3

Possible Duplicate:
Why do people tell me not to use VLANs for security?

This topic came up in a discussion about network infrastructure, where a company had moved from separate physical network zones to virtualized zones using vlan technology.

My colleague stated this was a security feature, where they trusted the technology to efficient separate zones the same way as a physical separation would. No encryption was involved at the network level.

So, is VLAN considered a security feature?

Community
  • 1
Dog eat cat world
  • 5,759
  • 1
  • 27
  • 46
  • Hi @Dog eat cat world, welcome to the site! As you can see, your question was pretty much asked and answered already. I recommend searching the site a bit, I'm sure you'll find interesting information here! – AviD Jun 29 '11 at 21:06

3 Answers3

2

VLAN is by design not a security mechanism, but it can be used as such if the underlying network hardware (and its maintenance) is mutually trusted by all stakeholders. In that case, the provided isolation is reliable.

To my knowledge, server hosters ("cloud providers") use VLAN to provide isolated networks to their customers. ISPs also sell (non-cryptographic) MPLS as cheap/efficient VPN solutions. If the infrastructure is trusted and the perimeter is secure, this can be done.

pepe
  • 3,536
  • 14
  • 14
2

If youve not already seen it theres some more information about this and some of the possible attacks in This question

Community
  • 1
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
1

A VLAN which does not use encryption is generally not considered secure. It handles logical separation, and switches are supposed to honor the separation, but a device which doesn't, either through malicious design or bad configuration could allow access or information leakage between VLANs.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320