* Darren Spruell <[EMAIL PROTECTED]> [2007-10-24 21:48]: > Remember back 10-ish years ago when VLANs were being touted as the > ultimate network segmentation technology by marketers of managed > switches? And now everyone hopefully realizes that while VLANs > technically do offer network segmentation, it's really rudimentary and > cannot be relied on for truly reliable security due to various layer 2 > attacks that subvert them?
err, that is a very bad comparision. I am not aware of any "layer2 attacks" (you probably mean vlan hopping things) that work against any half reasonable configured switch from the last 10 years. heck, these days even everybody except cisco has sane defaults. (well, I dunno about those cheap switches, admittedly) this comparision is wrong on another basis: vlans are dead simple, just a tiny and simple header before the ethernet segment. virtualization is certainly not. > That simply segmenting networks with > VLANs can't be considering to fully isolate them? without bad config errors (that are getting harder to make, except on cisco, they got the semantics completely wrong and stupid defaults) and usedcorrectly, yes, VLANs perfectly isolate network segments. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
