Several Production VLANS and Security
Posted on 2014-11-24
My company is researching the splitting of our single production VLAN into 2 VLANS. The primary reason for this is, in theory, security. However I'm finding it hard to see how security will be improved with the exception of a single, improbable, vulnerability; a broadcast storm. Granted, a broadcast storm which, effectively, could make a switch perform much like a hub and allow all traffic on the VLAN to be "sniffed".
So Both VLANS (let's just say VLANA and VLANB) will be fully routed to the same locations WITH NO FIREWALL BETWEEN THEM.
What are my security benefits of doing this? To me, it really just seems like we are changing the IP Subnet for a subsection of machines without realizing any real security benefit, except for the one previously mentioned.
Thoughts? Are there any other SECURITY benefits? (Let's not get into performance or manageability. I'm really JUST looking for security ramifications.
Thanks in advance!