[Wylug-help] VLANs and security

[Phil Driscoll]

It is widely understood that it not sensible to rely on a switch to prevent
disclosure of information by packet sniffing since the switch can be fooled
into sending data out on the wrong (or all) ports by a variety of means.

However, most of the establishments I deal with in the course of my work
(usually schools and education authorities) rely on VLANs to segregate
traffic - e.g. to ensure that kids can't read or change information held
about them on a school admin system.

I've never had any direct experience with VLANs, however I will shortly need
to argue the toss with someone on the subject in relation to a setup which
will be used by very bright kids who will no doubt enjoy cracking the systems
on which they are working :) A quick google search for VLAN related
vulnerabilities and exploits reveals enough problems to make me think that
physically separate networks are a much better idea.

Any thoughts?
--
Phil Driscoll