Security Policies to Mitigate Attacks VLAN Hopping in the Data Link Layer of LA Networks

A proposal of security policies based on the ISO 27002 standard is presented, which allows to mitigate VLAN HOPPING attacks at the data link layer level in LAN networks, as it is evident that network administrators pay more attention to policies to ensure the layers of the OSI model, so that internal users with certain privileges can take advantage of these vulnerabilities to access valuable information of the organization. For this purpose, a base network infrastructure of the companies in the city of Riobamba-Ecuador was determined as a case study. In this scenario, a standard four-phase Pentesting was performed to test VLAN HOPPING attacks (Switch Spoofing and Double Tagging) before and after applying the proposed policies, resulting in a 100% mitigation of the technological vulnerabilities found and 90% of organizational, operational, and physical vulnerabilities.     Keywords: VLAN HOPPING, Security Policies, Vulnerability Mitigation, Security Mechanisms