10-23-2008 10:10 AM - edited 03-06-2019 02:06 AM
Hi All,
Networks that isolate traffic from other networks using separate mediums are more secure than one that isolates via VLAN correct? So having to networks A and B separate with separate routers, switches, and cabling is more secure than creating networks using VLANs correct?
10-23-2008 12:41 PM
Kelly
Short answer is yes, physical separation of devices will generally always be more secure.
Two main issues with vlans are
1) a misconfiguration is much easier as it all to do with just reallocating ports into vlans on the same chassis. Make a mistake and you could just have moved a server into the wrong subnet.
2) vlan hopping and other attacks. See attached link for vlan security white paper
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml
To be honest i have always been quite comfortable using vlan segregation with optionally firewalls etc. for internal data centre use etc.. but i always feel more comfortable with physical separation on Internet facing infrastructure.
Jon
10-28-2008 09:05 AM
Sure. Different physical networks will always be more secure than VLANs. One consideration would be the price.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: