Total members 11895 |It is currently Sun Dec 22, 2024 6:41 am Login / Join Codemiles

Java

C/C++

PHP

C#

HTML

CSS

ASP

Javascript

JQuery

AJAX

XSD

Python

Matlab

R Scripts

Weka





Virtual Local Area Network (VLAN) SECURITY

In the begin I want to say that VLANs are not secure .Using Virtual LANs it is now possible to make isolated traffic .Which mean the traffic that share the same switch or even group of switches can be isolated .The designer of this isolation had other issues in mind rather than the security problem. VLANs allow sharing a switch among more than one LAN by filtering and limiting broadcast traffic. But this form of isolation relies on software and configuration, not the physical isolation.

In the last few years, some firewalls have become VLAN aware; you can make policies to identify a packet and also identify the VLAN that is belonging to. By firewalls that are VLAN aware add a lot of flexibility useful to Web hosting sites, the tags that these firewalls rely on were not designed with security in mind. VLAN tags can be created by devices other than switches, and valid tags that will fool the firewall can easily be added to packets.

Attacks:

Several ways your network can be attacked at Layer 2. Many of these aren't nearly as intuitively obvious as the higher-level attacks we witness daily; so many administrators think that it's impossible to attack VLANs, which is of course, absurd.

So here are a few key points to remember when configuring your network:
VLAN 1 (on Catalyst switches) is the default for both ports and the "Native" VLAN on 802.1Q trunks, which is precisely why you should NEVER use it.

Don't allow dynamic protocols to talk to untrusted devices. Many administrators don't realize there are a lot of these operating around Layer 2, such as VTP, PAgP, CDP, DTP, UDLD and of course STP.
If at all possible, authenticate all hosts and/or limit their connectivity. Port Security, 802.1x and Dynamic VLANs are three methods mentioned in this article you can use.



_________________
M. S. Rakha, Ph.D.
Queen's University
Canada


Author:
Mastermind
User avatar Posts: 2715
Have thanks: 74 time
Post new topic Reply to topic  [ 1 post ] 

  Related Posts  to : VLAN SECURITY
 VLAN network     -  
 Ethernet VLAN     -  
 VLAN Hopping     -  
 Struts 2 Security Plugin     -  
 Information Systems Security Engineer     -  
 php online fraud's security steps     -  
 java.security Exception in Applet     -  
 Password Security Manager Access File Java     -  









Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
All copyrights reserved to codemiles.com 2007-2011
mileX v1.0 designed by codemiles team
Codemiles.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com