Re: Just say no to VLANS

On 5/21/07, Cedric Blancher 
<blancher-cPThYx3uDionEikN29/hQkZa+K1vlBrA@xxxxxxxxxxxxxxxx> wrote:
> Le lundi 21 mai 2007 à 12:26 -0500, Tsu a écrit :
> > First, Don't use VLAN's as your primary layer of security. It is
> > trivial step to hop onto other VLANs.
>
> Yes, if you configure your switches and APs like an dumbass, then, yes
> it is. If you follow guidelines, then no, it's not.

My sad view is that very few sites follow the guidelines.. or even
know where/what the guidelines for setting up VLANS. Or they find that
the 'locking' down breaks some side-effect they depended on so won't
secure the VLANS appropriately. So yes.. a good many are using VLAN1
because it was convenient etc.



--
Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"