VLAN vs Dual Nic

Discussion in 'Networking' started by skjom, Jun 28, 2019.

Share This Page

  1. Mike A.

    Mike A. Getting comfortable

    Joined:
    May 6, 2017
    Messages:
    445
    Likes Received:
    270
    What I was saying is that a dual-homed architecture in and of itself (alone) isn't a solution for isolating/segregating networks generally. In fact, what you're effectively doing with a dual-homed host is bridging the two networks at that machine. In this case bridging higher and lower security zones which are intended to be isolated. That can be done well as in the case of a dedicated firewall which is hardened and intended for that purpose or not so well in the case of any old random machine just relying on the OS and running whatever with whatever vulnerabilities that may exist. It's only '100% certain' to the extent that things play nice and nothing tries any harder than simply following standard networking as it should. Exactly why, for example, Stuxnet, Wannacry, and various other viruses/worms/pivoting exploits specifically target dual-homed hosts in order to infiltrate across interfaces and into process control and other systems on the other side.

    BUT that said and as I said above, for home use it's a reasonable way to isolate cameras and a lot better than just tossing whatever out there on your net. Not really going to fly as far as any best practices otherwise though.
     
  2. alastairstevenson

    alastairstevenson Staff Member

    Joined:
    Oct 28, 2014
    Messages:
    11,217
    Likes Received:
    3,574
    Location:
    Scotland
    Wow! That takes me back. To when I used to work for a living.
    Now that was a brilliant exploit. Force=mass X radius X omega squared.
     
    TL1096r and catcamstar like this.