Sign Up Now
Get instant access to over 1 million+ study documents
OR
Already registered? click here to login
By creating your account, you agree to our terms of service, privacy policy and student honor code.
Rabinovitch (nd) notes that "VLANs can significantly improve security management by automatically placing unrecognized network users into a default VLAN, with minimal accessibility, secure from the rest of the network." The Media Access Control (MAC) address is commonly used as a first line of defense in the VLAN security system. Because switches do not automatically perform authentication checks, network administrators can configure VLAN software to perform identity checks.
However, Farrow (nd) identifies several security weaknesses with Virtual LANS. Virtual LANS do not exactly create protected network segments impenetrable to the outside world as Cisco had claimed. "Hopping" is possible, as virtual bridges may be established between VLANS. In fact, Farrow (nd) claims that security was never considered to be a feature of virtual LANS and that the presumed ability of VLANs to isolate workgroups is incomplete at best. Furthermore, firewall technology has evolved so that VLANs are detectable and therefore penetrable. Another drawback with VLANS is that "VLANs tend to break down as networks expand and more routers are encountered," ("Definition of Virtual LAN). Virtual LANS limit the number of supported tagged terminals. Interestingly, Rabinovitch (nd) claims that one of the reasons VLANS are used is "to ease network adds, moves, and changes."
Virtual LANs operate and function similarly to their traditional LAN counterparts, with physical ports, layers, authentications, protocols, MAC addresses, and IP subnets all playing a role in network design, segmentation, and management. VLAN does ease some of the constraints on network managers. For instance, "VLAN management software can then automatically reconfigure that station into its appropriate VLAN without the need to change the station's MAC or IP address." (NetworkWorld 2006). The IEEE's 802.1Q standards accommodated developments in VLAN technology, establishing ground rules for tagging and assigning membership regardless of the VLAN software vendors.
In Open Systems Interconnection (OSI) terminology, VLANs function on the data link layer: Layer 2. Using Layer 2, "packets are switched between ports designated to be within the same VLAN" (Cisco 1997). Virtual LANS can be configured to mimic functionality on the network layer, Layer 3. Traditional router switches can operate and move between multiple layers, whereas VLANs cannot. However, VLAN technology involves a robust tagging system that allows switches and ports to be configured as trunks (Farrow nd)....
Trunks in the network are the foundation for multiple VLANs in the same large network.
Bridging between one VLAN and another generally requires router switches and so VLANs and traditional LANs are not mutually exclusive. In fact, router switches are necessary in organizations with multiple VLANs. Router switches pose some architectural and security-related advantages over VLANs, and network administrators must take care to prevent VLAN hopping in complex network systems. To solve some of the structural and functional problems associated with VLAN technology, "the industry is working towards "virtual routing" solutions, which allows the network manager to view the entire network as a single routed entity," (Defnition, PCMAG). However, virtual routing and virtual bridges do not solve security-related issues associated with VLAN technology.
Virtual LANs offer network flexibility. The virtual LAN software interfaces with and overlaps traditional hardware-based network architecture. Large organizations with multiple functions, departments, and workgroups need virtual LAN technology to link together geographically distinct terminals that share the same network needs. Networks that change frequently via adding, subtracting, or moving terminals also need virtual LAN technology. Network administrators can enhance network security by preventing VLAN hopping but in general the security risks posed by virtual LANs are not appreciably different from those on a traditional LAN.
References
Cisco (1997). "Overview of Routing between Virtual LANs."
Definition of Virtual LAN." PC Mag. Retrieved Dec 8, 2008 at http://www.pcmag.com/encyclopedia_term/0,2542,t=virtual+LAN&i=53925,00.asp
Farrow, R. (nd). VLAN Insecurity. Retrieved Dec 8, 2008 at http://www.spirit.com/Network/net0103.html
Homan, C. (1998). VLAN Information. UC Davis. Retrieved Dec 8, 2008 at http://net21.ucdavis.edu/newvlan.htm
NetworkWorld (2006). "VLAN (virtual LAN)." Network World. Retrieved Dec 8, 2008 at http://www.networkworld.com/details/471.html
Rabinovitch, E. (nd). Migrating to VLAN: Tips, Tools and Standards. UniNews. Retrieved Dec 8, 2008 at http://www.uniforum.org/web/pubs/uninews/970701/feature2.html
TechTarget (2007). "What is virtual LAN?" Retrieved Dec 8, 2008 at http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci213299,00.html
What is a VLAN?" (2008). TechFAQ. Retrieved Dec 8, 2008 at http://www.tech-faq.com/vlan.shtml
The paper creates Extended Access Control Lists for ABC Corporation using Port Numbers. Extended Access Control Lists for ABC Corporation using Port Numbers access-list 101 permit tcp 172.16.3.0. 0.0.0.255 any eq 20 access-list 101 permit tcp 172.16.5.0. 0.0.0.255 any eq 21 access-list 101 permit tcp 172.16.3.1/16. 0.0.0.255 any eq 22 access-list 101 permit tcp 172.16.3.254/16. 0.0.0.255 any eq 25 access-list 101 permit tcp 172.16.5.254/16. 0.0.0.255 any eq 35 access-list 101 permit tcp 172.16.0.254/16. 0.0.0.255 any eq18 access-list 101
Network Fundamentals HR Gulfstream Network Proposal Network Fundamentals Cover Letter Appended information Mr. Jet Buyer 1952 Kanako Lane Gulfstream IV Network Proposal Bob Smith Customer Relations In less than one hundred years, air travel and networking and computing communications have evolved from the Wright brothers and the UNIVAC housed in several huge rooms to fully functional in-flight Gulfstream network communications. Passengers today expect their palm pilots, laptops and PC's to work as seamlessly as the flight itself. The modern day concerns
networking and TCP/IP and internetworking. Also discussed are risk management, network threats, firewalls, and also more special purpose network devices. The paper will provide a better insight on the general aspects of security and also get a better understanding of how to be able to reduce and manage risk personally at the workplace and at home. In today's world, the Computer has become a common feature in any organization anywhere
Best Practice Wireless Network Security Best Practices for Network Security Wireless network is a technology that relies on radio waves instead of wires in connecting computer devices to the internet. There is a transmitter, with the name wireless access point or gateway, wired into an internet connection, which provides a "hotspot" transmitting the connectivity over radio waves. Hotspot has the capability to identify information, that include an item known as an SSID
Crete LLC’s Windows Server 2012 Network Proposal Crete LLC is a business organization that produces and distributes solar panel for the consumer market. In the past few years, the solar panel market has experienced tremendous growth because of the increased consumer demands for solar panels. Consequently, Crete LLC seeks to establish itself as a major industry player in order to meet the high demand for solar panels. Therefore, the company seeks
In this manner, it makes network management and filtering a lot easier. Even though SPF can protect the network infrastructure against certain attacks that are known to exploit the weaknesses that are inherent in the various network level protocols, it can never provide protection at application level. The application defense needs more awareness of the content of the payload. Circuit Proxy Firewall (CPF) This type of firewall operates by relying as