On Tue, Aug 24, 2010 at 9:32 AM, C. Falconer <[email protected]> wrote: > I've seen a site that put every user in their own VLAN, so a user's > phone/pc/laptop could only see the firewall, and everything was routed > through that to servers etc. Was utterly ridiculous, an example of > using tools to define the problem.
Not necessarily a bad thing to do; it addresses an edge case where devices might be attacking each other (i.e. a virus spread, or even unauthorized copying of sensitive files). You should balance the risk of this threat (i.e. how likely it is to happen && how much damage it could cause) against the cost of managing the VLAN infrastructure -- and if you already had great automation/tools to manage the VLAN setup, that would be a low cost. -jim _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
