vlans for security
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||||||||||||||||||||||||||
|
Posted by on September 25, 2006, 7:19 am
Please log in for more thread options client who feels that this will work. He has 3 networks, which are currently seperated by firewalls. He plans to use VLANs to bring a subnet from each of his 3 networks into various locations so his end user support people can be on all 3 networks at the same time. He believes that simply because they are on different VLANs, this is a safe plan. Her claims that Microsoft has published something on their page, which I haven't found yet, stating that using differnet VLANs is effectively the same as using firewalls between networks because each traffic stream is isolated from the others, Comments? | |||||||||||||||||||||||||||||||||||||
|
Posted by Arnold Nipper on September 25, 2006, 7:36 am
Please log in for more thread options You want to use *both*. Vlans *and* firewalls. While vlan will separate different vlans from each other, you also need control which traffic is allowed to enter/leave each network. Arnold | |||||||||||||||||||||||||||||||||||||
|
Posted by on September 25, 2006, 10:43 am
Please log in for more thread options
Arnold Nipper wrote: > On 25.09.2006 13:19 tcollicutt@hotmail.com wrote
> > > I know how a lot of people will feel about this topic, but I have a
> > client who feels that this will work. > > > > He has 3 networks, which are currently seperated by firewalls. He > > plans to use VLANs to bring a subnet from each of his 3 networks into > > various locations so his end user support people can be on all 3 > > networks at the same time. > > > > He believes that simply because they are on different VLANs, this is a > > safe plan. Her claims that Microsoft has published something on their > > page, which I haven't found yet, stating that using differnet VLANs is > > effectively the same as using firewalls between networks because each > > traffic stream is isolated from the others, > > > > Comments? > > >
> You want to use *both*. Vlans *and* firewalls. While vlan will separate > different vlans from each other, you also need control which traffic is > allowed to enter/leave each network. > > > > > Arnold The proposal given to me was basically this: 3 networks, currently seperated by firewalls. 1 trunk line to each remote location, with an end user support office, containing 1 VLAN from the network the site was natively on 2 VLANs containing patches ( made from oplugging a VLAN on one network into a VLAN on the other network) made around the firewalls directly into VLANs on the other network. Potentially 3 jacks per office, and a PC with 3 NICs and ruinning VMWare. The claim is because thes 3 networks are on seperate VLANs it is the same as running in WAN connections from each of the 3 main networks. I can do it, but I am a little wary of using VLANs like this. He claims it is a method endorsed by Microsoft. | |||||||||||||||||||||||||||||||||||||
|
Posted by Rod Dorman on September 25, 2006, 2:32 pm
Please log in for more thread options > ...
>I can do it, but I am a little wary of using VLANs like this. He >claims it is a method endorsed by Microsoft. Ah yes... the trusted name in network security :-) -- -- Rod -- rodd(at)polylogics(dot)com | |||||||||||||||||||||||||||||||||||||
|
Posted by Steve Ray on September 25, 2006, 2:41 pm
Please log in for more thread options > I can do it, but I am a little wary of using VLANs like this. He
> claims it is a method endorsed by Microsoft. Microsoft do NOT endorse third party networks MS only endorse and support Active Directory for their application based security (and their PFW of course) Steve MCSE, CCNA (if that helps) >
> Arnold Nipper wrote: >> On 25.09.2006 13:19 tcollicutt@hotmail.com wrote
>> >> > I know how a lot of people will feel about this topic, but I have a
>> > client who feels that this will work. >> > >> > He has 3 networks, which are currently seperated by firewalls. He >> > plans to use VLANs to bring a subnet from each of his 3 networks into >> > various locations so his end user support people can be on all 3 >> > networks at the same time. >> > >> > He believes that simply because they are on different VLANs, this is a >> > safe plan. Her claims that Microsoft has published something on their >> > page, which I haven't found yet, stating that using differnet VLANs is >> > effectively the same as using firewalls between networks because each >> > traffic stream is isolated from the others, >> > >> > Comments? >> > >>
>> You want to use *both*. Vlans *and* firewalls. While vlan will separate >> different vlans from each other, you also need control which traffic is >> allowed to enter/leave each network. >> >> >> >> >> Arnold >
> The proposal given to me was basically this: > > > 3 networks, currently seperated by firewalls. > > 1 trunk line to each remote location, with an end user support office, > containing > 1 VLAN from the network the site was natively on > 2 VLANs containing patches ( made from oplugging a VLAN on one > network into a VLAN on the other network) made around the firewalls > directly into VLANs on the other network. > > > Potentially 3 jacks per office, and a PC with 3 NICs and ruinning > VMWare. > > The claim is because thes 3 networks are on seperate VLANs it is the > same as running in WAN connections from each of the 3 main networks. > > I can do it, but I am a little wary of using VLANs like this. He > claims it is a method endorsed by Microsoft. > | |||||||||||||||||||||||||||||||||||||
| Similar Threads | Posted |
| vlans for security | September 25, 2006, 7:19 am |
| VLANs Cisco Security | October 19, 2006, 7:04 am |
| Re: IT Security news and information site for Security Professionals | August 7, 2008, 8:57 am |
| Windows - Browsing across vlans and also DC's on separate vlans | November 16, 2005, 9:26 pm |
| Accessing higher security level from higher security level | July 11, 2005, 3:20 pm |
| VPN Security | March 2, 2007, 8:50 am |
| ACL for Cat2950 security | February 10, 2005, 4:53 pm |
| Help on security logs | December 20, 2005, 11:22 am |
| 802.1X v/s Port Security | August 9, 2006, 12:18 am |
| Security issue within the VPN | September 20, 2006, 11:16 am |
| vpn tunel security | November 26, 2007, 6:29 pm |
| CCIE-Security | December 14, 2007, 3:44 am |
| Cisco Security agent | July 18, 2005, 2:14 pm |
| multiple security context on ASA | October 19, 2005, 11:58 pm |
| Re: switchport port-security | November 30, 2005, 7:59 am |
> client who feels that this will work.
>
> He has 3 networks, which are currently seperated by firewalls. He
> plans to use VLANs to bring a subnet from each of his 3 networks into
> various locations so his end user support people can be on all 3
> networks at the same time.
>
> He believes that simply because they are on different VLANs, this is a
> safe plan. Her claims that Microsoft has published something on their
> page, which I haven't found yet, stating that using differnet VLANs is
> effectively the same as using firewalls between networks because each
> traffic stream is isolated from the others,
>
> Comments?
>