[4274] in North American Network Operators' Group
Re: customers and web servers and level one naps
daemon@ATHENA.MIT.EDU (Justin W. Newton)
Tue Sep 10 17:36:23 1996
Date: Tue, 10 Sep 1996 17:44:34 -0400
To: Michael Dillon <michael@memra.com>, nanog@merit.edu
From: "Justin W. Newton" <justin@erols.com>
At 11:30 AM 9/10/96 -0700, Michael Dillon wrote:
>On Tue, 10 Sep 1996, Srinivasarao Mulugu wrote:
>
>> I know we do, Michael. And I have "their" answer. But they may not have
>> the same experiences you did.
>
>> > > Have you had much experience, having the servers connect directly on
to a
>> > > level-2 device like a FDDI-to Ethernet (e.g. catalyst) connector ?
and it
>> > > security implications ?
>
>It's not a matter of experience. It's a matter of what a level-2 device is
>and how it normally works. There is no security at level 2.
>
>Therefore, you should only connect trusted pieces of equipment to a
>level-2 media unless it is being used as a point-to-point media. Lets use
>Ethernet as an example. If you connect a customer web server to an
>Ethernet then they can sniff any traffic that goes by and possibly do
>nasty things like spoofing. Even if they would never do such a thing they
>may be hacked by somebody who would do such a thing. So it is not a good
>idea to share a level 2 media in this way.
The MAE's are switches. Unless you are sending super secret BROADCAST
traffic the security implications you are mentioning are non-existant.
Justin Newton
Internet Architect
Erol's Internet Services