Why do people tell me not to use VLANs for security?
Solution 1:
Why do people tell me not to use VLANs for security purposes?
There is real risks, if you don't fully understand the potential issues, and properly setup your network to mitigate the risk to a point that is acceptable for your environment. In many locations VLANs provide an adequate level of separation between between two VLANs.
Can someone please explain to me why the above isn't secure?
It sounds like you have taken all the basic steps needed to achieve a pretty secure setup. But I am not totally familiar with HP gear. You may have done enough for your environment.
A good article too look at would be the Cisco VLAN Security White Paper.
It includes a list of possible attacks against a VLAN-Based Network. Some of these are not possible on some switches, or can be mitigated by a proper design of the infrastructure/network. Take the time to understand them and decide if the risk is worth the effort it will take to avoid it in your environment.
Quoted from the article.
- MAC Flooding Attack
- 802.1Q and ISL Tagging Attack
- Double-Encapsulated 802.1Q/Nested VLAN Attack
- ARP Attacks
- Private VLAN Attack
- Multicast Brute Force Attack
- Spanning-Tree Attack
See also:
- http://hakipedia.com/index.php/VLAN_Hopping
- http://hakipedia.com/index.php/CAM_Table_Overflow
- http://etutorials.org/Networking/lan+switching/Chapter+9.+Switching+Security/VLAN-Based+Network+Attacks/
Solution 2:
It is safe for certain values of secure.
Bugs in firmware, switch configuration resets, human error can make it unsecure. As long as only very few people have access to configuration of the switches and switches themselves then it's OK in general business environment.
I would go for physical separation for really sensitive data though.
Solution 3:
I seem to recall that, in the past, it was easier to do VLAN hopping, so that may be why "people" are saying this. But, why don't you ask the "people" for the reasons? We can only guess why they told you that. I do know that HIPAA and PCI auditors are OK with VLANs for security.
Solution 4:
I think the core issue is that vlans aren't secure because you are just segregating broadcast domains, not actually segregating traffic. All the traffic from the multiple vlans still flows over the same physical wires. A host with access to that traffic can always be configured into promiscuous mode and view all of the traffic on the wire.
Obviously the use of switches reduces that risk quite a bit, since the switches are controlling which data actually appears on which ports, however the basic risk is still there.