enterprise I believe in bullet-proof design and sharing a switch for
> private and public networks is not bullet-proof. True the risk factor may
> be low but I want to know that I've eliminated every possible security
> breach I can for now and hopefully the future too. Nobody was ever
> compromised by using separate devices around the firewall. Make it as
> secure as you can now and you will greatly reduce the potential for problems
> later.
>
> My .02
>
> Rik
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3