Security Basics mailing list archives
RE: how secure is a vlan
From: "Moody, Chris" <cmoody () qualcomm com>
Date: Wed, 7 Jan 2004 11:10:17 -0800
How do you propose that VLAN hopping has been fized? ~Chris -----Original Message----- From: Timothy Donahue [mailto:tdonahue () Haynes-Group com] Sent: Wednesday, January 07, 2004 9:57 AM To: tigerblue () puzzleapuma de; security-basics () securityfocus com Subject: RE: how secure is a vlan
I´m planing a reorganisation of our company network. I´m thinking about a vlan to secure a part of the net. Is this technology as secure as physical net ?
I am implementing VLANs throughout our company. We will be using them for security, access control, and for QoS implementations. You still need to make sure that your access control (firewalls, ACLs on routers, etc.) are in place, and working correctly once the VLANs have been setup, because any security gained from using VLANs will be lost if your controls between the VLANs do not work as needed.
Is there a way to break out of this virtual lan into another part of the network ?
There used to be a way to break out of a VLAN, but it has been fixed. I have not heard of any new attacks against VLANs in the couple years, but I might have just missed them... I personally would not trust a VLAN to separate out our external and internal traffic, or even our internal network and our DMZ, but for internal traffic, I believe that VLANs are more than adequate and are fairly cost efficent as compaired to using physically separate switches for every subnet I wish to create. Tim Donahue --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- how secure is a vlan tigerblue (Jan 07)
- Re: how secure is a vlan m (Jan 07)
- Re: how secure is a vlan JGrimshaw (Jan 08)
- <Possible follow-ups>
- RE: how secure is a vlan Shepler, Eric W. [Contractor] (Jan 07)
- RE: how secure is a vlan Timothy Donahue (Jan 07)
- RE: how secure is a vlan David Gillett (Jan 08)
- Re: how secure is a vlan Ivan Coric (Jan 08)
- RE: how secure is a vlan Timothy Donahue (Jan 08)
- RE: how secure is a vlan Moody, Chris (Jan 08)