2. We discussed various VLAN attacks and countermeasures in the class. Please re

Question

2. We discussed various VLAN attacks and countermeasures in the class. Please refer to the reference section of the lecture
note for more details. There are two basic approaches to implementing these countermeasures:
(a) Using insecure network management protocols such as SNMP, FTP, tenet, etc. or their secure variants of these protocols
such as SSH, SCP, SSL, etc.
(b) Using out-of-band management in which we put all the management VLAN into a dedicated non-standard VLAN
where nothing but management traffic resides.
Briefly discuss the pros and cons of each using secure network management protocols vs. out-of-band management with
respect to i) efficiency, and ii) securing security implementations, i.e., preventing attacks on countermeasures, and iii) cost.

Explanation / Answer

A. Pros - When you use Insecure network management protocols, you can easily trace the attacker or a suspicious action on a VLAN network. And hence you can be awared about the possible patterns of attack and this helps in maintaining security of the VLAN network.

The main reason organisations use VLANs is that it is cheap as only one physical network needs to be implemented.

VLAN hopping patterns can be traced further prevention methods can be used.

Cons - The switching configuration may be complex. Also, You have to wait for an attack to take the process of security to go ahead.The major lack of security is down to the fact that although you are segregating from a logical perspective, you are actually running the networks across the same wires, so from the perspective of an attacker on one VLAN it is typically not much work to access the other VLAN.

B. Pros-

Out-of-band management
When you are unable to manage a server over an in-band connection, you can access the server through an alternate but reliable connection called an out-of-band connection. An out-of-band connection does not depend upon operating-system network drivers, and is available even when your server has not loaded or is not functioning properly.
Advantages of Out Of Band Management

A secure alternate path to devices at your remote sites when your primary network is impaired
Ensures on-site infrastructure is accessible even during system or network outages
Integrates seamlessly with your existing IT & network management systems
Minimizes disruption and downtime, ensuring business continuity
Cellular out-of-band access when the network is down.

Although this is a more expensive way to access your network, you are able to diagnose problems even when your data network is faulty.

Cons - The only disadvantage is that you have to run a management network parallel to your business network for out of band management (and all that goes into running that network - including cost). Otherwise you can administer all the devices on your network without those devices being able to connect to the business network when you have an out of band management network in place.

Related Questions

Navigate

• Browse (All)
• Browse 2
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.