Mike McCarty wrote:
John Stumbles wrote:
Mike McCarty wrote:
John Stumbles wrote:
What do you mean "Cannot act as a bridge"?
A switch uses MAC addresses for ascertaining where to forward
a message. It is unaware of IP addresses, so it cannot connect
different nets.
Yup. That's bridging, defined in 802.1d
http://www.ieee802.org/1/pages/802.1D.html
Perhaps the terminology has changed, then. I began using networks
more or less seriously in the mid to late 1980s, and by then
bridge meant "bridging separate networks". What you put here,
I note, is related to LAN, i.e. one network, not interconnected
networks. Maybe someone else who knows more than I do can
chime in here. In any case, I was not referring to a "MAC Bridge"
but to a "Network Address Bridge". MACs are point-to-point.
Networks are not (or at least do not have to be).
The terminology never changed. What you're referring to was called a
"gateway" back then, and is now called a router, because all of the
functions of gateways are in routers these days.
Switches are multiport Bridges.
Gateways were between dissimilar networks -- TCP/IP to X.25, for example.
Routers were (back then) just IP shuffling devices... and acted over
only Layer 3.
Nowadays you can but a single "router" that will do any and all of the
above. And Cisco and others muddied the water by calling some things
"Layer 4" that aren't. That cracks me up to this day, but I just roll
with it and use whatever terminology my old-people-who-built-it or
young-people-who-bought-it audiences need.
And what do you mean by 'not secure'?
No firewall. Any message sent to a given MAC is delivered to
it. There is no concept of LAN side vs WAN side.
Yeah, but nowadays, some switches CAN do traditional "firewall"
functionality. Even basic Access Control Lists (in Cisco's terminology)
are rudimentary "firewalls".
OK. from a different POV they _are_ secure: unlike a hub (repeater)
which sends every packet to all connected ports switches only forward
[1]packets to their destination ports. This is more secure as traffic
cannot be sniffed by stations on other ports[2]. Which just goes to
show that 'security' is not a simple quality of which one can have
more or less (like money) but a set of qualities.
Putting a switch between an ADSL modem and your machine will leave
it wide open.
Unless your machine doesn't have an IP address on its interface attached
to the switch. :-)
I guess that my view is
(1) only machines which have no physical access point are secure
(2) any other machine has only relative security.
True. Security of ANYTHING is always done by degrees. It's important
to know WHAT you're protecting and how important it is before
ENGINEERING your security solution. Rarely is this done, however.
IT managers will grow up someday and engineer things again... after
budgets get slashed by CEO's tired of handing the CTO all their money
and not seeing a corresponding return on investment.
This may include such things as power supply lines, when one has
a dedicated snooper. So, within this context of security, it is
a very complex topic with many ramifications. No one insecure machine
is absolutely more secure than any other, they only have relative
security strengths and weaknesses. I wasn't trying to address security
in an absolute sense. This would involve Faraday cages, power supplies
which have no connection to the public grid and are within the
cage, and other sundry physical access issues.
All depends on what you're protecting. There's a high probability that
the type of security system you're describing DOES exist somewhere and
the stuff it's protecting, most people probably don't want to know about
anyway.
To put it another way, I was trying to help a newbie understand the
tradeoffs which would enter into a decision of whether to use
a crossover cable, a hub, a switch, or a router. I find that
many don't really know the differences or even appreciate that
there are differences between hubs, switches, and routers.
Yeah, but you're using the wrong terminology -- talk in network
absolutes like interfaces, IP addresses, and whatnot. The terms,
"switch" and "router" become more and more blurred as the devices merge
naturally as speed goes up, and cost goes down.
Nate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
