Total members 11763 |It is currently Tue Feb 19, 2019 5:48 am Login / Join Codemiles














R Scripts


Virtual Local Area Network (VLAN) SECURITY

In the begin I want to say that VLANs are not secure .Using Virtual LANs it is now possible to make isolated traffic .Which mean the traffic that share the same switch or even group of switches can be isolated .The designer of this isolation had other issues in mind rather than the security problem. VLANs allow sharing a switch among more than one LAN by filtering and limiting broadcast traffic. But this form of isolation relies on software and configuration, not the physical isolation.

In the last few years, some firewalls have become VLAN aware; you can make policies to identify a packet and also identify the VLAN that is belonging to. By firewalls that are VLAN aware add a lot of flexibility useful to Web hosting sites, the tags that these firewalls rely on were not designed with security in mind. VLAN tags can be created by devices other than switches, and valid tags that will fool the firewall can easily be added to packets.


Several ways your network can be attacked at Layer 2. Many of these aren't nearly as intuitively obvious as the higher-level attacks we witness daily; so many administrators think that it's impossible to attack VLANs, which is of course, absurd.

So here are a few key points to remember when configuring your network:
VLAN 1 (on Catalyst switches) is the default for both ports and the "Native" VLAN on 802.1Q trunks, which is precisely why you should NEVER use it.

Don't allow dynamic protocols to talk to untrusted devices. Many administrators don't realize there are a lot of these operating around Layer 2, such as VTP, PAgP, CDP, DTP, UDLD and of course STP.
If at all possible, authenticate all hosts and/or limit their connectivity. Port Security, 802.1x and Dynamic VLANs are three methods mentioned in this article you can use.

User avatar Posts: 2707
Have thanks: 74 time
Post new topic Reply to topic  [ 1 post ] 

  Related Posts  to : VLAN SECURITY
 VLAN Hopping     -  
 VLAN network     -  
 Ethernet VLAN     -  
 Struts 2 Security Plugin     -  
 Information Systems Security Engineer     -  
 php online fraud's security steps     - Exception in Applet     -  
 Password Security Manager Access File Java     -  


Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
All copyrights reserved to 2007-2011
mileX v1.0 designed by codemiles team is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to