With all due respect to the participants of this thread let me present my impression of recent emails. NOTE: these are not direct quotes but are meant as simple thematic representations.
Me: This may cause a flame war but VLANs are questionable from a security perspective. Chris Kirschke: We do it in combination with IDS and it works fine for us. Paul Robertson: It's caused problems in the past and should probably be avoided. Gary Flynn: I thought it required some pretty specific conditions. Should I be worried? PR: Maybe. <List of potential problems> Wesley Noonan: There isn't evidence to demonstrate that those problems are real. PR: It's based on history and educated guesses. There have been problems and it's unlikely they've all been found much less fixed, so I wouldn't personally trust it. WN: That is not what you said. PR: Is too. WN: Is not. Me: (sigh) I knew it. Here's what I propose: 1) There is nothing that one person can build that another cannot break. 2) Bugs happen. So do exploits. 3) A healthy degree of paranoia is good. 3a) Define "healthy". 4) Keep it simple. 4a) Define "simple". 5) Don't trust it any farther than you can fix it. Of course exploits are going to be possible. Understand your level of risk before you accept it lest you be forced to live with it afterwards. Maybe, just maybe, Paul's threshold of acceptable risk is a lot smaller than for the rest of us. But maybe Paul's network would be harder to crack than ours. Cheers, -Jim _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
