> Thus, in my opinion (but have a look at my email address to see > that I could be biased ;-) ), the switch can increase the DMZ security > if: > - it uses static mapping > - as you put part of your security in the switch configuration, you > must obviously secure your switch config (OTP, ACL, management via > console only, ...) What about problems that fault the switch itself? We have seen bugs that crash 3Com switches due to poor IP stack implementation; Cisco is aware of bugs that affect their Catalyst platforms as well. What assurance do we have that switches are implemented with the same attention to security as firewalls? ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "If you're so special, why aren't you dead?"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:35 PDT