A nice introduction to VLAN Hacking and attack prevention has been posted over at InfoSecInsitute. Some good points have been figured out every network administrator should care about:

A few points for the administrators would be:

  • Manage switches in as secure a manner
  • The native VLAN ID should not be used for trunking. Always use a dedicated VLAN ID for all trunk ports.
  • Set all user ports to non trunking
  • Do configure port-security feature in the switch for more protection. (Note: be careful about configuring the port-security feature.)
  • Avoid using VLAN 1
  • Deploy port-security where possible for user ports
  • Enable BPDU Guard for STP attack mitigation
  • Use private VLAN where appropriate to further divide L2 networks
  • If VTP is used, use MD5 authentication.
  • Unused ports can be disabled.
Overview of VLAN Attack- & Prevention mechanisms
Tagged on:         

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.