Solved

Several Production VLANS and Security

Posted on 2014-11-24
3
199 Views
Last Modified: 2014-11-26
My company is researching the splitting of our single production VLAN into 2 VLANS.  The primary reason for this is, in theory, security.  However I'm finding it hard to see how security will be improved with the exception of a single, improbable, vulnerability; a broadcast storm.  Granted, a broadcast storm which, effectively, could make a switch perform much like a hub and allow all traffic on the VLAN to be "sniffed".

So Both VLANS (let's just say VLANA and VLANB) will be fully routed to the same locations WITH NO FIREWALL BETWEEN THEM.

What are my security benefits of doing this?  To me, it really just seems like we are changing the IP Subnet for a subsection of machines without realizing any real security benefit, except for the one previously mentioned.

Thoughts?  Are there any other SECURITY benefits?  (Let's not get into performance or manageability.  I'm really JUST looking for security ramifications.

Thanks in advance!
0
Comment
Question by:espnetadmin
3 Comments
 
LVL 7

Accepted Solution

by:
tolinrome earned 250 total points
ID: 40463125
From what you're saying I agree. If the port is trunked and no firewall between them there really is no security per se. If the vlans A and B are on different switches and routed to a firewall then ok, depending on the setup. But with no firewall in between I don't really see a security benefit. Some people discourage vlan for security reasons because of vlan hopping - http://en.wikipedia.org/wiki/VLAN_hopping.

Also Just because your logically separating the network doesnt mean its any "safer" since physically all data from both vlans are going over the same network (cables). Most companies implement vlans for the reasons you mentioned above ( performance or manageability). Doing it for security doesnt mean much to an attacker.
All that being said, you can really harden down a switch and its ports, but using a firewall is for security and a switch...well, for switching and routing, not security,
0
 

Author Comment

by:espnetadmin
ID: 40464887
Yes, I agree.  I'd love to see a few more responses...  Gotta have proof to show to the Execs.
0
 
LVL 2

Assisted Solution

by:Mike
Mike earned 250 total points
ID: 40465766
I agree, if you are just routing everything without a firewall or any other security device, it's pretty pointless. Sounds to me like someone read something on Google saw the S word and took it out of context that VLANS improve security.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On Beyond Tools A conversation I recently had with the DevOps manager of a major online retailer really made me think about DevOps monitoring tools (https://www.onpage.com/devops-incident-management-tool/). The manager and I discussed how sever…
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now