|
|
|
Re: Just say no to VLANS: msg#00072security.wireless
VLAN's are not security! They are obscurity, they are great for segmentation and traffic management. They are not a good security mechanism. If you google VLAN security you'll find the 4th hit to be a SANS paper that States "Recommendations - Try not to use VLANs as a mechanism for enforcing security policy. They are great for segmenting networks, reducing broadcasts and collisions and so forth, but not as a security tool. If you MUST use them in a security context, ensure that the trunking ports have a unique native VLAN number." Perhaps I'm a bit paranoid but I succesfully hop VLAN's frequently and demonstrate the technique often for clients. I'm not going to trust my most sensitive data behind a single layer security solution of a VLAN. Why risk it? VLAN hopping/spoofing attacks aren't difficult. Maybe trivial is the wrong word but there are definite exploitable flaws. Unless your VLAN's are part of an overall guest access security solution then you should consider other options. -- tsudohnimh www.knowthenetwork.com |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Just say no to VLANS: 00072, saudi sans |
|---|---|
| Next by Date: | EAP-ttls reauthentification while roaming between bss: 00072, Arjuna Scagnetto |
| Previous by Thread: | Re: Just say no to VLANSi: 00072, tux-CKKfVXLCbtqEK/hMebVsMw |
| Next by Thread: | Re: Just say no to VLANS: 00072, Cedric Blancher |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
|
|
| News | FAQ | advertise |