[rbridge] What should be the goal in terms of security?
Eastlake III Donald-LDE008
Donald.Eastlake at motorola.com
Wed Feb 2 06:51:39 PST 2005
I certainly never thought of Rbridges as an idea for downgrading the network by replacing routers but as a way of upgrading bridges to get such benefits of "routing" as you can get while still avoiding the configuration penalties of IP routing. More security is better if you can get it without undue penalty but bridged security is adequate, in my opinion.
From: rbridge-bounces at postel.org [mailto:rbridge-bounces at postel.org] On Behalf Of marcelo bagnulo braun
Sent: Wednesday, February 02, 2005 8:34 AM
To: 'Developing a hybrid router/bridge.'
Subject: [rbridge] What should be the goal in terms of security?
after all the discussion about ARP and flooding and so on, i guess that
an important point should be to clearly define what is the goal of the
rbridge solution in terms of security. I mean it seems to me that the
security provided by a router and the security provided by a bridge are
quite different. I mean, in arp, hijacking a link layer address seems
to be an important vulnerability, since it may allow sniffing and
spoofing any interface of the cloud. Besides, the potential DOS attakcs
that may result because of broacasts used for discovery may be
important. All this issues are not present in a routed network AFAICT.
So i guess that the first question is: an rbridge solution should
provide the level of security of a bridged network or the level of
security of a routed network?
If the goal is to replace routers by rbridges, i would say that the
routed network security level is required....
More information about the rbridge