VLANs Are Your Friend
Author Jose-Miguel Maldonado
A Virtual Local Area Network can be simply defined as a group of devices on different LAN segments. Traditionally, VLANs are used to group devices together – whether that be for departmental purposes or other reasons. Utilizing VLANs in your businesses’ network architecture can help add an additional layer of security and help admins sleep better at night.
Here is a practical example of how VLANs can improve the security of a business network. Let’s say you have a fifty-person company that includes various departments that need access to different resources. A finance department may have data that has a higher data classification than data in the marketing department. Rather than keep everyone on the same LAN, if you use VLANs you can segment devices with financial data and ensure that sensitive data is isolated from the marketing department with firewall rules.
You may be asking yourself what the benefit is to use VLANs in the example mentioned above. Consider this scenario: someone from the marketing department mistakenly clicks on a phishing link that installs malware onto their computer, which then begins to propagate across the network. Because the finance department is on a separate VLAN, the malware will have a much harder time getting onto the finance VLAN and financial data can remain safe and intact.
VLANs can be used for organizational and administrative reasons but their biggest selling point, in my opinion, is the fact that they add more security to your environment. It’s similar to the PoLP (Principle Of Least Privilege) concept – VLANs are configured in such a way that only the information devices on that network segment need is accessible, nothing more and nothing less.
Most modern switches and routers have VLAN capabilities and can be easily configured via a GUI vs. a console like you used to have to do for legacy networking hardware. No matter how you slice it, VLANs are you friend and can help you as a security professional design and administer networks in a more secure manner.
About the author: Jose-Miguel Maldonado is the VP of Business Ops & Security at Rubica, a cybersecurity startup, and has acquired a reputation for creating cybersecurity champions out of non-technical people.