RE: VLAN Security

["Clinton McGuire" <cmcguire () candlewest com>]

Cisco recently held a Sec Boot camp seminar in my area, and they covered
Layer 2 sec issues.  One of their topics was "VLAN hopping"...  They
were nice enough to put all their slides on the Web in PDF.  The first 4
presentations listed are good reads, the 5th if I remember correctly was
pretty well a sales pitch...  Presentation 1 is the most relevant, and
includes details of and mitigation for several Layer 2 hacks.
http://www.cisco.com/ca/events/presentation.shtml

Best Regards,
 
Clint McGuire MCSE, CCNA, Network+, A+
System Administrator
Candlewest Systems Ltd.
Phone: 604-453-5800
Cell: 604-889-4811
Fax: 604-453-5870
email: cmcguire () candlewest com
web: www.candlewest.com

-----Original Message-----
From: Ethan [mailto:ethan () shame mine nu] 
Sent: Friday, February 07, 2003 10:59 AM
To: Security-Basics
Subject: RE: VLAN Security



Since you have a seperate management vlan, and it sounds like there is
nothing else in the vlan besides user ports, I haven't heard of any
security
advantages to not using the default Vlan.  However for organizational
and
easier administration it would make sense to use a different vlan for
user
ports, especially if you add other user vlans in the future.

-Ethan

-----Original Message-----
From: Naman Latif [mailto:naman.latif () inamed com]
Sent: Thursday, February 06, 2003 11:00 AM
To: security-basics () securityfocus com
Subject: VLAN Security


Hi,
We have different Cisco Catalyst switches configured for VLANS. With the
current configuration

1. All trunks have a  native VLAN, which is not used by any User.
2. Management VLAN is other than VLAN 1.

We have different VLANs in place, however these are only used for
different Servers ,And all Users are only members of VLAN-1

Does it make sense to have all the user ports migrated to a Different
VLAN (other than VLAN 1) ?
Is there a security advantage in this ?

Regards \\ Naman