Solved

LAN Security

Posted on 2008-10-16
7
249 Views
Last Modified: 2013-12-04
If it was to be decided that we needed to improve our LAN security (currently we only use unmanaged switches) what would the best way to do it?

I have read, briefly, of IPSEC/SSH/SSL and switches that are capable of doing the encrypting. Any links to guides will be greatly appreciated.

Basically I am interested in knowing what would be the "easiest" method, in terms of cost and disruption to the network.
0
Comment
Question by:girbot
7 Comments
 
LVL 3

Expert Comment

by:din101
ID: 22729063
are you talking about wireless or wired connections ? IPSEC/SSH/SSL not necessary for internal wired networks and it will be just waste of bandwidth over heads to use it. What you can do is secure the application likes say email im etc  
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22731121
I'd approach this problem by performing a risk assessment. Like the previous poster says, encrypting all traffic is very expensive resource-wise.  I would  determine which forms of communication (email, IM, etc.) you want to secure and put in place an architecture that will secure those.
0
 

Author Comment

by:girbot
ID: 22735971
Basically it is a shared building, with a shared comms room. Web traffic is not a problem as these services have already been secured.

I am doing some preliminary work into improving the LAN security and just wondered what the pro/conns of it would be and easiest methods.


0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22740618
For encrypting email, I would look into a PGP-related system (GnuPGP, PGP Universal Server) to sign and encrypt mail.  We're using PGP Universal Server- fairly easy to implement.

For Windows workstation-to-server communication, you can implement IPSEC with the help of Group Policy and a Public Key Infrastructure.  This would greatly reduce the risk of anybody sniffing and using your organization's traffic on the shared network hardware.  
0
 
LVL 5

Accepted Solution

by:
rexxus earned 125 total points
ID: 22746902
As a first step I'd be looking at replacing the unmanaged devices for managed LAN switches so that you have option of enabling port level security with options such as:

- dot1x authentication
- unused switchports are left in a shutdown/disabled state
- single/multiple MAC addresses allowed to connect to the switch etc
- segregate devices into VLANs and have access control lists between segments

http://www.cisco.com/en/US/netsol/ns628/networking_solution_relevant_networking_solutions_listing_intro_sc.html 

0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 125 total points
ID: 22758777
With shared comm rooms you need some physical security and or being able to manage the gear properly as rexxus has pointed out. Traffic encryption is overkill for most places, even in shared space. "Easiest" would be to have your network gear in a locked cabinet of your own and have all circuits and or lan drops placed into conduit as much as possible. Best would be that, plus manged gear, either one big switch or several small switches. There are many hardware resellers out there that can sell you refurbished and or new equipment for far below what they originally list for. 802.1x is excessive usually, but is very effective, keeping unused ports shutdown/disabled is always a best practice, as is segregating your lan traffic using vlans.
-rich
0
 

Author Comment

by:girbot
ID: 22839965
Sorry for the delay in closing the question, got dragged into to other things...

Thanks for the suggestions plenty for me to look into further.

Thanks all.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now