Recently I have done a penetration test and it once again showed why you should never trust the L2 segmentation for security.
The obvious reason not to trust L2 segmentation is that by using arp poisoning all your data between one ore more machines can be routed through another machine, and thus one is able to read all data sent and received between these machines. Introducing VLANs would help a lot, but even then there are techniques to circumvent these limitations.
(more…)