Originally posted by eBoundary
Like i said, providing the host is secure then there is nothing wrong with it.
Secure as in services running on the box, ips being bound to the box, etc?
You can look at traffic without having a *routeable* ip bound to the box.
Do you also recommend putting a firewall on a single box meant to protect itself?
It really sounds like you're making excuses for small shops here, security should not be an afterthought or something that only would be incorporated if convenient (like installing Snort on a machine that serves customers).
All in all, any DECENT data center can set you up with a box on a port that does spanning of your other ports in use. It's just a matter of how you value security.
This is turning into My Security Policy vs. Your Security Policy now. wee!