Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Different terms for the same or more secure?

from [Hylton Conacher(ZR1HPC)] Network Security [Permanent Link]
Subject: Re: Different terms for the same or more secure?
Date: Thu, 24 Aug 2006 17:48:30 +0200
David Gillett wrote:
-----Original Message-----
From: Hylton Conacher(ZR1HPC) [mailto:hylton@conacher.co.za] Sent: Monday, August 21, 2006 3:38 AM
To: Security basics
Subject: Different terms for the same or more secure?

Hi all,

Seen a bit of traffic about vlans and as a junior networking person, I am wondering if they could be equal to physical subnets in the TCP/IP protocol.

What further confuses me is that I read on Google that vlans can also have subnets.

Could someone define each for me and the list and also why one is more secure than the other.

Tnx
Hylton


One definition of "subnet" is that it is a contiguous block of host addresses. One typically uses such a block of addresses on
a LAN, whether it's physical or virtual. 
Physical meaning actually there and virtual meaning there but no physically?

>
It's possible to have
hosts on a LAN using addresses from multiple blocks, but you generally want to avoid it if possible -- it can lead to two
devices being able to see each other's traffic, but not actually
communicate, unless you do some extra work.
> 
In a "physical subnet", all of the ports on every switch (and
bridge and hub) uses addresses in the same block and uses the
same MAC address tables, and so the hosts can all see each other.
Provided all the hosts are on the sme subnet ie 192.168.0.x as opposed to 192.168.1.x ?
>
> In a VLAN, switch ports are grouped according to which MAC address
tables they use;..
Similar to an IP being divided into subnets ie one for accounting, another for sales etc? How are the node MAC addresses grouped? I would assume by their subnet, which is exactly what a subnet does. A subnet groups similar nodes together so that they can communicate easily with one another and the switches do not need to liaise with those subnet nodes re other services on other subnets. So what does a VLAN do that a subnet doesn't and why is one better than the other?
>
..in order to permit routing between VLANs, it is
customary to assign each a different address block. VLANs are especially useful with another switch feature, "trunking", which
allows a single physical link to carry traffic tagged for multiple destination VLANs.
OK. You're starting to get fuzzy as there must be ethernet interference :) Let me get the basics right and solid then I'll explore the other features.

With the physical approach, all ports on every switch/hub/whatever are part of the same LAN; if you need two (or ten) different LANs in
an area, you need to deploy that many devices (at least...). With
VLANs, you deploy a small number of devices with high port density,
and map each port to the VLAN it belongs on.
How is the mapping done ie what decides which VLAN a node belongs to?

There are basically two avenues of vulnerability to VLANs that are not shared with purely physical LANs:

1. A compromise of a switch could allow a user to see traffic beyond their authorization.

2. A bug in switch software could allow private traffic to become visible at less-private ports.

  Neither of these risks is actually huge in any reasonable environment,
but unless you can mitigate them down to zero by some other means, a
physical LAN will always be just that little bit more secure than a
VLAN.
OK so a physical subnetted network is 'safer'/'more secure' than a VLAN network.

I'm still not getting the difference between a virtual and a physical LAN. Can anyone give me an example of say a company with two branches in different locations with each branch have its own sales and accounts department. I would subnet my IP such:
Office A 192.168.0.x
Office B 192.168.1.x
The departments of each office would have IP's from their respective subnet.
Sales A 192.168.0.1
Sales B 192.168.1.1
Accounts A 192.168.0.2
Accounts B 192.168.1.2

Make sense?
tnx for the help


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Different terms for the same or more secure?, Anhtuan Huynh
Next by Date:  Re: apache-tomcat, Alcides
Previous by Thread:  RE: Different terms for the same or more secure?, Robert D. Holtz - Lists
Next by Thread:  RE: Different terms for the same or more secure?, David Gillett
Indexes:  [Date] [Thread] [Top] [All Lists]