Network Security Library
Javascript Feeds    RSS Feed    Security Dashboard    SearchSecurity.com
About | Contact | Advertise | Site Map

VLAN


{LANG_NAVORIGIN} Architecture VLAN



Virtual LAN Security: weaknesses and countermeasures
Based on Blackhat report, we decided to investigate some possibilities to attack VLANs (Virtual Local Area Network). We think that is important to study this particular threat and gain insight into the involved mechanisms, as a breach of VLAN's security can have tremendous consequences. Indeed, VLANs are used to separate subnets and implement security zones. The possibility to send packets across different zones would render such separations useless, as a compromised machine in a low security zone could initiate denial of service attacks against computers in a high security zone. Another threat lies in the possibility to "destroy" the virtual architecture, performing indeed a DoS (Denial Of Service) against a whole network architecture. Recovery time would impact significantly on the business operations; in addition of an additional compromise threat during the time the subnets separations are removed, leading finally to information disclosure.
By Steve A. Rouiller, 04/17/2004
Hacking Layer 2, Fun With Ethernet Switches
Another Cisco slide show about layer 2 security, including VLAN security.
By Sean Convery, 02/24/2004
Ethernet Layer 2 Security
Slide Show about layer 2 security risks including VLAN security.
By Eric Vyncke, 02/24/2004
Layer 2 -- The Weakest Link
Network security is only as strong as your weakest link, and that may well be Layer 2 of the OSI model, the data link layer. This layer enables interoperability and interconnectivity because of its independence -- but from a security perspective, creates a challenge because a compromise at one layer isn't always known by the other layers. What's more, often network operations staff has one agenda, security staff another, and both end up missing Layer 2. Two of the most problematic attack signatures that threaten Layer 2 -- MAC flooding attacks and virtual LAN (VLAN) hopping -- are explored in this article, along with some ways to mitigate their effects.
By Connie Howard, 02/24/2004

Categories
Application Security
Architecture
Authentication
Certifications
Disaster Recovery
Encryption
Enterprise Security
Exploits
Firewall
Incident Handling
Intrusion Detection
Laws and Regulations
Malicious Code
Operating System
Security Basics
Security Management
Security Policies
Security Tools
Standards
Vulnerability Management
Web Security
Wireless Security

Papers
Newest
Highest Rated
Most Viewed
Reference

Services
Javascript Feeds
RSS (New Papers)
Security Dashboard

Our Stuff
About SecurityDocs
Advertise
Contact

Valid HTML 4.01!
Valid CSS!


Unless otherwise noted, all paper copyrights are owned by the author. The rest copyright 2003-2005 TechTarget

Privacy : Contact