From owner-freebsd-security  Tue Apr 10  9:46: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75])
	by hub.freebsd.org (Postfix) with ESMTP id C214837B422
	for <freebsd-security@FreeBSD.ORG>; Tue, 10 Apr 2001 09:46:06 -0700 (PDT)
	(envelope-from brdavis@odin.ac.hmc.edu)
Received: (from brdavis@localhost)
	by odin.ac.hmc.edu (8.11.0/8.11.0) id f3AGjfW15819;
	Tue, 10 Apr 2001 09:45:41 -0700
Date: Tue, 10 Apr 2001 09:45:41 -0700
From: Brooks Davis <brooks@one-eyed-alien.net>
To: Olivier Nicole <on@cs.ait.ac.th>
Cc: mikel@ocsinternet.com, JHowie@msn.com, jwyatt@rwsystems.net,
	freebsd-security@FreeBSD.ORG
Subject: Re: Theory Question
Message-ID: <20010410094541.A13808@Odin.AC.HMC.Edu>
References: <Pine.BSF.4.10.10104072029260.31820-100000@bsdie.rwsystems.net> <05dd01c0c00d$657a8510$0101a8c0@development.local> <3AD1C188.F34164C7@ocsinternet.com> <200104100457.LAA10040@banyan.cs.ait.ac.th>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="zhXaljGHf11kAtnf"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200104100457.LAA10040@banyan.cs.ait.ac.th>; from on@cs.ait.ac.th on Tue, Apr 10, 2001 at 11:57:24AM +0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 10, 2001 at 11:57:24AM +0700, Olivier Nicole wrote:
> >I've heard this as well; and seem to remember hearing it while attending=
 some
> >cisco training or something. I fully agree, that they aren't very good f=
or
> >security, and truthfully I don't think they're very good for a busy netw=
ork
> >either...
>=20
> As a Cisco guru once said in a security seminar (must have been
> apricot few years back), one and only design of Vlan is contention of
> broadcast. Anything beyond that is pushing security risk.

It's true that older Vlan implementations have this problem, but modern
ones are implemented in hardward and do no leak packets.  Cisco intends
its current VLAN implementations to be used for security partitioning.

-- Brooks

--=20
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE60zi0XY6L6fI4GtQRAmETAJ0bJSIaVoak1eischJvj6EynhvGMgCgx2FT
5oYd1O6V0aobtbCrMNeNhrY=
=g7Gv
-----END PGP SIGNATURE-----

--zhXaljGHf11kAtnf--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message