Abstract
Local Area Networks (LANs) remain highly vulnerable to protocolbased attacks that exploit weaknesses in essential network services. Among the most common attacks are Dynamic Host Configuration Protocol (DHCP) starvation, Address Resolution Protocol (ARP) spoofing, and Virtual Local Area Network (VLAN) hopping, which can severely compromise network confidentiality, integrity, and availability. This study investigates the effectiveness of penetration testing in identifying and mitigating such vulnerabilities within LAN environments. A simulated network was designed using GNS3, and controlled attacks were executed using Kali Linux and the Yersinia toolset to evaluate network resilience. Based on the penetration testing results, vulnerabilities were identified and mitigated using a single security mechanism, namely Port Security. The experimental results demonstrate that applying Port Security significantly reduced the number of successful attacks and improved overall network security. The findings highlight the importance of penetration testing as a practical approach for enhancing LAN security and provide cost-effective recommendations suitable for small and medium-sized organizations.