Security Basics mailing list archives

Re: VLANs confusing

From: Kern <timetrap () gmail com>
Date: Wed, 15 Nov 2006 03:31:10 -0500

1. VLANs do not encrypt ANYTHING
2. VLANs operate on Layer 2 not 3
3. As far as I know, VLAN frames are NOT routable

A Normal Layer 2 frame looks like this:

[----Frame----]

A VLAN frame looks like this:

[-VLAN1-][---Frame---][Footer]

The frame is ENCAPSULATED not ENCRYPTED

As such if someone is expecting a VLAN frame it is very trivial to
de-encapsulate the actual frame data.

VLANs solve little, if any security problems. They should be mainly
used for management purposes.

On 11/12/06, Raj Shaz <rajshas () gmail com> wrote:

Hi group

Few basic stuffs bothering me, thus needed clarification.

All i understand of VLANs is encryption of packets at source and
decryption at destination. Now If at both ends i have cisco
devices,which protocols/ algorithms are used by them?. I have notices
configuration of DAX switches on cisco network the VLANS doesnot work.
Which protocol does these machines should used then?

When two cisco devices are configured for VLANs , we basically make
these devices to transfer key (for en/decryption) ,does these keys has
any relevance with other VLANs?. Is there exists a possibility of key
overlapping on gigantic network ( akin internet ).

Which layer VLANS works, layer 3 right?. Then what do u mean when u
say VLAN enabled layer 2 switches?

Sorry, seems rudimentary stuff. But hope my brain is highlighted with
some wisdom.Some ref to good notes online?

-Raj

___________________
If u want 100% security for ur network communication, use pigeons

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



--
//jkern//timetrap//

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE

The NSA has designated Norwich University a center of Academic Excellencein Information Security. Our program offers unparalleled Infosec managementeducation and the case study affords you unmatched consulting experience.Using interactive e-Learning technology, you can earn this esteemed degree,without disrupting your career or home life.


http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

VLANs confusing Raj Shaz (Nov 14)
- Re: VLANs confusing Aaron Howell (Nov 15)
- RE: VLANs confusing David Gillett (Nov 15)
- RE: VLANs confusing - Explained Michael Dieroff (Nov 15)
- Re: VLANs confusing Kern (Nov 15)
  - RE: VLANs confusing Shain Singh (Nov 16)
- Re: VLANs confusing Jens Hoffmann (Nov 15)
- Filer/Share Time Access Restrictions (Help). Huang, John, GCM (Nov 15)
  - Re: Filer/Share Time Access Restrictions (Help). Saqib Ali (Nov 16)
  - RE: Filer/Share Time Access Restrictions (Help). Cruse, Kevin (Nov 16)
- RE: VLANs confusing Vijay Kumar (Nov 15)
- Re: VLANs confusing Brian Loe (Nov 15)
- <Possible follow-ups>
- Re: VLANs confusing 3e323 (Nov 15)
- Re: VLANs confusing Kenton Smith (Nov 15)