Solved

Several Production VLANS and Security

Posted on 2014-11-24
3
201 Views
Last Modified: 2014-11-26
My company is researching the splitting of our single production VLAN into 2 VLANS.  The primary reason for this is, in theory, security.  However I'm finding it hard to see how security will be improved with the exception of a single, improbable, vulnerability; a broadcast storm.  Granted, a broadcast storm which, effectively, could make a switch perform much like a hub and allow all traffic on the VLAN to be "sniffed".

So Both VLANS (let's just say VLANA and VLANB) will be fully routed to the same locations WITH NO FIREWALL BETWEEN THEM.

What are my security benefits of doing this?  To me, it really just seems like we are changing the IP Subnet for a subsection of machines without realizing any real security benefit, except for the one previously mentioned.

Thoughts?  Are there any other SECURITY benefits?  (Let's not get into performance or manageability.  I'm really JUST looking for security ramifications.

Thanks in advance!
0
Comment
Question by:espnetadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Accepted Solution

by:
tolinrome earned 250 total points
ID: 40463125
From what you're saying I agree. If the port is trunked and no firewall between them there really is no security per se. If the vlans A and B are on different switches and routed to a firewall then ok, depending on the setup. But with no firewall in between I don't really see a security benefit. Some people discourage vlan for security reasons because of vlan hopping - http://en.wikipedia.org/wiki/VLAN_hopping.

Also Just because your logically separating the network doesnt mean its any "safer" since physically all data from both vlans are going over the same network (cables). Most companies implement vlans for the reasons you mentioned above ( performance or manageability). Doing it for security doesnt mean much to an attacker.
All that being said, you can really harden down a switch and its ports, but using a firewall is for security and a switch...well, for switching and routing, not security,
0
 

Author Comment

by:espnetadmin
ID: 40464887
Yes, I agree.  I'd love to see a few more responses...  Gotta have proof to show to the Execs.
0
 
LVL 2

Assisted Solution

by:Mike
Mike earned 250 total points
ID: 40465766
I agree, if you are just routing everything without a firewall or any other security device, it's pretty pointless. Sounds to me like someone read something on Google saw the S word and took it out of context that VLANS improve security.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question