From owner-freebsd-security Fri Aug 20 12:31:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from web601.yahoomail.com (web1206.mail.yahoo.com [128.11.23.142]) by hub.freebsd.org (Postfix) with SMTP id 5F75814CA1 for ; Fri, 20 Aug 1999 12:31:54 -0700 (PDT) (envelope-from service_account@yahoo.com) Message-ID: <19990820192825.15974.rocketmail@web601.yahoomail.com> Received: from [15.255.160.64] by web1206.mail.yahoo.com; Fri, 20 Aug 1999 12:28:25 PDT Date: Fri, 20 Aug 1999 12:28:25 -0700 (PDT) From: jay d Subject: Re: multiple machines in the same network To: "Rodney W. Grimes" , Evren Yurtesen Cc: freebsd-security@FreeBSD.ORG MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What you really want is a VLAN capable switch. VLAN switches simply designate what ports on a switch can see what other ports on the same switch. I have to correct you though, Rodney, as sniffing is currently possible through switches. Jay --- "Rodney W. Grimes" wrote: > > Hello, > > > > We are an ISP and we want to let our customers to > put their own hardware > > into our network. But the thing we are concerned > about is security of > > course. How can we protect our system from > customers' machines? > > I would strongly suggest that you place your > customers on a ethernet > switch. Any of the modern 10/100 switches work well > for this. Each > customer gets 1 port on the switch, if they have > more than 1 machine > they install thier own hub connected to the switch. > This prevents > them from sniffing other customers traffic. Then > you need to setup > a router between this switch and your DMZ with a > firewall rule set > that stops all the nasty stuff like RFC1918 nets, > smurf amplifier (block > the broadcast addresses to all known subnets), etc. > > > > > I have heard about somehthing called "virtual > network" but I am not sure > > of what it means and even if it is the thing I am > searching for ? > > You don't need VLAN's for this, it's overkill. > > -- > Rod Grimes - KD7CAX - (RWG25) > rgrimes@gndrsh.dnsmgr.net > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of > the message > > __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message