VLANs offer a flexible, agile means of securely organizing network segments within an enterprise. Despite the promise of VLAN architecture to simplify network maintenance and improve performance, security questions have raised concerns and caused some network architects to re-examine the associated issues. One area of concern, VLAN hopping, involves a variety of mechanisms by which packets sent from one VLAN can be intercepted or redirected to another VLAN, threatening network security. Under certain circumstances, attackers have been able to exploit these mechanisms, gaining the capability of sniffing data at the switch level, extracting passwords and other sensitive information at will. As part of the security assessment that is summarized in this paper, @stake performed a battery of tests to evaluate the security features of the Cisco Catalyst family of products.
Mike Schiffman David Pollino
Back to Papers