RE: how secure is a vlan

["Timothy Donahue" <tdonahue () Haynes-Group com>]

> I´m planing a reorganisation of our company network. I´m 
> thinking about
> a vlan to secure a part of the net. Is this technology as secure as
> physical net ? 

I am implementing VLANs throughout our company.  We will be using them for security, access control, and for QoS 
implementations.  You still need to make sure that your access control (firewalls, ACLs on routers, etc.) are in place, 
and working correctly once the VLANs have been setup, because any security gained from using VLANs will be lost if your 
controls between the VLANs do not work as needed. 

> Is there a way to break out of this virtual lan into
> another part of the network ?

There used to be a way to break out of a VLAN, but it has been fixed.  I have not heard of any new attacks against 
VLANs in the couple years, but I might have just missed them...  I personally would not trust a VLAN to separate out 
our external and internal traffic, or even our internal network and our DMZ, but for internal traffic, I believe that 
VLANs are more than adequate and are fairly cost efficent as compaired to using physically separate switches for every 
subnet I wish to create.

Tim Donahue

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------