INSIGHTS FROM ENGINEERS
Network Field Engineer
In an organization that uses a standardized switch model, all computers connected to the same switch are able to communicate with all devices on that switch. This presents a security risk because even though you create different subnets, as long as they are on the same switch, devices are vulnerable to Man in the Middle attacks (sniff packets and/or capture data). Broadcast storms may also congest the network, making it slow. When the time comes and you need to segregate users/departments, you have to purchase another switch to physically separate them.
The Benefit of VLANs
The best option you have is to create VLANs. When VLANs are configured on the switch, devices connected to the same physical network are on a different virtual network. Only devices that are part of the same VLAN can communicate with each other. Attempting to communicate with devices on other VLANs won’t work without a router and access lists to allow this to occur. For example, if you want to separate your HR, Purchasing, and Accounting departments, you will need to configure three individual VLANs.
Steps need to be taken for switches to be configured properly. By default, a switch port negotiates with the end-device as a trunk port. As best practice and for security, switch ports should be configured as access ports and assigned to the precise VLAN to which they correspond. All unused switch ports should be shut down. VLANs allow more control of the communication within your organization by implementing rules, permissions, and policies. IT Admins can grant or deny network access to specific devices and resources.
There are many other things that can be said about VLANs and configuring your network so that it is most secure. If you have questions regarding your network and how best to organize and implement the best plan for your switch ports, we are happy to help. Just complete the submission form above, or call us Monday through Friday 8 AM to 5 PM at (281) 651.2254, and it would be our pleasure to help you.
Virtual LANs (VLANs) helps separate users into individual network segments for security and other reasons. VLAN membership can be configured through software instead of physically relocating devices or connections.