lans protected
TRANSCRIPT
-
7/30/2019 LANS Protected
1/4
SecuritySecurity is critical to all campus LAN services. Access to networks and applications must be
open and
pervasive, yet remain secure and controlled. Todays networks not only need to effectively handle
unmanaged
devices and guest users attempting network access, they also need to address support for
unmanageable devices,
post admission control, and application access control, visibility, and monitoring. Key security
components and
policies include:
- Policies ensuring Quality of Service (QoS)
- Mitigating denial of service (DoS) and distributed denial of service (DDoS) attacks and threats
- Ensuring that the organization meets compliance criteria
All security policies should be centrally managed and remotely deployed.
Unified CommunicationDeployment of VoIP phones using Power over Ethernet (PoE) technology, as
well as video
conferencing and web-based training through video on demand (VOD) applications, over the same
campus LAN
infrastructure as data calls for the logical separation of delivery of these services. Implementation of
QoS policies is
also needed to prioritize and guarantee delivery of latency/jitter, and loss sensitive VoIP and video
traffic over data.
-
7/30/2019 LANS Protected
2/4
Recommendations
Even as new 802.11 vulnerabilities are identified and exploited, organizations can mitigate or
eliminate many of wireless LANs security risks with careful education, planning, implementation,
and management. The following steps aid this process:
Establish wireless LAN security policies and practices
Design for security
Logically separate internal networks
Enable VPN access only
Remove unnecessary protocols
Restrict AP connections
Protect wireless devices.
ESTABLISH WIRELESS LAN SECURITY POLICIES AND PRACTICES
The cornerstone of an effective wireless LAN strategy involves defining, standardizing, documenting,
disseminating, and enforcing wireless LAN security policies and practices. These include specifying
the make, model, configuration, and settings of the wireless LAN equipment authorized for use, as
well as documenting and managing the APs and connected network infrastructure.
Employee education increases awareness of security risks. Some employees may not realize that
deploying an unauthorized wireless LAN or using a WiFi product out of the box may increase
security risks. Clear and frequently conveyed guidelines usually promote active cooperation.
DESIGN FOR SECURITY
When placing wireless APs for strategic coverage, installers should consider signal bleed into
uncontrolled areas where transmissions can be intercepted. Wireless coverage should be
implemented only where needed.
LOGICALLY SEPARATE INTERNAL NETWORKS
The LAN segments that connect to wireless APs should connect to a corporate Virtual Private
-
7/30/2019 LANS Protected
3/4
Network (VPN) gateway, but not directly to the production network. Eliminating APs from the
production network minimizes the risk of attack techniques such as packet sniffing.
ENABLE VPN ACCESS ONLY
Requiring users to connect to the wireless LAN via a VPN is recommended. Once authenticated,
authorized users communicate using an encrypted tunnel between the connecting device and the
LAN, reducing the risk that a transmission will be captured.
RESTRICT UNNECESSARY PROTOCOLS
Restricting unnecessary or redundant protocols from the LAN segments that connect the APs to the
VPN gateway reduces the possibility of unidentified holes and vulnerabilities. Retaining the Domain
Name System (DNS) and IP Security (IPSec) protocols is recommended to support the VPN.
RESTRICT AP CONNECTIONS
Administrators can use authorization tables to selectively enable LAN connections only to devices
with approved NIC addresses. Each NIC has a unique address that can be added to a table of
authorized users; most vendors APs support Media Access Control (MAC) restrictions through the
use of authorization tables. As a result, instead of editing each AP individually, APs can be pointed to
a centrally managed database.
PROTECT WIRELESS DEVICES
Personal firewalls can protect individual devices from attacks launched via the air connection or
from the Internet. IT administrators should disable all unused features of new client devices
(e.g., shared drive access) and reconfigure default settings according to the organizations
particular needs
-
7/30/2019 LANS Protected
4/4
The private internal networks (such as a LAN) offer security and protection in the form
of the aforementioned firewalls as well as password-protected access and secure servers.
The use of an intranet allows companies to control their business easier and manage
their employees more successfully. Less paperwork, increased productivity, added
flexibility, and versatility are other factors that intranet users take advantage of. All of
this adds up to a bottom line that is attractive in any business decision: the ability to
save money and increase profits.
An extranet is part of a
Read more:Intranet - advantage, type, benefits, cost, Intranet
applicationshttp://www.referenceforbusiness.com/small/Inc-
Mail/Intranet.html#b#ixzz1v2lhAzQS
http://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQShttp://www.referenceforbusiness.com/small/Inc-Mail/Intranet.html#b#ixzz1v2lhAzQS