Virtual Local Area Networks (VLANS)
b"
Hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 54 today we are discussing about Switches can also provide the ability to create virtual local area networks.This adds a layer of separation to our networks without requiring us to buy additional switches that have to be configured and installed on the network.VLANs are implemented to segment our network,reduce collisions, organize our networks,boost performance and increase security.Unfortunately attackers have created VLAN hopping which allows them to break out of our VLANs and access other VLAN data though.There's a couple of mechanisms to do this. The first method is known as switch spoofing. In this attack, an attacker essentially configures their device to pretend that it's a switch and they connect to a switch port to negotiate a trunk link and break out of the VLAN. To prevent this, you can disable dynamic trunking protocol or DTP on all your switch ports,place all your unplugged ports into an unused VLAN,explicitly forward frames and avoid default VLAN names.The second method is what's known as double tagging.As traffic goes across a switch,it reads the outermost VLAN tag first,strips it off and then routes the trafficto the proper VLAN.In double tagging though,an attacker actually adds two VLAN tags,an outer tag and an inner tag,so as traffic goes through the first switch,it removes the outer tag and is then forwarded to the destination of the inner tag.You can prevent this by moving all the ports out of the default VLAN group.Double tagging can also be prevented by upgrading your switch's firmware,utilizing an unused VLAN as the default VLAN and redesigning the VLAN structures.
\\n