Security Basics mailing list archives
RE: VLAN Security
From: "Clinton McGuire" <cmcguire () candlewest com>
Date: Fri, 7 Feb 2003 11:39:32 -0800
Cisco recently held a Sec Boot camp seminar in my area, and they covered Layer 2 sec issues. One of their topics was "VLAN hopping"... They were nice enough to put all their slides on the Web in PDF. The first 4 presentations listed are good reads, the 5th if I remember correctly was pretty well a sales pitch... Presentation 1 is the most relevant, and includes details of and mitigation for several Layer 2 hacks. http://www.cisco.com/ca/events/presentation.shtml Best Regards, Clint McGuire MCSE, CCNA, Network+, A+ System Administrator Candlewest Systems Ltd. Phone: 604-453-5800 Cell: 604-889-4811 Fax: 604-453-5870 email: cmcguire () candlewest com web: www.candlewest.com -----Original Message----- From: Ethan [mailto:ethan () shame mine nu] Sent: Friday, February 07, 2003 10:59 AM To: Security-Basics Subject: RE: VLAN Security Since you have a seperate management vlan, and it sounds like there is nothing else in the vlan besides user ports, I haven't heard of any security advantages to not using the default Vlan. However for organizational and easier administration it would make sense to use a different vlan for user ports, especially if you add other user vlans in the future. -Ethan -----Original Message----- From: Naman Latif [mailto:naman.latif () inamed com] Sent: Thursday, February 06, 2003 11:00 AM To: security-basics () securityfocus com Subject: VLAN Security Hi, We have different Cisco Catalyst switches configured for VLANS. With the current configuration 1. All trunks have a native VLAN, which is not used by any User. 2. Management VLAN is other than VLAN 1. We have different VLANs in place, however these are only used for different Servers ,And all Users are only members of VLAN-1 Does it make sense to have all the user ports migrated to a Different VLAN (other than VLAN 1) ? Is there a security advantage in this ? Regards \\ Naman
Current thread:
- VLAN Security Naman Latif (Feb 07)
- RE: VLAN Security Ken Terry (Feb 07)
- RE: VLAN Security marco misitano (Feb 07)
- Re: VLAN Security Rich MacVarish (Feb 07)
- <Possible follow-ups>
- RE: VLAN Security Ethan (Feb 07)
- RE: VLAN Security Clinton McGuire (Feb 07)
- RE: VLAN Security Ryan Smith (Feb 27)