|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
RE: VLAN Security
Date: Thu Feb 27 2003 - 11:31:03 EST
VLANS don't really increase security as much as they increase
manageability. The truly secure the switches you should implement port
level security and limit the number of mac addresses allowed per port.
This prevents someone from plugging in a cheap wireless access point and
opening your network to the world. It also prevents someone from being
able to flood the switch with mac addresses and filling up the mac
cache, thus turning your switch into a hub and enabling them to run a
man a in the middle attack.
On the catalyst OS the command is:
set port security 2/1-48 enable age 10 maximum 2 shutdown 10 violation shutdown
This sets the mac address age to 10 minutes, the maximum addresses per port to 2, a violation will shut the port down for 10 minutes. Precaution: do not do this on your trunk ports and if you have other switches or WAPs hanging off of ports, increase the max variable accordingly.
Smith
-----Original Message-----
From: Naman Latif [mailto:naman.latif@inamed.com]
Sent: Thursday, February 06, 2003 12:00 PM
To: security-basics@securityfocus.com
Subject: VLAN Security
Hi,
We have different Cisco Catalyst switches configured for VLANS. With the
current configuration
- All trunks have a native VLAN, which is not used by any User. 2. Management VLAN is other than VLAN 1.
We have different VLANs in place, however these are only used for different Servers ,And all Users are only members of VLAN-1
Does it make sense to have all the user ports migrated to a Different
VLAN (other than VLAN 1) ?
Is there a security advantage in this ?
Regards \\ Naman Received on Thu Feb 27 12:25:55 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:03:50 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |