Solved

LAN Security

Posted on 2008-10-16
7
248 Views
Last Modified: 2013-12-04
If it was to be decided that we needed to improve our LAN security (currently we only use unmanaged switches) what would the best way to do it?

I have read, briefly, of IPSEC/SSH/SSL and switches that are capable of doing the encrypting. Any links to guides will be greatly appreciated.

Basically I am interested in knowing what would be the "easiest" method, in terms of cost and disruption to the network.
0
Comment
Question by:girbot
7 Comments
 
LVL 3

Expert Comment

by:din101
ID: 22729063
are you talking about wireless or wired connections ? IPSEC/SSH/SSL not necessary for internal wired networks and it will be just waste of bandwidth over heads to use it. What you can do is secure the application likes say email im etc  
0
 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22731121
I'd approach this problem by performing a risk assessment. Like the previous poster says, encrypting all traffic is very expensive resource-wise.  I would  determine which forms of communication (email, IM, etc.) you want to secure and put in place an architecture that will secure those.
0
 

Author Comment

by:girbot
ID: 22735971
Basically it is a shared building, with a shared comms room. Web traffic is not a problem as these services have already been secured.

I am doing some preliminary work into improving the LAN security and just wondered what the pro/conns of it would be and easiest methods.


0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 11

Expert Comment

by:snoopfrogg
ID: 22740618
For encrypting email, I would look into a PGP-related system (GnuPGP, PGP Universal Server) to sign and encrypt mail.  We're using PGP Universal Server- fairly easy to implement.

For Windows workstation-to-server communication, you can implement IPSEC with the help of Group Policy and a Public Key Infrastructure.  This would greatly reduce the risk of anybody sniffing and using your organization's traffic on the shared network hardware.  
0
 
LVL 5

Accepted Solution

by:
rexxus earned 125 total points
ID: 22746902
As a first step I'd be looking at replacing the unmanaged devices for managed LAN switches so that you have option of enabling port level security with options such as:

- dot1x authentication
- unused switchports are left in a shutdown/disabled state
- single/multiple MAC addresses allowed to connect to the switch etc
- segregate devices into VLANs and have access control lists between segments

http://www.cisco.com/en/US/netsol/ns628/networking_solution_relevant_networking_solutions_listing_intro_sc.html

0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 125 total points
ID: 22758777
With shared comm rooms you need some physical security and or being able to manage the gear properly as rexxus has pointed out. Traffic encryption is overkill for most places, even in shared space. "Easiest" would be to have your network gear in a locked cabinet of your own and have all circuits and or lan drops placed into conduit as much as possible. Best would be that, plus manged gear, either one big switch or several small switches. There are many hardware resellers out there that can sell you refurbished and or new equipment for far below what they originally list for. 802.1x is excessive usually, but is very effective, keeping unused ports shutdown/disabled is always a best practice, as is segregating your lan traffic using vlans.
-rich
0
 

Author Comment

by:girbot
ID: 22839965
Sorry for the delay in closing the question, got dragged into to other things...

Thanks for the suggestions plenty for me to look into further.

Thanks all.
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Join & Write a Comment

By default, Carbonite Server Backup manages your encryption key for you using Advanced Encryption Standard (AES) 128-bit encryption. If you choose to manage your private encryption key, your backups will be encrypted using AES 256-bit encryption.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now