Solved

LAN Security

Posted on 2008-10-16
7
252 Views
Last Modified: 2013-12-04
If it was to be decided that we needed to improve our LAN security (currently we only use unmanaged switches) what would the best way to do it?

I have read, briefly, of IPSEC/SSH/SSL and switches that are capable of doing the encrypting. Any links to guides will be greatly appreciated.

Basically I am interested in knowing what would be the "easiest" method, in terms of cost and disruption to the network.
0
Comment
Question by:girbot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 3

Expert Comment

by:din101
ID: 22729063
are you talking about wireless or wired connections ? IPSEC/SSH/SSL not necessary for internal wired networks and it will be just waste of bandwidth over heads to use it. What you can do is secure the application likes say email im etc  
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22731121
I'd approach this problem by performing a risk assessment. Like the previous poster says, encrypting all traffic is very expensive resource-wise.  I would  determine which forms of communication (email, IM, etc.) you want to secure and put in place an architecture that will secure those.
0
 

Author Comment

by:girbot
ID: 22735971
Basically it is a shared building, with a shared comms room. Web traffic is not a problem as these services have already been secured.

I am doing some preliminary work into improving the LAN security and just wondered what the pro/conns of it would be and easiest methods.


0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22740618
For encrypting email, I would look into a PGP-related system (GnuPGP, PGP Universal Server) to sign and encrypt mail.  We're using PGP Universal Server- fairly easy to implement.

For Windows workstation-to-server communication, you can implement IPSEC with the help of Group Policy and a Public Key Infrastructure.  This would greatly reduce the risk of anybody sniffing and using your organization's traffic on the shared network hardware.  
0
 
LVL 5

Accepted Solution

by:
rexxus earned 125 total points
ID: 22746902
As a first step I'd be looking at replacing the unmanaged devices for managed LAN switches so that you have option of enabling port level security with options such as:

- dot1x authentication
- unused switchports are left in a shutdown/disabled state
- single/multiple MAC addresses allowed to connect to the switch etc
- segregate devices into VLANs and have access control lists between segments

http://www.cisco.com/en/US/netsol/ns628/networking_solution_relevant_networking_solutions_listing_intro_sc.html 

0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 125 total points
ID: 22758777
With shared comm rooms you need some physical security and or being able to manage the gear properly as rexxus has pointed out. Traffic encryption is overkill for most places, even in shared space. "Easiest" would be to have your network gear in a locked cabinet of your own and have all circuits and or lan drops placed into conduit as much as possible. Best would be that, plus manged gear, either one big switch or several small switches. There are many hardware resellers out there that can sell you refurbished and or new equipment for far below what they originally list for. 802.1x is excessive usually, but is very effective, keeping unused ports shutdown/disabled is always a best practice, as is segregating your lan traffic using vlans.
-rich
0
 

Author Comment

by:girbot
ID: 22839965
Sorry for the delay in closing the question, got dragged into to other things...

Thanks for the suggestions plenty for me to look into further.

Thanks all.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question