Port isolation, also known as private VLANs, is a network security technique that restricts the ability of devices plugged into a particular network port to communicate. Learn how port isolation can increase network security, particularly in cases where users of the network might not be trusted.
- [Instructor] Port isolation is a network security technique that is particularly useful when users of the network do not trust each other and are not trusted themselves. I'm using the term port isolation in this video because it's used in the cissp body of knowledge. Network professionals typically call this technology private VLANs. Port isolation and private VLANs are the same thing. The way that port isolation works is pretty simple.
When configured on the switch, port isolation limits traffic from a device plugged into a particular port to a single destination port. For example, if port isolation is turned on and configured to let a network port is only able to communicate with the up link port used to connect a switch to the rest of the network, systems plugged into the isolated port will be unable to communicate with other devices on the same switch using the data link layer.
Why would you want to this? Well port isolation prevents devices on the same switch from communicating with each other. This blocks many types of attacks, such as ARP spoofing that rely upon data link layer communications. However, it is not appropriate for use in every situation. You wouldn't want to use port isolation on an internal corporate network where systems routinely need to communicate with each other. Port isolation makes more sense in cases where you are providing public internet access.
Port isolation is commonly used in hotels to provide each guest room with a connection that does not allow communication with other guest rooms connected to the same switch.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security
Skill Level Advanced
CISSP Cert Prep: 2 Asset Securitywith Mike Chapple58m 11s Advanced
1. TCP/IP Networking
2. Network Security Devices
3. Designing Secure Networks
4. Specialized Networking
5. Secure Network Management
6. Virtualized Networks
Port isolation1m 47s
7. Network Attacks
8. Transport Encryption
9. Wireless Networking
10. Host Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.