Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Using VLANs as security barriers

Using VLANs as security barriers 10 years 4 months ago #15890

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
I have come across a number of discussions of the above topic on various online forums and wondered if I could get some "Firewall.cx" input on this.

Obviously, VLANs are most commonly used to partition internal networks, but what I'm getting at is the practice of using VLANs to separate internal networks from internet facing ones, thus moving the point of weakness from the firewall to the switch.

This article contains some interesting thoughts on the subject.

So what so you guys think? Good idea or bad idea?
The administrator has disabled public write access.

Re: Using VLANs as security barriers 10 years 4 months ago #15903

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
The 'VLAN' Partitioning concept is usually applied within the local network area, but also seems to be found lately on the public side of companies networks.

While VLAN Hopping and other techniques used to gain unauthorised access, are stopped at the switch level (Cisco), it still remains a big risk, especially if you decide to place the switch on both private and public networks!

My personal opinion is that you can (and should) use VLANs in your private and public networks, but ensure you keep them separate from each other. In other words, if a switch will contain one public VLAN, then no private VLANs or networks should be placed on it.

This will help minimise the risk and potential attacks that might at some point find their way into your network can cause problems that will have you running to keep your job :)

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Using VLANs as security barriers 10 years 4 months ago #15907

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
In other words, if a switch will contain one public VLAN, then no private VLANs or networks should be placed on it.
I think that's the key point, Chris.
The administrator has disabled public write access.
Time to create page: 0.075 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup