Re: customers and web servers and level one naps
At 11:30 AM 9/10/96 -0700, Michael Dillon wrote:
On Tue, 10 Sep 1996, Srinivasarao Mulugu wrote:
I know we do, Michael. And I have "their" answer. But they may not have the same experiences you did.
Have you had much experience, having the servers connect directly on to a level-2 device like a FDDI-to Ethernet (e.g. catalyst) connector ? and it security implications ?
It's not a matter of experience. It's a matter of what a level-2 device is and how it normally works. There is no security at level 2.
Therefore, you should only connect trusted pieces of equipment to a level-2 media unless it is being used as a point-to-point media. Lets use Ethernet as an example. If you connect a customer web server to an Ethernet then they can sniff any traffic that goes by and possibly do nasty things like spoofing. Even if they would never do such a thing they may be hacked by somebody who would do such a thing. So it is not a good idea to share a level 2 media in this way.
The MAE's are switches. Unless you are sending super secret BROADCAST traffic the security implications you are mentioning are non-existant. Justin Newton Internet Architect Erol's Internet Services
On Tue, 10 Sep 1996, Justin W. Newton wrote:
Therefore, you should only connect trusted pieces of equipment to a level-2 media unless it is being used as a point-to-point media. Lets use Ethernet as an example. If you connect a customer web server to an Ethernet then they can sniff any traffic that goes by and possibly do nasty things like spoofing. Even if they would never do such a thing they may be hacked by somebody who would do such a thing. So it is not a good idea to share a level 2 media in this way.
The MAE's are switches. Unless you are sending super secret BROADCAST traffic the security implications you are mentioning are non-existant.
What about people hacking MAC addresses or screwing around with ARP and BOOTP? He was asking about attaching a customer web server to the exchange so presumably anything could be done on that box. Michael Dillon - ISP & Internet Consulting Memra Software Inc. - Fax: +1-604-546-3049 http://www.memra.com - E-mail: michael@memra.com
It's not a matter of experience. It's a matter of what a level-2 device is and how it normally works. There is no security at level 2.
Not entirely true Michael. :)
The MAE's are switches. Unless you are sending super secret BROADCAST traffic the security implications you are mentioning are non-existant.
Justin Newton
Also, not for every point on the MAEs. -- --bill
participants (3)
-
bmanning@isi.edu -
Justin W. Newton -
Michael Dillon