[4268] in North American Network Operators' Group
Re: customers and web servers and level one naps
daemon@ATHENA.MIT.EDU (Michael Dillon)
Tue Sep 10 14:36:30 1996
Date: Tue, 10 Sep 1996 11:30:22 -0700 (PDT)
From: Michael Dillon <michael@memra.com>
To: nanog@merit.edu
In-Reply-To: <Pine.SV4.3.91.960910141342.17625U-100000@mercury.int.sprintlink.net>
On Tue, 10 Sep 1996, Srinivasarao Mulugu wrote:
> I know we do, Michael. And I have "their" answer. But they may not have
> the same experiences you did.
> > > Have you had much experience, having the servers connect directly on to a
> > > level-2 device like a FDDI-to Ethernet (e.g. catalyst) connector ? and it
> > > security implications ?
It's not a matter of experience. It's a matter of what a level-2 device is
and how it normally works. There is no security at level 2.
Therefore, you should only connect trusted pieces of equipment to a
level-2 media unless it is being used as a point-to-point media. Lets use
Ethernet as an example. If you connect a customer web server to an
Ethernet then they can sniff any traffic that goes by and possibly do
nasty things like spoofing. Even if they would never do such a thing they
may be hacked by somebody who would do such a thing. So it is not a good
idea to share a level 2 media in this way.
However you can use level 2 media to create point-to-point links. One way
is to use a reversed patch cable between two 10baseT interfaces. Another
more common way is to use a switch (also works with FDDI and ATM). Of
course, the normal reason for using such switches is to get greater
bandwidth capabilities. I wouldn't rely on them as the sole means of
isolating a customer's web server.
I still don't understand why you are asking me specifically about this
stuff. I certainly don't have any direct experience building exchange
points. Normally on a mailing list you would direct your question to all
the list members in the hopes that you will get several replies from
people who have good information to share.
Michael Dillon - ISP & Internet Consulting
Memra Software Inc. - Fax: +1-604-546-3049
http://www.memra.com - E-mail: michael@memra.com