Wednesday, April 18th, 2018
Search
Keyword:
Asia's Source for Enterprise Network Knowledge
(/)
NETWORKING (/../NETWORKING) APPLICATIONS (/../APPLICATIONS)
MOBILITY (/../WIRELESS-MOBILITY)
UCS (/../UCS)
STORAGE (/../STORAGE)
SECURITY (/../SECURITY)
SIGN UP (HTTP://ACCOUNT.QUESTEX-INNOVATION.COM/USER/REGISTER)
DATA CENTER (/../DATA-CENTER-AND-INFRASTRUCTURE)
CLOUD (/../CLOUD)
AWARDS (/)
(https://www.facebook. Asia/143877375642746 sk=timeline)
(https://twitter.com/netw
Information security management
Breaking News (/article/vlan-security-1080230400?qt-breaking_news_most Most Read (/article/vlan-security-1080230400?qt-
VLAN security Companies across the globe face a serious By Tom Lancaster | Friday, March 26, 2004 - 00:00
security concern, warns Sophos (/article/companies-across-globe-face-serioussecurity-concern-warns-sophos.1523953329)
Share
Like 0
Email Cryptojacking attacks explode by 8,500%
Share (http://www.addthis.com/bookmark.php? v=250&username=questex) Print
(/article/cryptojacking-attacks-explode8500.1523952859)
This week, I wanted to address VLAN security, which like Ethernet, is a mystery to most people. That may sound like a strange statement, since I'm sure everyone reading this has been using Ethernet for years, but seriously, how many network engineers do you know who could explain Manchester bit encoding or how Fast Link Pulses work? Not very many, of course, and why should they? After all, Ethernet is one of those protocols that 'just works.' Network administrators don't understand it for the very simple reason that they never have to troubleshoot it. VLANs are pretty much the same way. Sure, the configuration of a few more advanced topics like VTP and VLAN pruning can give you a mental workout, and of course, nobody likes Spanning-Tree Protocol, but really, when was the last time you really needed to know how your switches implemented VLANs? For the most part, you define a VLAN, and assign ports to it, and define trunk ports and configure which VLANs can cross it... and it just works... simple as that.
Technological innovation, open ecosystem critical to success of digital initiatives, says Huawei exec (/article/technologicalinnovation-open-ecosystem-critical-successdigital-initiatives-says-huawei) 2.6 billion records were lost or stolen worldwide in 2017 (/article/2-6-billionrecords-were-lost-or-stolen-worldwide2017.1523953121) Tech businesses in Singapore reveal their key concerns for 2018 (/article/tech-businessessingapore-reveal-their-key-concerns2018.1523788997)
But it's precisely this simplicity that can lull you into leaving open a raft of security vulnerabilities.
Siemens is building an SD-WAN network that
So as I was checking a few quick facts for this tip, I ran across an @Stake (http://www.atstake.com) white paper so concise and illuminating, despite being 2 years old, that I decided to just link you to it (http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml) and offer a quick summary.
(/article/siemens-building-sd-wan-network-
will connect 1,500 sites across the globe will-connect-1500-sites-acrossglobe.1523788178)
read more (http://networksasia.net/news)
The reason I like this article (http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml) is because it explains at a high level, several ways your network can be attacked at Layer 2. Many of these aren't nearly as intuitively obvious as the higher-level attacks we witness daily, so many administrators think that it's impossible to attack VLANs, which is of course, absurd. So here are a few key points to remember when configuring your network: VLAN 1 (on Catalyst switches) is the default for both ports and the 'Native' VLAN on 802.1Q trunks, which is precisely why you should NEVER use it. Don't allow dynamic protocols to talk to untrusted devices. Many administrators don't realize there are a lot of these operating around Layer 2, such as VTP, PAgP, CDP, DTP, UDLD and of course STP. If at all possible, authenticate all hosts and/or limit their connectivity. Port Security, 802.1x and Dynamic VLANs are three methods mentioned in this article you can use.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSP TM: Secure PIX and Secure VPN Study Guide published by Sybex.
Comments Recommend
Community Share
1
Login
Sort by Best
Start the discussion…
Case Studies How to accelerate brilliant digital experiences with low code (/download/howaccelerate-brilliant-digital-experiences-lowcode) More nimble competitors are nipping at the heels of enterprise giants, waging...
MailControl delivers better security using F5 on AWS (/download/mailcontroldelivers-better-security-using-f5-aws) Security company MailControl needed more visibility into the email traffic...
Idaho government agency simplifies secure access to Microsoft Office 365 (/download/idahogovernment-agency-simplifies-secure-accessmicrosoft-office-365)
Subscribe
Add Disqus to your siteAdd DisqusAdd Privacy
Information security management (/multiple-tags/security/informationsecurity-management)
Premier Management Company secures healthcare data with F5 cloud-based WAF (/download/premier-management-companysecures-healthcare-data-f5-cloud-based-waf)
Expert Opinions The new 'trust in the cloud' -- intelligencedriven security (/article/new-trust-cloudintelligence-driven-security-1368063410) A recent report released by the Security for Business Innovation Council (SBIC) indicates that the trends toward cloud...
Top tips for tablet encryption (/article/toptips-tablet-encryption-1342405105) Today’s workplace is becoming increasingly agreeable to the BYOD (bring your own device) concept: Employers are finally...
Digital certificates no good (/article/digitalcertificates-no-good-1338165592) In September 2011, a certificate authority (CA) in Europe saw more than 60,000 digital certificates that it had issued...
(https://www.linkedin.c mostRecent=&gid=677 tileflipgrp)
Site Map Networking (/networking)
Storage (/storage) Data encryption and
Wireless / mobility (/wireless-mobility)
Security (/security) Security careers and
Applications (/applications)
About (/about-us) About Us
Networking standards
security (/storage/data-
Mobile Content
certifications
Business Intelligence
(https://www.networksasia.net/about)
(/networking/networkingstandards)
encryption-andsecurity)
Management (/wireless-
(/applications/businessintelligence)
Contact Us
LAN technology and
Storage Arrays
Customer Relationship
Editorial Calendar
management
(/storage/storagearrays) RAID (/storage/raid)
mobility/mobilecontent-management)
(/security/securitycareers-andcertifications)
Near Field Communication
Disaster recovery and
Management
(/files/nwa_editorial_calendar_2018.pdf)
(https://www.questex.asia/contact)
planning Media Kit (/wireless(/applications/customer(/security/disaster(mailto:
[email protected]? mobility/near-fieldrelationshipDisk drives recovery-and-planning) subject=NWA media communication) management) (/storage/disk-drives) Email and Web security kit&body=Please send WAN technology and Bluetooth (/wirelessEnterprise Resource Data backup and recovery (/security/email-andme the latest NWA management mobility/bluetooth) Planning (/storage/data-backupweb-security) media kit (/networking/wanRFID (/wireless(/applications/enterpriseand-recovery) Cybersecurity and %0D%0AFirst Questex Asia (http://www.questex.asia) media brands technology-andmobility/rfid) resource-planning) cybercrime Name:%0D%0ALast Wi-Fi (/wirelessSupply Chain Management management) (/security/cybersecurityName:%0D%0APhone:%0D%0ACompany:%0D%0A Network acceleration and mobility/wi-fi) (/applications/supplyTelecom Asia (http://www.telecomasia.net/) | Enterprise Innovation (http://www.enterpriseinnovation.net/) | Computerworld Hong Kong and-cybercrime) Privacy Policy optimization chain-management) (http://www.cw.com.hk/) | CFO Innovation (http://www.cfoinnovation.com/) | Networks Asia (http://www.networksasia.net/) | CMO Innovation Identity and Access (http://www.questex.asia/privacy(/networking/networkWeb 2.0 applications (http://enterpriseinnovation.net/cmo) | eGov Innovation (http://enterpriseinnovation.net/egov) | Enterprise Innovation China Management policy-statement) acceleration-and(/applications/web-2-0(/security/identity-andTerms & Conditions (http://cn.enterpriseinnovation.net/) | SMBWorld (http://www.smb.com.hk/) | SMB World Asia (http://www.smbworldasia.com/) | Storage Asia optimization) applications) access-management) (http://www.questex.asia/termsNetwork traffic monitoring (http://networksasia.net/storage) | Security Asia (http://networksasia.net/security) | Asia Cloud Forum (http://www.asiacloudforum.com/) | Questex Asia conditions) / management
(/networking/lantechnology-andmanagement)
Events (http://www.questex.asia/events)
(/networking/networktraffic-monitoring©2018 Questex Asia Ltd., (http://www.questex.asia) a division of Questex LLC. All rights reserved. Reproduction in whole or in part is prohibited. Please management)
send any technical comments or questions to our webmaster.
(https://account.questex-innovation.com/user/register?profile=1&site=networksasia.net&pw_oauth=pw_oauth&width=600&height=800&iframe=true) (https://account.questex-innovation.com/user/register? register=1&site=networksasia.net&pw_oauth=pw_oauth&width=600&height=800&iframe=true) (/pw_oauth?site=networksasia.net&destination=pw_oauth&dest=/article/vlan-security-1080230400&source=top_menu&width=600&height=800&iframe=true)