Date: Tue, 10 Apr 2001 09:45:41 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Olivier Nicole <on@cs.ait.ac.th> Cc: mikel@ocsinternet.com, JHowie@msn.com, jwyatt@rwsystems.net, freebsd-security@FreeBSD.ORG Subject: Re: Theory Question Message-ID: <20010410094541.A13808@Odin.AC.HMC.Edu> In-Reply-To: <200104100457.LAA10040@banyan.cs.ait.ac.th>; from on@cs.ait.ac.th on Tue, Apr 10, 2001 at 11:57:24AM %2B0700 References: <Pine.BSF.4.10.10104072029260.31820-100000@bsdie.rwsystems.net> <05dd01c0c00d$657a8510$0101a8c0@development.local> <3AD1C188.F34164C7@ocsinternet.com> <200104100457.LAA10040@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
--zhXaljGHf11kAtnf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Apr 10, 2001 at 11:57:24AM +0700, Olivier Nicole wrote: > >I've heard this as well; and seem to remember hearing it while attending= some > >cisco training or something. I fully agree, that they aren't very good f= or > >security, and truthfully I don't think they're very good for a busy netw= ork > >either... >=20 > As a Cisco guru once said in a security seminar (must have been > apricot few years back), one and only design of Vlan is contention of > broadcast. Anything beyond that is pushing security risk. It's true that older Vlan implementations have this problem, but modern ones are implemented in hardward and do no leak packets. Cisco intends its current VLAN implementations to be used for security partitioning. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --zhXaljGHf11kAtnf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE60zi0XY6L6fI4GtQRAmETAJ0bJSIaVoak1eischJvj6EynhvGMgCgx2FT 5oYd1O6V0aobtbCrMNeNhrY= =g7Gv -----END PGP SIGNATURE----- --zhXaljGHf11kAtnf-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010410094541.A13808>