Sam Quigley wrote:
>
> Because they can, sometimes, be made to fail open. Then, everything
> is on one big LAN, and standard switch sniffing methods can reveal
> all the network traffic.

This was a hot topic at one site I went to. Especially when looking at
the top end Netscreen Firewalls (and similar) where multiple virtual
firewalls sit on the same gigabit ethernet segments using VLAN's to
divide the traffic out at lower end switches nearer the hosted servers.

Some of the switch vendors are claiming that their VLAN implementations
are pretty tight. Certainly the managability benefits that this kind of
firewalling solution brings to hosting sites means we will see more
VLAN's used in fairly sensitive areas.

I'd be interested in knowing if anyone has breeched any VLANs, and if so
who's.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]