Re: Just say no to VLANSMay 25 2007 06:17AM Cedric Blancher (blancher cartel-securite fr) (1 replies)
Le jeudi 24 mai 2007 à 21:20 -0500, Tsu a écrit :
> You have taken a hostile attitude on a technical discussion.
You're right. My bad.
> Concerning the vulnerability attacks: If everyone in the world took
> your excellent recommendations and implemented them throughout their
> switched infrastructure then there wouldn't be any issues w/ VLANs.
> Unfortunately, as I said before this is usually not the case.
This can be extended to anything. If people we doing IT like
recommandations, we would be out of job. But we don't tell them to do
something else.
> Not to mention this thread was started by someone that was new to
> VLAN's asking about using them for security. In a sense you are
> telling someone asking about a kite how to launch a rocket ship.
I feel someone being new to wireless networks and the way you implement
it, maybe not to VLAN as a general matter. In addition to this, I just
ask the question.
If we were talking about one AP, although I don't agree on VLAN
security, I would tend to follow for your way, for the sake of
configuration pain. But, we're talking of 10 APs. What does he do ? Cut
in half ? 5 of each ? Or double them, i.e. 20 ?
To rephrase, I and you don't know about the context, and killing one
solution that could be valuable just because you think the guy is not
good enough to make it right, does not seem to me to be quite a valuable
answer, especially because it lies on a wrong statement.
I use to see a lot of vulnerable websites, secure one being the
exception. I don't tell people not to use PHP unless they clearly don't
need it. I use to see awfully configured firewalls, I don't tell people
not to use firewalls. Etc.
> if you are providing wireless access to the public then you should
> physically separate the networks or at least firewall them off from
> one another.
I don't understand your last statement. Or you separate, or you
firewall. So if we use VLAN, we have to firewall VLANs from each other,
right ? Who stated we didn't need to firewall VLANs from each other ?
Have a good day too.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
> You have taken a hostile attitude on a technical discussion.
You're right. My bad.
> Concerning the vulnerability attacks: If everyone in the world took
> your excellent recommendations and implemented them throughout their
> switched infrastructure then there wouldn't be any issues w/ VLANs.
> Unfortunately, as I said before this is usually not the case.
This can be extended to anything. If people we doing IT like
recommandations, we would be out of job. But we don't tell them to do
something else.
> Not to mention this thread was started by someone that was new to
> VLAN's asking about using them for security. In a sense you are
> telling someone asking about a kite how to launch a rocket ship.
I feel someone being new to wireless networks and the way you implement
it, maybe not to VLAN as a general matter. In addition to this, I just
ask the question.
If we were talking about one AP, although I don't agree on VLAN
security, I would tend to follow for your way, for the sake of
configuration pain. But, we're talking of 10 APs. What does he do ? Cut
in half ? 5 of each ? Or double them, i.e. 20 ?
To rephrase, I and you don't know about the context, and killing one
solution that could be valuable just because you think the guy is not
good enough to make it right, does not seem to me to be quite a valuable
answer, especially because it lies on a wrong statement.
I use to see a lot of vulnerable websites, secure one being the
exception. I don't tell people not to use PHP unless they clearly don't
need it. I use to see awfully configured firewalls, I don't tell people
not to use firewalls. Etc.
> if you are providing wireless access to the public then you should
> physically separate the networks or at least firewall them off from
> one another.
I don't understand your last statement. Or you separate, or you
firewall. So if we use VLAN, we have to firewall VLANs from each other,
right ? Who stated we didn't need to firewall VLANs from each other ?
Have a good day too.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
[ reply ]