Redux: VLANs in the DMZ
There are a few extra points I would mention:
- Data should not be stored in a DMZ terminating incoming external connections. These should be limited to processing.
- It is a theoretical physical exploit and not a remote one.
- There has been no major security incident attributed to VLAN hopping as a cause.