VLAN Network Security Research Paper Example | Topics and Well Written Essays - 2000 words

VLAN Network Security - Research Paper Example Although, VLAN 1 simplifies the installation process of the switch significantly, it also makes the network vulnerable to unauthorized access (Liska, 2003). To improve security on switches, Liska (2003) suggested that the default VLAN should be removed, and each port on the switch should be added to the appropriate VLAN (P.S. Empty ports should be configured with no VLAN). In case if the switch does not allow removal of the default VLAN, then the active ports on the switch should be switched to different VLAN. Liska (2003) further emphasized that the port which is connected to the upstream switch or router should be removed from the default VLAN because it is tagged with all of the VLANs, and therefore, it can provide a gateway to all the traffic on the network if an attacker is successful in determining the default VLAN for the tagged port. The OSI model is based on layered model in which the communication protocol divides its functionality into a series of layers. Each layer provides services to its subsequent, upper layer, and requires services from its preceding, lower layer. However, each layer is isolated from other layers and operates independently to perform a subset of functions. Although, the layer independence provides interoperability and interconnectivity, it also causes security risks because if any layer is compromised, then other layers remain unaware of this (Wong & Yeung, 2009). In OSI model, the Data Link Layer (Layer 2) is very crucial because all the upper layers rely on it to provide the reliable data transfer across physical link – if this layer is compromised, then the entire communication session is compromised. Therefore, it is extremely important to secure this layer and take appropriate measures to mitigate attacks on this layer (Wong & Yeung, 2009). VLAN-based networks are vulnerable to various attacks. Many of these attacks can be initiated by those with the LAN access, from outside the switch.