Submitted by oliver.kleineberg on Thu, 2012-08-09 08:51
Virtual Local Area Networks (VLANs) should not be counted on as a security feature of modern managed Ethernet switch networks. This is now common knowledge, both in IT departments and also in the Industrial Control Community. Indeed in Eric Byres’ article Why VLAN Security isn't SCADA Security at all he points out that switches with VLANS are not firewalls. But are VLANs the boogeyman of industrial control system security...or are they underestimated helpers?
Submitted by Eric Byres on Tue, 2010-11-23 15:07
Over the years I have been asked by a number of control engineers, “Our IT dept says we have VLANs, so why do I need a firewall?”
Back in the mid-90s, I was a big supporter of Virtual Local Area Networks (VLANs) for security. Unfortunately, I have seen so many issues with this technology that I no longer believe it provides effective security.
