Thursday, July 22, 2021

VLAN segmentation as security, do you trust it?

Fill in a few back details first, understand VLANs, I am aware in the past there have been risks of VLAN hopping but there are published mitigations, I understand there are possible L2 risks that at the least could be a denial of service such as ARP attacks.

Now to the question, I have some sites where they have 2 air gapped networks as the opposite end of the trust spectrum, one is a PCI DSS CDE, the other is a public WiFi that is open to anyone who cares (the password is on the wall in reception). I have to propose refresh for these sites, and a single physical switch network with VLANs is obviously easier to implement, but the air gap was put in for a reason!

I just want to push this out for some general feeling from others in the industry what way you would fall on this question.

Thanks.



No comments:

Post a Comment