|
|
|||
Does bridging reinforce privacy?
Does bridging reinforce privacy ?
for instance, when I followed the manual .. I set three hostname. this way : Code:
bce0 : up media 10base2 wpi0 : dhcp bridge0 : add bce0 add wpi0 up Last edited by ocicat; 31st March 2012 at 04:50 PM. Reason: Adding [code] & [/code] tags for clarity... |
|
|||
The chief reason for bridging is to limit collision domains at Layer 2 of the OSI model. Since bridges exist on the "link layer" (which is another name for Layer 2...), they won't be seen at the IP address level or "Layer 3". Because of this, bridges & switches are called "transparent", but this has little to nothing to do with privacy.
If this terminology is bewildering, study the OSI model. An introduction can be found on Wikipedia: http://en.wikipedia.org/wiki/Osi_model Last edited by ocicat; 30th March 2012 at 12:42 AM. |
|
|||
It is not uncommon for intermediate-level commercial switches (not low-end consumer switches...) to be marketed as "managed switches". These switches are accessible by IP address so that they can be configured ("managed") remotely.
In addition, there are what are known as "Layer 3 switches" which integrate a router into a switch. The purpose of these intermediate-level devices is to facilitate VLAN trunking all within the same device ("router-on-a-stick" is a common configuration...). So not all switches/bridges exist solely at Layer 2, but for practical reasons, it is safe to think of switches as only Layer 2 devices. And for what it may be worth, Henning is not a fan of Layer 3 switches. |
|
|||
Thank you Ocicat !!
for me to fully grasp your last post I need to spend hours of reading .. I'm starting with wikipedia .. :-) |
|
|||
This discussion has been separated from its parent thread:
http://www.daemonforums.org/showthre...3471#post43471 |
|
|||
Sorry Ocicat
I must apologize for this thousand time made mistake .. I'd rather have started a new thread .. |
|
|||
I'm coming back to this question again.
I assume you may be comparing the actions of switches & hubs. When using a hub (which is a Layer 1 device...), all packets are sent to all hosts, & each host will determine if the packets target them. If the host is not the designated receiver, the host will ignore the packet. If two hosts on the same LAN segment try to transmit at the same time, the packets will collide causing the communication to fail. Both senders will each wait a random length of time before attempting to transmit again. This is defined as a collision domain. Communication in a hubbed environment is half-duplex at best. Switches are an improvement in that after a learning phase (seeding the ARP cache...), packet traffic is not sent to all hosts in the LAN segment. A virtual circuit is created only between the sending & the receiving hosts. Packet collisions can still occur, but they are limited to the two hosts in the virtual circuit, or for each port on the switch. When using a hub, hosts can potentially set their network interfaces into "promiscuous mode" which means they can capture all network LAN traffic -- whether they are the designated recipient or not. This is how packet sniffers work. A conclusion one might draw is that a switched environment is more secure than a hub environment. Slightly. If I want to eavesdrop on conversations in a switched environment, all I need is access to the switch itself. Most commerical grade switches have features such as port replication where any traffic going through a specific port can be duplicated elsewhere. I can still monitor specific network traffic in a switched environment. If the switch used does not support port replication, I can also use a network tap directly on the connection itself. So to say that communication in a switched environment is more secure in & of itself, no. I simply just have to use more sophisticated methods to monitor traffic. I will close quoting Ron Rivest of RSA fame: If one is really concerned about privacy, encryption is required. Bridges/switches by themselves do not provide this. This isn't part of the set of problems they were designed to address. Switches are an evolution from hubs which allows Ethernet communication to be full-duplex. LAN segments can now support more than one active conversation between their hosts. Last edited by ocicat; 31st March 2012 at 06:19 PM. |
|
|||
Thank you very much, Ocicat !!
I understand part of your post while some points escape me .. could I ask you about your encryption habits/choices (when sending mail or surfing the web) ? |
|
|||
Since the subject of this thread is "Does bridging enforce privacy?", discussing email & encryption would be changing subjects. If you want to discuss a different topic, start a new thread.
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Bridging firewall with OPenBSD 5.0 | scrummie02 | OpenBSD Security | 4 | 23rd January 2012 03:49 AM |
OpenBSD, PF, bridging and 10gE | mbw | OpenBSD Security | 6 | 5th January 2012 08:51 PM |
EFF concerned over AIM privacy | J65nko | News | 0 | 4th January 2012 06:14 PM |
wired and wifi sharing but cant use bridging | domdurocher | OpenBSD General | 8 | 6th October 2011 01:47 AM |