security implications of dmz and vlan
Darrin Chandler
dwchandler at stilyagin.com
Wed Jan 31 17:34:12 MST 2007
On Wed, Jan 31, 2007 at 05:38:44PM -0600, JT Moree wrote:
> Does anyone know enough about VLANs on a Cisco Catalyst 4506 switch to explain
> the security implications of this setup:
>
> 2 VLANs
> VLAN 1 - internal servers
> VLAN 2 - DMZ
>
> Given that the dmz is to keep the dmz servers separated from the internal
> network would this be a secure setup? Are there any holes in the VLAN
> architecture that would make this a BAD idea?
>
> One caveat. right now we have a cisco firewall which routes between two
> different switches for dmz and internal. I realize a breach in cisco security
> would be a problem in BOTH situations.
Seems that you already understand the issues. ;) The VLAN stuff *should* be
fine, really.
But how are you going to route stuff between the VLANs? Still need a
router after all?
--
Darrin Chandler | Phoenix BSD Users Group
dwchandler at stilyagin.com | http://bsd.phoenix.az.us/
http://www.stilyagin.com/darrin/ |
More information about the PLUG-discuss
mailing list