5.3. VLANs
VLANs are a common way to increase security on switches. A VLAN is a way to segment ports on a switch so that each port appears to be part of a different network. While the benefits of VLANs are readily apparent, many administrators do not like them, and in fact actively despise them. The arguments against VLANs tend to focus more on the platform than the actual VLAN concept.
The arguments against VLANs basically boil down to this: Given the lax security policies most administrators apply to switches, using VLANs is like putting a steel lock on a paper chain. Administrators who rely on VLANs, or any other single security measure for that matter, to protect their network, are leaving themselves open to attacks. On the other hand, VLANs ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
