Home page logo

basics logo Security Basics mailing list archives

RE: VLAN Security
From: "Ken Terry" <kterry () sympatico ca>
Date: Fri, 7 Feb 2003 13:51:33 -0500

When all users are on the same VLAN, they are on the same network and
therefore can see each other.  If you want to keep groups separate, for
example Engineering from Finance, it makes prefect sense to create a VLAN
for each and assign ports (or users) to that VLAN.  From a security point of
view, it makes much more sense if they can't see each other on the network!
(It will also have positive impact on your network since you are breaking up
the broadcast domains).

Ken Terry  (CCNA, CET, CNA)
Senior Software Quality Engineer
Kama Technologies
kterry () sympatico ca

-----Original Message-----
From: Naman Latif [mailto:naman.latif () inamed com]
Sent: February 6, 2003 2:00 PM
To: security-basics () securityfocus com
Subject: VLAN Security

We have different Cisco Catalyst switches configured for VLANS. With the
current configuration

1. All trunks have a  native VLAN, which is not used by any User.
2. Management VLAN is other than VLAN 1.

We have different VLANs in place, however these are only used for
different Servers ,And all Users are only members of VLAN-1

Does it make sense to have all the user ports migrated to a Different
VLAN (other than VLAN 1) ?
Is there a security advantage in this ?

Regards \\ Naman

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]