Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Untrusted VLANs on Core Gear
From: David Gillett <gillettdavid () FHDA EDU>
Date: Mon, 12 Feb 2007 10:55:09 -0800

  VLAN implementations have gotten considerably more robust,
on average, than they once were.  It may be possible to "get
away with" this for some time.
  The two main risks are:

a) inter-VLAN traffic leakage
  This is not usually much of a threat, because the addressing
of leaked packets is rarely correct for the VLAN they've leaked
to -- but since their destination address is unrecognized, they
get broadcast everywhere and can be sniffed.

b) attack on the switch affects all VLANs
  This is probably less of an issue if the switch doesn't have
a management interface on the untrusted VLAN -- but that has
other downsides.

  It's a classic risk-management problem.  You can solve it by
throwing a small dedicated switch at it; the question is, does
the risk justify that cost?  (Costs are easier to measure and
control than risks, and so a lot of organizations say "no".)

David Gillett

-----Original Message-----
From: jkaftan [mailto:jkaftan () UTICA EDU]
Sent: Wednesday, February 07, 2007 10:53 AM
Subject: [SECURITY] Untrusted VLANs on Core Gear

We are looking to create a fully redundant internet
connection.  I was thinking about using my core switch to
provide layer 2 for this setup.
Specifically I was going to create an Untrust VLAN that my
edge routers and Firewalls would connect to.

Fundamentally I do not see an issue as VLANs are supposed to
be the same thing as having separate switches (broadcast
domains).  However another way to look at it is that I have
potential bad guys actually "touching" my core gear.

Does this make anyone want to run screaming into the night?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]