Firewall Wizards mailing list archives
RE: VLAN Security
From: "Vinicius Moreira Mello" <vinicius () lineone net>
Date: Wed, 9 Jun 2004 00:58:56 -0300
-- Original Message -- From: Jeff Boles <bolesjb () yahoo com> To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] VLAN Security Date: Tue, 8 Jun 2004 10:18:02 -0700 (PDT) Anyone care to voice their consensus on contemporary VLAN implementations as a security measure?
Jeff, Keep in mind that VLANs are not designed for security, they're designed for network segmentation. I've seen many telecommunication companies selling WAN VPNs over MPLS that seems to be more secure than VLANs in a case like this.
Anybody care to voice an argument on on VLAN integrity in the provider network?
Anyway, when using VLANs there are some safe configurations: - do not put any network on the default vlan (vlan id 1) (potencial L2 flooding, DoS) - do not put untrusted networks on native VLANs of trunk ports (vlan jumping, vtp vlan erasing) - if not absolutely necessary disable all VTP protocols. Otherwise use protocol authentication. Regards, vmm. _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- VLAN Security Jeff Boles (Jun 08)
- Re: VLAN Security Carson Gaspar (Jun 08)
- Re: VLAN Security Bennett Todd (Jun 08)
- Re: VLAN Security Shimon Silberschlag (Jun 23)
- Re: VLAN Security Bennett Todd (Jun 08)
- Re: VLAN Security Mason (Jun 09)
- RE: VLAN Security Vinicius Moreira Mello (Jun 09)
- <Possible follow-ups>
- RE: VLAN Security Melson, Paul (Jun 08)
- RE: VLAN Security DCSIM Subscriptions (IA) (Jun 10)
- RE: VLAN Security John Kougoulos (Jun 11)
- RE: VLAN Security Carson Gaspar (Jun 14)
- RE: VLAN Security John Kougoulos (Jun 11)
- RE: VLAN Security DCSIM Subscriptions (IA) (Jun 16)
- RE: VLAN Security Irwin Lazar (Jun 26)
- Re: VLAN Security Carson Gaspar (Jun 08)