If you can a Cisco switch like 3550 or 6500 you can implement VACLs. Any
packets entering the VLAN or exiting will be checked against configured VLAN
mappings (or VACLS).
The only thing to remember is if a packet is not matched against a sequence
the following sequence. If the packet gets throug
Hi Tan,
There are some great papers where layer 2 security issues
in ethernet switched networks are faced:
Covery, Sean (Cisco).
Hacking Layer 2: Fun with Ethernet Switches
BlackHat USA 2002 Conference
http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pd
f
Dugan, Stephe
In-Reply-To: <[EMAIL PROTECTED]>
I looked into vlan security a little while back and found few problems
with respect to security. Note the following discussion relates to Cisco
kit.
Cisco have some good documentation on CCO, but you'll likely need a
support contract/login to get there. A qui
VLANS don't really increase security as much as they increase
manageability. The truly secure the switches you should implement port
level security and limit the number of mac addresses allowed per port.
This prevents someone from plugging in a cheap wireless access point and
opening your network
There should be no user traffic on the default/management vlan
This vlan propagate everywhere and is not prune.
-Message d'origine-
De : Rich MacVarish [mailto:[EMAIL PROTECTED]]
Envoyé : 7 février, 2003 10:14
À : Naman Latif
Cc : [EMAIL PROTECTED]
Objet : Re: VLAN Security
Gree
Greetings,
I don't know of any advantages (if someone does please share) of moving
all users to a non-default VLAN, but there may be an advantage to putting
different user groups onto different VLANs.
Example, putting Development and HR onto different VLANs essentially puts
them on seperate netwo
-5800
Cell: 604-889-4811
Fax: 604-453-5870
email: [EMAIL PROTECTED]
web: www.candlewest.com
-Original Message-
From: Ethan [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 07, 2003 10:59 AM
To: Security-Basics
Subject: RE: VLAN Security
Since you have a seperate management vlan, and it s
This presentation has a lot of L2 security considerations, including
VLAN1.
http://www.cisco.com/networkers/nw02/post/presentations/docs/SEC-202.pdf
Hope it helps.
~marco
-Original Message-
From: Naman Latif [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 06 February, 2003 08:00 PM
To: [
Since you have a seperate management vlan, and it sounds like there is
nothing else in the vlan besides user ports, I haven't heard of any security
advantages to not using the default Vlan. However for organizational and
easier administration it would make sense to use a different vlan for user
When all users are on the same VLAN, they are on the same network and
therefore can see each other. If you want to keep groups separate, for
example Engineering from Finance, it makes prefect sense to create a VLAN
for each and assign ports (or users) to that VLAN. From a security point of
view,
[mailto:[EMAIL PROTECTED]]
| Sent: Friday, July 05, 2002 2:05 AM
| To: Jonathan Strine; [EMAIL PROTECTED]
| Subject: Re: VLAN Security
|
|
| Jonathan Strine wrote:
| > Ok, now for the question. How secure is a setup like this in
| > terms of the VLAN? I know that VLANs were originally desig
Jonathan Strine wrote:
> Ok, now for the question. How secure is a setup like this in terms
> of the VLAN? I know that VLANs were originally designed to enhance
> performance (i.e. use more the switch's potential) than for security
> and I have heard about possible vulnerabilities regarding VLAN
12 matches
Mail list logo
