On Thu, Nov 12, 2009 at 12:42:35PM -0800, Eric Milam spake thusly:
Basically the fear are base camps from which to launch an attack.
As Erin stated below, if there are measures in place (not just
vlans) to prevent access from the log machine to the Card Holder
data environment then it may be that the device will be out of
Why not just VLANs? Do we not trust VLANs or are we worried about VLAN
misconfiguration? Or switch compromise? Cisco commissioned a study by
@Stake (IIRC) which made a pretty good case for VLAN security. Of
course, that may just be Cisco getting the results it paid for. But it
seemed reasonable to me.