As per title, why do people tell me not to use VLANs for security purposes?
I have a network, where a have a couple of VLANS. There is a firewall between the 2 VLANs. I am using HP Procurve switches and have made sure that switch-to-switch links accept tagged frames only and that host ports don't accept tagged frames (They are not "VLAN Aware"). I've also made sure that the native VLAN (PVID) of the trunk links are not the same as either of the 2 host VLANs. I've also enabled "Ingress Filtering". Furthermore, I've made sure that host ports are only members of a single VLAN, which is the same as the PVID of the respective port. The only ports which are members of multiple VLANs are the trunk ports.
Can someone please explain to me why the above isn't secure? I believe I've addressed the double tagging issue..
Thanks
Update: Both switches are Hp Procurve 1800-24G
There is real risks, if you don't fully understand the potential issues, and properly setup your network to mitigate the risk to a point that is acceptable for your environment. In many locations VLANs provide an adequate level of separation between between two VLANs.
It sounds like you have taken all the basic steps needed to achieve a pretty secure setup. But I am not totally familiar with HP gear. You may have done enough for your environment.
A good article too look at would be the Cisco VLAN Security White Paper.
It includes a list of possible attacks against a VLAN-Based Network. Some of these are not possible on some switches, or can be mitigated by a proper design of the infrastructure/network. Take the time to understand them and decide if the risk is worth the effort it will take to avoid it in your environment.
Quoted from the article.
See also:
It is safe for certain values of secure.
Bugs in firmware, switch configuration resets, human error can make it unsecure. As long as only very few people have access to configuration of the switches and switches themselves then it's OK in general business environment.
I would go for physical separation for really sensitive data though.
I seem to recall that, in the past, it was easier to do VLAN hopping, so that may be why "people" are saying this. But, why don't you ask the "people" for the reasons? We can only guess why they told you that. I do know that HIPAA and PCI auditors are OK with VLANs for security.
I think the core issue is that vlans aren't secure because you are just segregating broadcast domains, not actually segregating traffic. All the traffic from the multiple vlans still flows over the same physical wires. A host with access to that traffic can always be configured into promiscuous mode and view all of the traffic on the wire.
Obviously the use of switches reduces that risk quite a bit, since the switches are controlling which data actually appears on which ports, however the basic risk is still there.