I want my Firenet. (and so do you)
Results 1 to 5 of 5

Thread: I want my Firenet. (and so do you)

  1. #1
    Member
    Join Date
    Apr 2002
    Posts
    88

    I want my Firenet. (and so do you)

    What a concept! Consider this, your LAN,WAN are hostile. There's no disputing that fact. The vast majority of attacks come from the inside. With that in mind I have a question why don't switch manufacturers build switches for security also. Now don't go talking about authenticated VLANs or MAC rules, yada, yada. These are not viable in a wireless environment. Taking everything into account the only place you can enfors you corpporate policy is at the edge.

    Here's the pitch: I know of switches that have the ability to analyze the first packet(s) sent out by the end device to classify it (QoS), put the port in the correct VLAN(s), and they can keep it from going certain places (various ACL implementations). So why not just look a few bytes more into the header? How about having a 'firewall' on every port on every switch? This is what could be called a 'firenet'.

    It's just a concept but I feel this could be very viable. What do you all think? Any questions, comments?

    Of course I simplified this so I don't have to type too too much. So I may have left out some things.
    America - Land of the free, home of the brave.

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,884
    Wouldn't it be more simple to install something like sygate/zone alarm/tiny on all the computers? And probably a hell of a lot cheaper?
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Senior Member
    Join Date
    Jan 2002
    Posts
    883
    Get a good router/switch combo with NAT. That takes care of it for the most part. The Linksys series works well. They have limited port forwarding for more security.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.


  4. #4
    Member
    Join Date
    Apr 2002
    Posts
    88
    Originally posted here by souleman
    Wouldn't it be more simple to install something like sygate/zone alarm/tiny on all the computers? And probably a hell of a lot cheaper?
    Well, first off this is an enterprise solution. And buying multiple pieces to the puzzle from mulitiple vendors sucks. Everything can be done in the switch. Most of it already happens there, what is keeping them from making it a one stop shop? Ignorance?

    {P2P}- NAT is not a solution you want implement w/ 50,000+ nodes all over the world. It's not practical, really. Troubleshooting that is a nightmare. Again Linksys does not make an enterprise anything. This is a pie-in-the-sky kinda thing here. I'm thinkin this is doable in two years or so.

    Anyway, any other thoughts, concerns, flames?
    America - Land of the free, home of the brave.

  5. #5
    Member
    Join Date
    May 2002
    Posts
    93
    Not sure if this applies, or if TopLayers devices are viable intra-wise

    http://www.toplayer.com/

    might want to check out some of their stuff anyway. Saw a demonstration of their equipment once and was impressed.
    Tachyon

    |-----|Alcohol is my anti-drug |-----|

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •