Logical vs. Physical Subnetting

Unanswered Question
Oct 23rd, 2008

Hi All,

Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 10/23/2008 - 12:41

Kelly

Short answer is yes, physical separation of devices will generally always be more secure.

Two main issues with vlans are

1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.

2) vlan hopping and other attacks. See attached link for vlan security white paper

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.

Jon

fjcardenas-1 Tue, 10/28/2008 - 09:05

Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.

Actions

This Discussion