Security Basics mailing list archives

RE: how secure is a vlan

From: "Moody, Chris" <cmoody () qualcomm com>
Date: Wed, 7 Jan 2004 11:10:17 -0800

How do you propose that VLAN hopping has been fized?
~Chris

-----Original Message-----
From: Timothy Donahue [mailto:tdonahue () Haynes-Group com] 
Sent: Wednesday, January 07, 2004 9:57 AM
To: tigerblue () puzzleapuma de; security-basics () securityfocus com
Subject: RE: how secure is a vlan

I´m planing a reorganisation of our company network. I´m 
thinking about
a vlan to secure a part of the net. Is this technology as secure as
physical net ?


I am implementing VLANs throughout our company.  We will be using them for security, access control, and for QoS 
implementations.  You still need to make sure that your access control (firewalls, ACLs on routers, etc.) are in place, 
and working correctly once the VLANs have been setup, because any security gained from using VLANs will be lost if your 
controls between the VLANs do not work as needed.

Is there a way to break out of this virtual lan into
another part of the network ?


There used to be a way to break out of a VLAN, but it has been fixed.  I have not heard of any new attacks against 
VLANs in the couple years, but I might have just missed them...  I personally would not trust a VLAN to separate out 
our external and internal traffic, or even our internal network and our DMZ, but for internal traffic, I believe that 
VLANs are more than adequate and are fairly cost efficent as compaired to using physically separate switches for every 
subnet I wish to create.

Tim Donahue

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less.
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
and many other technical hands on courses.
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
any course!
----------------------------------------------------------------------------

Current thread:

how secure is a vlan tigerblue (Jan 07)
- Re: how secure is a vlan m (Jan 07)
- Re: how secure is a vlan JGrimshaw (Jan 08)
- <Possible follow-ups>
- RE: how secure is a vlan Shepler, Eric W. [Contractor] (Jan 07)
- RE: how secure is a vlan Timothy Donahue (Jan 07)
  - RE: how secure is a vlan David Gillett (Jan 08)
- Re: how secure is a vlan Ivan Coric (Jan 08)
- RE: how secure is a vlan Timothy Donahue (Jan 08)
- RE: how secure is a vlan Moody, Chris (Jan 08)