Tsu wrote:
You have taken a hostile attitude on a technical discussion. I find it
disappointing when people interject emotion into a technical
discussion personally.
First, you stated that you were surprised at the frequency at which I
find poorly secured networks. To be honest I find that well-configured
and well-secured networks are the exception not the rule.
Concerning the vulnerability attacks: If everyone in the world took
your excellent recommendations and implemented them throughout their
switched infrastructure then there wouldn't be any issues w/ VLANs.
Unfortunately, as I said before this is usually not the case. Not to
mention this thread was started by someone that was new to VLAN's
asking about using them for security. In a sense you are telling
someone asking about a kite how to launch a rocket ship.
You can claim BS and get abusive all you like but it doesn't change my
opinion that if you are providing wireless access to the public then
you should physically separate the networks or at least firewall them
off from one another.
I'm done with this, have a great day.
My personal take is that VLANS are not a security tool, they are a
network performance/traffic segmentation configuration and I totally
agree that wireless (to the public or not) should be physically separate
from the wired infrastructure.I am responsible for security in the most
bizarrely NAT'd VLAN'd environment I have ever seen (all of which was
done by network engineers attempting to practice security) and agree
that properly configured and secured networks are the exception.
-dogten
