×

Loading...
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务
Ad by
  • 推荐 OXIO 加拿大高速网络,最低月费仅$40. 使用推荐码 RCR37MB 可获得一个月的免费服务

@Florida

I guess it depends on the sensitivity of your data. although it's a dedicated layer 2 circuit but the security offered on these circuits are

coolj(酷不起来)
solely based on your service provider, assume they are not putting anyone else on the same circuit. plus, these circuits usually across multiple wan switches in the service provider backbone before gets switched to your remote office. you never know someone might listening or spoofing on some of these switches.

if data privacy is a concern for your company, and you are running IP based network, i would recommend to build a secured vpn tunnel over it, something like IPsec vpn. and most likely you already have the devices that supports these kind of technology, no need to purchase a firewall to do the same thing. if i'm correct, your intend is not for traffic filtering but for data integrity.
(#2890502@0)
Last Updated: 2006-4-7
This post has been archived. It cannot be replied.
Report

Replies, comments and Discussions:

  • 工作学习 / 专业技术讨论 / 关于是否仍需要firewall请教有经验DX。我的公司采用了新的wan连接两个office。service provider提供了一个atm的ubr电路(100mbps)和一个0.5mbps的cbr电路。 -pnpn(双飞雁); 2006-4-6 {182} (#2889925@0)
    service provider称是layer 2 dedicated line,不需再在两头用firewall配tunnel了。但我上回在论坛里见到有个帖子说是dedicated line也需要firewall。不知是为什么?是否真需要tunnel来保护信息?
    • 你的专线是二层的概念, firewall是三层和三层以上的概念。 两者不太沾边。 “保护信息”是加密的概念, 也和firewall不沾边, what you really wanted? -bugfree(BugFree); 2006-4-6 (#2890057@0)
      • My intention of firewall is to create IPSec tunnel to encrypted the traffic. -pnpn(双飞雁); 2006-4-7 (#2891927@0)
    • I guess it depends on the sensitivity of your data. although it's a dedicated layer 2 circuit but the security offered on these circuits are -coolj(酷不起来); 2006-4-7 {703} (#2890502@0)
      solely based on your service provider, assume they are not putting anyone else on the same circuit. plus, these circuits usually across multiple wan switches in the service provider backbone before gets switched to your remote office. you never know someone might listening or spoofing on some of these switches.

      if data privacy is a concern for your company, and you are running IP based network, i would recommend to build a secured vpn tunnel over it, something like IPsec vpn. and most likely you already have the devices that supports these kind of technology, no need to purchase a firewall to do the same thing. if i'm correct, your intend is not for traffic filtering but for data integrity.
      • Thanks. You get the point. Since I already ask the service provider about this issue, and they said no need of encryption, I think they guarantee this is a real 'dedicated' line: no other user in it. -pnpn(双飞雁); 2006-4-7 {480} (#2891919@0)
        However, as you said, this is acrossing multiple switches,so ' the man in the middle ' should be concerned.

        I'd like to give some more specific information:

        The equipment at my end is cisco 3550, the backbone is ATM network. I just curious that how an intruder can sniff the traffic in such a WAN environment. Does anyone know about this?

        Yes. I already have encryption equipment - firewalls. I can use them to create IPsec tunnel. But it will slow down the network.

More Topics

  • 看大家讨论日语,俺也正在认真学习。其实语言问题应该是很快也很容易就解决的,可能比自动驾驶来的还快。TREK里面,全宇宙的人都在大脑里安装了UNIVERSAL TRANSLATOR,外星人之间相互交流无障碍。废话少说,看视频。。。加上个MIC和耳机,不同国家的人就可以无障碍交流。
  • 肉脸真有搞 IT 的?Linux 把俄国中国伊朗踢出去了好像肉脸 IT 没啥感觉似的
  • 请问web developer和software developer技术上有什么区别?
  • Elon Musk 带着川普总统奔向火星了。
  • 扔硬币的实验研究
    • 枫下论坛主坛工作学习专业技术讨论