[DISCUSS] security implications of dmz and vlan
Shawn Badger
badger.shawn at gmail.com
Fri Feb 2 08:30:09 MST 2007
Check this doc out for the "best pactices" of securing VLAN's
www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf
That may help prevent vlan hopping form the DMZ
On 2/1/07, JT Moree <moreejt at pcxperience.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> JT Moree wrote:
> > Does anyone know enough about VLANs on a Cisco Catalyst 4506 switch to explain
> > the security implications of this setup:
>
> More info to throw around and some answers to half posed questions . . .
>
> No money is allocated to do anything new (except maybe gigabit NICS in a
> few servers). We want to maximize use of the equipment that we have.
>
> We have multiple 100M switches but one is failing. Since we can't keep
> using it and none of the other switches are gigabit (to my knowledge) we
> want to use the CISCO gigabit switch for as many servers as possible.
> Right now the backup servers are using it to sync with each other.
>
> The thing is huge. It's got 3 banks of 32 ports. We've got 17+ dmz
> servers and a handful of internal servers.
>
> The DNS and web servers are in the DMZ so yes the internal network needs
> to get to them.
>
> The backup servers also need to get to them.
>
> There is a cisco firewall somewhere connecting the networks and the 'net.
>
> it seems the popular consensus is
> don't use VLANS that talk to each other if it can be avoided.
>
> - --
> JT Morée
> PC Xperience, Inc.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFwpxu1JwGi/ukQqERAnZRAKDnqUA/WhHhktCeqySDy0F+2xtNSQCeK/P/
> FSI9mfl551lm3+l0ABdaULI=
> =mmnA
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
More information about the PLUG-discuss
mailing list