Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1723
Views
5
Helpful
1
Replies

VLAN Security: current weaknesses and countermeasures

thorsten.steffen
Level 3
Level 3

‎01-29-2013 02:01 AM - edited ‎03-07-2019 11:22 AM

Hi,

I tried to find some information about the today's security issues of vlan technology (especially vlan hopping) but I only found documents from 2003 and earlier, like the following:

http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/stake_wp.pdf

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.pdf

http://www.sans.org/reading_room/whitepapers/networkdevs/virtual-lan-security-weaknesses-countermeasures_1090

Does anybody know if there are any recent discussions of this topic, any new security issues when using vlans?

Best Regards,

Thorsten

Labels:
0 Helpful
1 Reply 1

Gregory Snipes
Level 4
Level 4

‎01-29-2013 05:52 AM

You do not hear a lot about VLAN security anymore because the best practices have been adjusted to account for these kinds of vulnerabilities.

The way we used to configure VLANs had some security problems that needed to be addressed, these problems were researched and the best practices were revised to include things like: not using VLAN 1, using a black hole VLAN as the native VLAN on trunks, hard setting user ports to access, and so on. The fact of the matter is that if you are implementing these best practices, you are quite safe. The remaining ways that VLANs can be exploited generally require that the attacker have physical access to the switch, and if they have physical access you are already screwed.

Greg

Customers Also Viewed These Support Documents