Re: [DISCUSS] security implications of dmz and vlan

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Darrin Chandler at <-
MM 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Shawn Badger
Date:  
To: Main PLUG discussion list
Subject: Re: [DISCUSS] security implications of dmz and vlan
Check this doc out for the "best pactices" of securing VLAN's

www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf

That may help prevent vlan hopping form the DMZ

On 2/1/07, JT Moree <> wrote:
> > JT Moree wrote:
> > Does anyone know enough about VLANs on a Cisco Catalyst 4506 switch to explain
> > the security implications of this setup:
>
> More info to throw around and some answers to half posed questions . . .
>
> No money is allocated to do anything new (except maybe gigabit NICS in a
> few servers). We want to maximize use of the equipment that we have.
>
> We have multiple 100M switches but one is failing. Since we can't keep
> using it and none of the other switches are gigabit (to my knowledge) we
> want to use the CISCO gigabit switch for as many servers as possible.
> Right now the backup servers are using it to sync with each other.
>
> The thing is huge. It's got 3 banks of 32 ports. We've got 17+ dmz
> servers and a handful of internal servers.
>
> The DNS and web servers are in the DMZ so yes the internal network needs
> to get to them.
>
> The backup servers also need to get to them.
>
> There is a cisco firewall somewhere connecting the networks and the 'net.
>
> it seems the popular consensus is
> don't use VLANS that talk to each other if it can be avoided.
>
> - --
> JT Morée
> PC Xperience, Inc.
> >
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: [DISCUSS] security implications of dmz and vlanPostfix and Procmail->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)