Announcement

Collapse
No announcement yet.

vlans and secure

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • vlans and secure

    Hi everyone,

    I am making changes in my WAN.
    The new Design is 2 Cisco 7200 routers conected in 2 Cisco catalyst 2960 in vlan and then to a checkpoint FW...
    I have more vlans in this switch including my lan ( vlan to esafe and to 3com cb9000 ) .
    my question...Is this secure ? I have been told that because its layer2 there is no security issue.
    what is yours opinion ?

    thx ahead
    mano

  • #2
    Re: vlans and secure

    Hi Mano,

    Thanks for your post!

    With such a complex setup, there are always possible security holes. Perhaps you are asking "are VLAN's secure?"

    I would say that, yes, using VLAN's do create a more secure network than not using VLAN's because they reduce the number of broadcasts on the network. VLAN's use a number of other protocols to get the job done. For example - VTP, ISL, 802.1q, and STP. Each of these may have their own security settings. For example, with VTP you can configure a password for the domain.

    Perhaps you want to look into VLAN ACL's. Here's an article about that:
    http://www.cisco.com/warp/public/473/90.shtml

    Hopefully this helps. If I didn't answer your question or if you have more questions, let us know.

    Thanks,
    David Davis - Petri Forums Moderator & Video Training Author
    Train Signal - The Global Leader in IT Video Training
    TrainSignalTraining.com - Free IT Training Products
    Personal Websites: HappyRouter.com & VMwareVideos.com

    Comment


    • #3
      Re: vlans and secure

      tHX for the answer.

      basically I understand that vlans are more or less secure and I will gain performance in the theory.
      my question is are the CISO and all the security persons will approve that.
      maybe this post should be in security section as well ?

      My other problem is the performance. If I will be under any attack from the outside. the switch will stuck and all the other section like the traffic from LAN and DMZ will be stuck too.

      hard decision.

      mano

      Comment


      • #4
        Re: vlans and secure

        Hi Mano,

        Yes, a secuirty person will approve of VLAN's if you take normal vlan security precations (like a password on your VTP domain, for example). In fact, VLAN's are more secure than regular unsegmented networks because a VLAN reduces the size of broadcast domains - preventing more and more machines from seeing network broadcasts.

        I'm not sure I understand your point about being under attack. If you are under attack from the outside (the Internet, I assume), you have some major security issues - irregardless of whether you are using VLAN's or not.

        Hopefully that is helpful...

        Best of luck to you,
        David


        basically I understand that vlans are more or less secure and I will gain performance in the theory.
        my question is are the CISO and all the security persons will approve that.
        maybe this post should be in security section as well ?

        My other problem is the performance. If I will be under any attack from the outside. the switch will stuck and all the other section like the traffic from LAN and DMZ will be stuck too.
        David Davis - Petri Forums Moderator & Video Training Author
        Train Signal - The Global Leader in IT Video Training
        TrainSignalTraining.com - Free IT Training Products
        Personal Websites: HappyRouter.com & VMwareVideos.com

        Comment


        • #5
          Re: vlans and secure

          Not really sure where the 7200s fit into this picture but remember they're a software platform so they're not hardware switching intervlan traffic.

          VTP is not something you want in a WAN core scenario and it's not real high on my list in LAN cores either.
          Thanks,
          Brian Desmond
          Microsoft MVP - Directory Services
          www.briandesmond.com

          Comment


          • #6
            Re: vlans and secure

            Hi Mano,

            I ran across this article on locking down layer 2 and I thought it might interest you. It covers all the step by step you need to do to lock down not only your switch but also VLAN protocols.

            I suspect some other folks might like to read it as well.

            Here's the link:
            Essential Lockdowns for Layer 2 Switch Security

            Thanks,
            David Davis - Petri Forums Moderator & Video Training Author
            Train Signal - The Global Leader in IT Video Training
            TrainSignalTraining.com - Free IT Training Products
            Personal Websites: HappyRouter.com & VMwareVideos.com

            Comment


            • #7
              Re: vlans and secure

              Tnx,

              it's a great article.

              mano

              Comment

              Working...
              X