[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on ISP Expectations

To: grip-wg@TransSys.COM
Subject: Re: Comments on ISP Expectations
From: Stuart A Barkley <stuartb@uu.net>
Date: Thu, 30 Mar 2000 01:13:45 -0500 (EST)
Comment: grip-wg mailing list add/drop requests to Majordomo@TransSys.COM
In-reply-to: <Pine.SOL.3.96.1000329193636.16564A-100000@secure>

On Wed, 29 Mar 2000, Bill Woodcock wrote:

>    > 5 Systems Infrastructure
> 
> Systems MUST minimally be separated by a switched LAN
> infrastructure, such that compromise of one host does not allow
> promiscuous "sniffing" of traffic to and from other hosts, and
> SHOULD be separated onto separate VLANs or subnets, such that
> traffic can be filtered both to and from each system, without the
> possibility of a "stepping stone" attack from one host to another,
> "behind" a firewall.

Switched hubs don't provide any degree of security from sniffing.  
There are many ways to externally manipulate them so they get confused
and broadcast everywhere.

Putting in place or using a large VLAN infrastructure adds another
point of attack that isn't necessarily visible on a LAN structure
diagram.

References:
- Comments on ISP Expectations
  - From: Bill Woodcock <woody@zocalo.net>

Prev by Date: Re: Comments on ISP Expectations
Next by Date: Re: Comments on ISP Expectations
Previous by thread: Re: Comments on ISP Expectations
Next by thread: Re: Comments on ISP Expectations
Index(es):
- Date
- Thread