Article -> Article Details
|Title||VLAN Hopping and how to mitigate an attack|
|Category||Computers --> Security|
|Meta Keywords||cybersecurity coe, centre of excellence hyderabad, cyber security hyderabad, cyber security telangana, Cybersecurity Incubation centre, Cybersecurity Academia and R&D Centres, cloud computing vs cyber security, cyber security challenges in india|
VLAN, short for Virtual Local Area Network is a customized network created by more than one local area network allowing devices which are connected with different networks to be grouped in one network hence VLANs allow seamless communication and organizations benefit from this as it is cost-effective, offers flexible network configuration and decreases admin efforts. However, these networks are equally susceptible to cyber-attacks, such attacks against VLANs are termed VLAN hopping attacks.
VLAN hopping is when an attack is made on the VLAN networks by sending network packets to a port which cannot be accessed by a device of any sort. The modus operandi of a VLAN hacker is purely to gain access to all the active VLANs. In VLAN hopping, once a breach has been made on one VLAN network, it makes it possible for attackers to further breach into the rest of the VLANs which are connected to that specific network.
What is trunking in networking
Simply defined, network trunks are links which help simultaneously carry multiple signals to provide network access between one point to the other. Trunking is an extremely vital element of the VLAN. VLAN trunking is nothing but a bridge between two devices that carry more than one VLAN. In VLAN trunking, you can reach your configured VLAN throughout the whole network.
VLAN security is crucial to ensure the organization’s data is secured and not hampered by any hacker. There are a few techniques to maintain healthy security hygiene, inactive interfaces must be switched off and kept in the “parking lot” VLAN. You must make it a practice to manually configure access ports and also try to avoid using VLANs on trunk ports. Since the switches are the most vulnerable to switch spoofing and double tagging attacks, proper configuration of these switches will mitigate the consequences.
To mitigate a switch spoofing attack, you must switch off the Dynamic Trunking Protocol on those switches which do not require a trunk. Further, ports which do not need a trunk should be converted into an access port. To prevent double tagging attacks, do not put any hosts on VLAN 1, explicit tagging of the native VLAN for all trunk ports should be enabled and lastly, the native vlan must be an unused VLAN Id on all ports.
CCoE Hyderabad a joint venture between the Government of Telangana and DSCI aims to encourage innovation, entrepreneurship and capabilities in cybersecurity and privacy. We as an organization aim to kick start India’s IT industry by incubating startups, conducting workshops, and product showcases in experience zones and collaborating with local, national, and international initiatives to create safe and secure cyberspace in India.