Solved

Several Production VLANS and Security

Posted on 2014-11-24
3
203 Views
Last Modified: 2014-11-26
My company is researching the splitting of our single production VLAN into 2 VLANS.  The primary reason for this is, in theory, security.  However I'm finding it hard to see how security will be improved with the exception of a single, improbable, vulnerability; a broadcast storm.  Granted, a broadcast storm which, effectively, could make a switch perform much like a hub and allow all traffic on the VLAN to be "sniffed".

So Both VLANS (let's just say VLANA and VLANB) will be fully routed to the same locations WITH NO FIREWALL BETWEEN THEM.

What are my security benefits of doing this?  To me, it really just seems like we are changing the IP Subnet for a subsection of machines without realizing any real security benefit, except for the one previously mentioned.

Thoughts?  Are there any other SECURITY benefits?  (Let's not get into performance or manageability.  I'm really JUST looking for security ramifications.

Thanks in advance!
0
Comment
Question by:espnetadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 7

Accepted Solution

by:
tolinrome earned 250 total points
ID: 40463125
From what you're saying I agree. If the port is trunked and no firewall between them there really is no security per se. If the vlans A and B are on different switches and routed to a firewall then ok, depending on the setup. But with no firewall in between I don't really see a security benefit. Some people discourage vlan for security reasons because of vlan hopping - http://en.wikipedia.org/wiki/VLAN_hopping.

Also Just because your logically separating the network doesnt mean its any "safer" since physically all data from both vlans are going over the same network (cables). Most companies implement vlans for the reasons you mentioned above ( performance or manageability). Doing it for security doesnt mean much to an attacker.
All that being said, you can really harden down a switch and its ports, but using a firewall is for security and a switch...well, for switching and routing, not security,
0
 

Author Comment

by:espnetadmin
ID: 40464887
Yes, I agree.  I'd love to see a few more responses...  Gotta have proof to show to the Execs.
0
 
LVL 2

Assisted Solution

by:Mike
Mike earned 250 total points
ID: 40465766
I agree, if you are just routing everything without a firewall or any other security device, it's pretty pointless. Sounds to me like someone read something on Google saw the S word and took it out of context that VLANS improve security.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
Here's a look at newsworthy articles and community happenings during the last month.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question