From owner-freebsd-security Sun Apr 8 2:57:26 2001 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.kechara.net (mailgate.kechara.net [62.49.139.2]) by hub.freebsd.org (Postfix) with ESMTP id 6E7AD37B423 for ; Sun, 8 Apr 2001 02:57:23 -0700 (PDT) (envelope-from lee@kechara.net) Received: from area57 (lan-fw.kechara.net [62.49.139.3]) by mailgate.kechara.net (8.9.3/8.9.3) with SMTP id MAA20820; Sun, 8 Apr 2001 12:10:24 +0100 Message-Id: <200104081110.MAA20820@mailgate.kechara.net> Date: Sun, 08 Apr 2001 11:00:07 +0100 To: John Howie , James Wyatt , freebsd-security@FreeBSD.ORG From: Lee Smallbone Subject: Re: Theory Question Reply-To: lee@kechara.net Organization: Kechara Internet X-Mailer: Opera 5.02 build 856a X-Priority: 3 (Normal) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I have had so many people suggest VLANs as an acceptable security solution >that it makes me wonder... Is there someone out there (presumably a hacker) >pushing them? I agree with you, they are not secure. That is why I always >push for a separate physical network. I'll drink to that. While VLANs are an easier solution, the trade-off is somewhat unacceptable. And I always say that if it should >ever be compromised you just blow it away and reconstruct it. In fact, I use >the term "Victim Network" to describe an IDS/monitoring network. While we're heading down this route then, what is everyone's take on honeypot/nets? -- Lee Smallbone Kechara Internet lee@kechara.net www.kechara.net Tel: (01243) 869 969 Fax: (01243) 866 685 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message