On Wednesday 23 April 2003 21:26, Jamie Heilman wrote: > Litzler Mihaly wrote: > > How do you think switching a separate VLAN for this would be also secure > > enough? Is it a must to use a dedicated device? > > Switching is done for speed, not security.
Agreed. For a dedicated logging server, though, it is very rare that speed is as big a deal as it is for (say) the production side of the network. A dedicated VLAN segment for logging and system management will certainly do the job, but my recommendation would almost always be to run it on separate equipment. (I also like to use different color cabling/equipment for the management network, so that it's very difficult to accidentally connect things on the wrong side.) Clearly, there's a lot of different ways to do secure event logging. Each method has inherent strengths and weaknesses. The important thing is to make a decision that makes good business sense. On a production network that does a significant amount of revenue processing, I believe that it is justifiable to have a separate and fully isolated admin/management network. IMHO, the security is improved, but it has the added benefit of not taking any available bandwidth from the production (revenue producing) data. Cheers, Ken
