Does anyone know if there are any specific VLAN or trunking vulnerabilities that may allow visibility between separate VLANs running on the same switch? In this case, there would be no routing between the VLANs whatsoever.
I seem to remember reading something in the recent past, but can't recollect the context of the article.
There are a number of security concerns regarding switches. For example vlan hopping (http://www.sans.org/newlook/resources/IDFAQ/vlan.htm), mac flooding, trunking/promiscous on PC NIC (as by default switches are trunk auto, PC can see traffic). But almost all can be prevented/limited.
Some security methods are :
-set PC ports to trunking off
-change native vlan on trunk ports to something other than end user vlans
-limit physical access to switch
-Networkers 2002 has a presentation on Layer 2 security (attacks and prevention).
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...