Security Basics mailing list archives

RE: VLAN security

From: "Carles Fragoso i Mariscal" <cfragoso () cesca es>
Date: Wed, 4 Jun 2003 01:10:11 +0200

Hi Tan,

There are some great papers where layer 2 security issues
in ethernet switched networks are faced:

Covery, Sean (Cisco).
Hacking Layer 2: Fun with Ethernet Switches
BlackHat USA 2002 Conference
http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pd
f

Dugan, Stephen.
Putting 2 and 2 Together: Designing Security into your Network
Infrastructure
BlackHat USA 2002 Conference
http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-dugan-layer.ppt

Cisco Systems Whitepapers
"SAFE Enterprise Layer 2 Addendum"
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/sfblu_wp.pdf

Gill, Stephen (Qorbit)
Catalyst Secure Template v.1.21
http://www.qorbit.net/documents/catalyst-secure-template.pdf

In order to implement security inside/between VLANs you could
find many things to implement a defense-in-depth approach:
VLAN ACLs, Router ACLs, Network/Personal Firewalling, secure
configuration (port security, static arp tables,...), etc.

It mostly depends on the risks and level of mitigation to
design an architecture that fits your needs (and money!)

Regards,
____________________________________________________
         __
        / /           Carlos Fragoso Mariscal
  C E / S / C A   Communications & Operations Dept.
      /_/              <cfragoso () cesca es>

         Supercomputing Center of Catalonia
        CATalonian Neutral Internet eXchange
        Tlf: +34932056464  Fax: +34932056979
____________________________________________________

-----Mensaje original-----
De: LINKCRAFT [mailto:linkcraft () yahoo com sg]
Enviado el: martes, 03 de junio de 2003 8:52
Para: security-basics () securityfocus com
Asunto: VLAN security


I have a leased line network with few VLAN configured,
may I know how can I implement the security in order
to prevent hacking from one VLAN to another VLAN or
from internet. There is no firewall installed in the
network. Can I implement firewall? If affirmative, how
can I protect between each VLAN? They don't have to
access to each other. Or should I use IDS or any other
tools? Is there any freeware available?
Thanks/regards

=====

Thanks/regards
Tan Yew Kwee

Linkcraft Supply & Services
HP: 96959406
Fax: 67814648


__________________________________________________
Do You Yahoo!?
Send free SMS from your PC!
http://sg.sms.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

VLAN security LINKCRAFT (Jun 03)
- RE: VLAN security Carles Fragoso i Mariscal (Jun 04)
- <Possible follow-ups>
- Re: VLAN security Darren Carter (Jun 04)
- RE: VLAN security Mann, Bobby (Jun 04)