VLAN hopping

A VLAN hopping attack can occur in either of two ways. If a network switch is set for autotrunking, the attacker turns it into a switch that appears as if it has a constant need to trunk (that is, to access all the VLANs allowed on the trunk port). In Cisco's Dynamic Trunking Protocol (DTP), the susceptibility of a system to this form of VLAN hopping can be minimized by turning off the autotrunking feature (DTP off) on all switches that do not need to trunk. In the second form of VLAN hopping, the hacker transmits data through one switch to another by sending frames with two 802.1Q tags, one for the attacking switch and the other for the victim switch. This fools the victim switch into thinking that the frame is intended for it. The target switch then sends the frame along to the victim port.

VLAN hopping can be used to steal passwords and other sensitive information from specific network subscribers. VLAN hopping can also be used to modify, corrupt, or delete data, install spyware or other malware programs, and propagate viruses, worms, and Trojans throughout a network.

>> Stay up to date by receiving the latest IT term daily. Simply check "Word of the Day" to register.

Learn more about VLAN Security Management

	Identity and Access Management Services, Systems and Technologies: This Security School explores critical topics related to helping security practitioners establish and maintain an effective identity and access management plan.
Network Access Control Learning Guide: Learn how to block and secure untrusted endpoints, and control user access with this Learning Guide.
How to compartmentalize WiFi traffic with a VLAN: Learn how to use VLAN capabilities to tag and compartmentalize Wi-Fi traffic, supporting your company's security and traffic management policies.
Network Access Control Learning Guide: Learn how to block and secure untrusted endpoints, and control user access with this Learning Guide.
Lesson/Domain 5 -- Security School: Training for CISSP Certification: Security School webcasts are focused on CISSP training. This lesson corresponds to the telecommunications and networking domain in the CISSP exam's "Common Body of Knowledge."
Four things to remember about server virtualization security concerns: While security issues in virtual server farms are fundamentally the same as an existing physical environment, there are several details you need to be aware of.
How to maintain network control plane security: Use access control lists and secure configurations to maintain the security of your organization's network control plane.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

More resources from around the web: - Cisco Systems discusses VLAN hopping and related attacks. - SearchSecurity.com discusses popular forms of VLAN attacks and methods of avoiding them.

FILE EXTENSION AND FILE FORMAT LIST File Extension and File Format List: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

RELATED CONTENT How to securely connect a LAN POS to a remote point-of-sale device Looking to connect your LAN POS securely to your remote point-of-sale device? Mike Chapple, network security expert, explains how to use encryption... How to compartmentalize WiFi traffic with a VLAN Learn how to use VLAN capabilities to tag and compartmentalize Wi-Fi traffic, supporting your company's security and traffic management policies. Cloud, virtualization servers pose challenges for PCI compliance A special interest group and an emerging technologies study could help the Payment Card Industry Security Standards Council address compliance when...