security implications of dmz and vlan
Randy Melder
randymelder at gmail.com
Wed Jan 31 18:34:02 MST 2007
Your VLANs are supposed to be on different subnets, so the setup seems
legit. I don't know of any Layer 2 holes under this scenario. Now the issue
is ACLs in your FW/Router. Are they tight? Layer 3 is where you're going to
have all your security issues.
On 1/31/07, Darrin Chandler <dwchandler at stilyagin.com> wrote:
>
> On Wed, Jan 31, 2007 at 05:38:44PM -0600, JT Moree wrote:
> > Does anyone know enough about VLANs on a Cisco Catalyst 4506 switch to
> explain
> > the security implications of this setup:
> >
> > 2 VLANs
> > VLAN 1 - internal servers
> > VLAN 2 - DMZ
> >
> > Given that the dmz is to keep the dmz servers separated from the
> internal
> > network would this be a secure setup? Are there any holes in the VLAN
> > architecture that would make this a BAD idea?
> >
> > One caveat. right now we have a cisco firewall which routes between two
> > different switches for dmz and internal. I realize a breach in cisco
> security
> > would be a problem in BOTH situations.
>
> Seems that you already understand the issues. ;) The VLAN stuff *should*
> be
> fine, really.
>
> But how are you going to route stuff between the VLANs? Still need a
> router after all?
>
> --
> Darrin Chandler | Phoenix BSD Users Group
> dwchandler at stilyagin.com | http://bsd.phoenix.az.us/
> http://www.stilyagin.com/darrin/ |
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
http://spindomains.us/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20070131/0e63ef2b/attachment.htm
More information about the PLUG-discuss
mailing list