7/30/2019 LANS Protected

1/4

SecuritySecurity is critical to all campus LAN services. Access to networks and applications must be

open and

pervasive, yet remain secure and controlled. Todays networks not only need to effectively handle

unmanaged

devices and guest users attempting network access, they also need to address support for

unmanageable devices,

post admission control, and application access control, visibility, and monitoring. Key security

components and

policies include:

- Policies ensuring Quality of Service (QoS)

- Mitigating denial of service (DoS) and distributed denial of service (DDoS) attacks and threats

- Ensuring that the organization meets compliance criteria

All security policies should be centrally managed and remotely deployed.

Unified CommunicationDeployment of VoIP phones using Power over Ethernet (PoE) technology, as

well as video

conferencing and web-based training through video on demand (VOD) applications, over the same

campus LAN

infrastructure as data calls for the logical separation of delivery of these services. Implementation of

QoS policies is

also needed to prioritize and guarantee delivery of latency/jitter, and loss sensitive VoIP and video

traffic over data.

7/30/2019 LANS Protected

2/4

Recommendations

Even as new 802.11 vulnerabilities are identified and exploited, organizations can mitigate or

eliminate many of wireless LANs security risks with careful education, planning, implementation,

and management. The following steps aid this process:

Establish wireless LAN security policies and practices

Design for security

Logically separate internal networks

Enable VPN access only

Remove unnecessary protocols

Restrict AP connections

Protect wireless devices.

ESTABLISH WIRELESS LAN SECURITY POLICIES AND PRACTICES

The cornerstone of an effective wireless LAN strategy involves defining, standardizing, documenting,

disseminating, and enforcing wireless LAN security policies and practices. These include specifying

the make, model, configuration, and settings of the wireless LAN equipment authorized for use, as

well as documenting and managing the APs and connected network infrastructure.

Employee education increases awareness of security risks. Some employees may not realize that

deploying an unauthorized wireless LAN or using a WiFi product out of the box may increase

security risks. Clear and frequently conveyed guidelines usually promote active cooperation.

DESIGN FOR SECURITY

When placing wireless APs for strategic coverage, installers should consider signal bleed into

uncontrolled areas where transmissions can be intercepted. Wireless coverage should be

implemented only where needed.

LOGICALLY SEPARATE INTERNAL NETWORKS

The LAN segments that connect to wireless APs should connect to a corporate Virtual Private

7/30/2019 LANS Protected

3/4

Network (VPN) gateway, but not directly to the production network. Eliminating APs from the

production network minimizes the risk of attack techniques such as packet sniffing.

ENABLE VPN ACCESS ONLY

Requiring users to connect to the wireless LAN via a VPN is recommended. Once authenticated,

authorized users communicate using an encrypted tunnel between the connecting device and the

LAN, reducing the risk that a transmission will be captured.

RESTRICT UNNECESSARY PROTOCOLS

Restricting unnecessary or redundant protocols from the LAN segments that connect the APs to the

VPN gateway reduces the possibility of unidentified holes and vulnerabilities. Retaining the Domain

Name System (DNS) and IP Security (IPSec) protocols is recommended to support the VPN.

RESTRICT AP CONNECTIONS

Administrators can use authorization tables to selectively enable LAN connections only to devices

with approved NIC addresses. Each NIC has a unique address that can be added to a table of

authorized users; most vendors APs support Media Access Control (MAC) restrictions through the

use of authorization tables. As a result, instead of editing each AP individually, APs can be pointed to

a centrally managed database.

PROTECT WIRELESS DEVICES

Personal firewalls can protect individual devices from attacks launched via the air connection or

from the Internet. IT administrators should disable all unused features of new client devices

(e.g., shared drive access) and reconfigure default settings according to the organizations

particular needs

7/30/2019 LANS Protected

4/4

The private internal networks (such as a LAN) offer security and protection in the form

of the aforementioned firewalls as well as password-protected access and secure servers.

The use of an intranet allows companies to control their business easier and manage

their employees more successfully. Less paperwork, increased productivity, added

flexibility, and versatility are other factors that intranet users take advantage of. All of

this adds up to a bottom line that is attractive in any business decision: the ability to

save money and increase profits.

An extranet is part of a

Read more:Intranet - advantage, type, benefits, cost, Intranet

applicationshttp://www.referenceforbusiness.com/small/Inc-

Mail/Intranet.html#b#ixzz1v2lhAzQS

http://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQS