[DISCUSS] security implications of dmz and vlan
JT Moree
moreejt at pcxperience.com
Thu Feb 1 19:05:34 MST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
JT Moree wrote:
> Does anyone know enough about VLANs on a Cisco Catalyst 4506 switch to explain
> the security implications of this setup:
More info to throw around and some answers to half posed questions . . .
No money is allocated to do anything new (except maybe gigabit NICS in a
few servers). We want to maximize use of the equipment that we have.
We have multiple 100M switches but one is failing. Since we can't keep
using it and none of the other switches are gigabit (to my knowledge) we
want to use the CISCO gigabit switch for as many servers as possible.
Right now the backup servers are using it to sync with each other.
The thing is huge. It's got 3 banks of 32 ports. We've got 17+ dmz
servers and a handful of internal servers.
The DNS and web servers are in the DMZ so yes the internal network needs
to get to them.
The backup servers also need to get to them.
There is a cisco firewall somewhere connecting the networks and the 'net.
it seems the popular consensus is
don't use VLANS that talk to each other if it can be avoided.
- --
JT Morée
PC Xperience, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFwpxu1JwGi/ukQqERAnZRAKDnqUA/WhHhktCeqySDy0F+2xtNSQCeK/P/
FSI9mfl551lm3+l0ABdaULI=
=mmnA
-----END PGP SIGNATURE-----
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
More information about the PLUG-discuss
mailing list