Jump to content
Security Installer Community

V Lan

BUSTER

By BUSTER
in Members Lounge (Public)

 Share

Recommended Posts

BUSTER Newbie

BUSTER

Posted
Posted

With all the talk of security vulnerabilities recently and the suggestion of a vlan giving better security I have a few questions

1. How difficult are they to set up

2. Can things on different vlans see each other ie if I have a nvr on one vlan, ip phone system on another and pc,s on another can the pc log onto the nvr etc or does that defeat the object

Any help/advice gratefully received

Any comments / opinions posted are my opinion only and do not represent those of my employer or Company

sixwheeledbeast Mentor

sixwheeledbeast

Posted
Posted

It all depends on how competent you are at that stuff really.

You will find it's only available on top end enterprise routers, if your using a router to do it.

 

The whole point of a VLAN (Virtual LAN) is to isolate the LAN into sections, so yes that wouldn't work on the LAN side.

cybergibbons Newbie

cybergibbons

Posted
Posted

The point of a VLAN is to make it like there are physically separate networks running. You then use the routing/firewall to allow certain traffic between the two.

 

They add a lot of security if you set the firewall up correctly, and make a lot of attacks a lot harder. You can make it so that a PC on the general VLAN can access a DVR on the the security VLAN. But the DVR wouldn't be able to access the rest of the network, so damage would be limited.

 

Even if you allow all traffic between two VLANS, it makes an attackers life harder as a number of attacks assume the DVR is on the same local network segment.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

PeterJames Mentor

PeterJames

Posted
Posted

Newer models of routers have guest networks on the wifi, mine doesnt allow me to see my servers when I log into the guest wifi so I guess this is a easy way of setting up a vlan or am I wrong

cybergibbons Newbie

cybergibbons

Posted
Posted

Newer models of routers have guest networks on the wifi, mine doesnt allow me to see my servers when I log into the guest wifi so I guess this is a easy way of setting up a vlan or am I wrong

Technically, it's not a VLAN, but essentially it is the same idea. It's another network that is firewalled off.

Normally that functionality lets the trusted network access the guest network, so putting security devices on there could be wise. Good idea.

I have a blog, some of which is about alarm security and reverse engineering:
http://cybergibbons.com/

 

 

 

PeterJames Mentor

PeterJames

Posted
Posted

Technically, it's not a VLAN, but essentially it is the same idea. It's another network that is firewalled off.

Normally that functionality lets the trusted network access the guest network, so putting security devices on there could be wise. Good idea.

I have an idea it may be wifi only and not restricted on the lan, ill take a look and let people know

norman Experienced

norman

Posted
Posted

I have a couple of routers that do this, both have dual band and a guest network.

Nothing is foolproof to a sufficiently talented fool.


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept