[Wylug-help] VLANs and security
Phil Driscoll
phil at dialsolutions.co.uk
Tue May 11 17:42:02 BST 2004
It is widely understood that it not sensible to rely on a switch to prevent
disclosure of information by packet sniffing since the switch can be fooled
into sending data out on the wrong (or all) ports by a variety of means.
However, most of the establishments I deal with in the course of my work
(usually schools and education authorities) rely on VLANs to segregate
traffic - e.g. to ensure that kids can't read or change information held
about them on a school admin system.
I've never had any direct experience with VLANs, however I will shortly need
to argue the toss with someone on the subject in relation to a setup which
will be used by very bright kids who will no doubt enjoy cracking the systems
on which they are working :) A quick google search for VLAN related
vulnerabilities and exploits reveals enough problems to make me think that
physically separate networks are a much better idea.
Any thoughts?
--
Phil Driscoll
More information about the Wylug-help
mailing list