Security Basics mailing list archives
Re: VLANs confusing
From: Kern <timetrap () gmail com>
Date: Wed, 15 Nov 2006 03:31:10 -0500
1. VLANs do not encrypt ANYTHING 2. VLANs operate on Layer 2 not 3 3. As far as I know, VLAN frames are NOT routable A Normal Layer 2 frame looks like this: [----Frame----] A VLAN frame looks like this: [-VLAN1-][---Frame---][Footer] The frame is ENCAPSULATED not ENCRYPTED As such if someone is expecting a VLAN frame it is very trivial to de-encapsulate the actual frame data. VLANs solve little, if any security problems. They should be mainly used for management purposes. On 11/12/06, Raj Shaz <rajshas () gmail com> wrote:
Hi group Few basic stuffs bothering me, thus needed clarification. All i understand of VLANs is encryption of packets at source and decryption at destination. Now If at both ends i have cisco devices,which protocols/ algorithms are used by them?. I have notices configuration of DAX switches on cisco network the VLANS doesnot work. Which protocol does these machines should used then? When two cisco devices are configured for VLANs , we basically make these devices to transfer key (for en/decryption) ,does these keys has any relevance with other VLANs?. Is there exists a possibility of key overlapping on gigantic network ( akin internet ). Which layer VLANS works, layer 3 right?. Then what do u mean when u say VLAN enabled layer 2 switches? Sorry, seems rudimentary stuff. But hope my brain is highlighted with some wisdom.Some ref to good notes online? -Raj ___________________ If u want 100% security for ur network communication, use pigeons --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- //jkern//timetrap// --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- VLANs confusing Raj Shaz (Nov 14)
- Re: VLANs confusing Aaron Howell (Nov 15)
- RE: VLANs confusing David Gillett (Nov 15)
- RE: VLANs confusing - Explained Michael Dieroff (Nov 15)
- Re: VLANs confusing Kern (Nov 15)
- RE: VLANs confusing Shain Singh (Nov 16)
- Re: VLANs confusing Jens Hoffmann (Nov 15)
- Filer/Share Time Access Restrictions (Help). Huang, John, GCM (Nov 15)
- Re: Filer/Share Time Access Restrictions (Help). Saqib Ali (Nov 16)
- RE: Filer/Share Time Access Restrictions (Help). Cruse, Kevin (Nov 16)
- RE: VLANs confusing Vijay Kumar (Nov 15)
- Re: VLANs confusing Brian Loe (Nov 15)
- <Possible follow-ups>
- Re: VLANs confusing 3e323 (Nov 15)
- Re: VLANs confusing Kenton Smith (Nov 15)