IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
LAN 1
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000
LAN 2
LAN 3
Figure 2:
Physical segmentation in compliance with Figure 1
On the basis of VLAN-compatible network components, virtual LANs can be
formed without any physical restructuring. In accordance with the
technologies used, these VLANs are created through segmentation on layers 2
and 3. Like LAN segmentation, this allows a network to be separated into
areas where high demands are placed on the confidentiality of data, for
example (refer to S 5.61 Suitable physical segmentation). Depending on the
product in use, different functions are available for the formation of VLANs.
Some products allow the formation of VLANs on layers 2 and 3, which can
only be coupled by means of routers (and are thus termed secure VLANs). In
this case, filter rules need to be defined for the router in order to ensure
controlled transmissions between the individual VLANs. Other manufacturers
even implement a routing function in layer-3 switches, which allows VLANS
to be linked without the need for additional routers. In particular, the intended
technologies and products must be checked to determine whether they fulfill
requirements concerning the confidentiality and integrity of data.