- Layer 3 devices, such as routers, send information by broadcasting it to every destination on the network, and the destination handles the problem of parsing out the specific information that's needed from the general broadcast.
- In a switched environment, switches send traffic only to its intended host (determined by the destination information in each individual packet).
Operating in a switched environment doesn't totally alleviate the risk of sniffing, but it does mitigate that risk to a large degree.
Most networks today also utilize virtual LAN (VLAN) configurations to segment network traffic and further reduce the risk of sniffing. A VLAN is a switched network that's logically segmented. VLANs are created to provide the segmentation services traditionally provided by routers in LAN configurations. VLANs address scalability, security, and network management. Routers in VLAN topologies provide broadcast filtering, security, address summarization, and traffic-flow management.
Just as switches isolate collision domains for attached hosts and only forward appropriate traffic out a particular port, VLANs provide complete isolation between VLANs. None of the switches within the defined group will bridge any frames—not even broadcast frames—between two VLANs. Thus, communication between VLANs is accomplished through routing, and the traditional security and filtering functions of the router can be used.
Segmentation can be organized in any manner: function, project team, application. This capability is especially useful for isolating network segments for security purposes. For example, you may place application servers on one VLAN and system administrators on another (management-level) VLAN, with access control lists to restrict administrative access to only that VLAN. This setup can be accomplished regardless of physical connections to the network or the fact that some users might be intermingled with other teams.
The Ethernet Address Resolution Protocol (ARP) enables systems to find the unique identifier (MAC address) of a destination machine. ARP attacks provide the means to either break or misuse the protocol, with the goal of redirecting traffic from its intended destination. In an ARP attack, the attacker can sniff, intercept, and even modify traffic on a compromised network segment.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.