Hardening Internal Networks

Creating a LAN network can at first glance be quite straight forward. Simply buy some switches and connect all your users to them and then connected these switches to a single router. Yes, everything will work (so long as you’ve allowed for DHCP and so on), but the network will not be giving you 100% if this approach is taken. The network won’t:

  • Provide optimal performance
  • Protect against intentional and unintentional threats to the network such as rogue DHCP servers etc

The network is now growing at a rapid pace and more and more devices are attached as per the Internet of Things; getting this right is more crucial than ever. As a network admin, we want to make the network as accessible as possible to genuine users who may be taking advantage of the BYOD culture but at the same time we need to restrict heavily the unauthorised devices and access requests to sensitive areas of the network. Common threats to every LAN include:

  • Sniffing
    • Once an agent is in the network, passively viewing the data on the network
  • Spoofing
    • Pretending to be a user / device in order to deny services or intercept data
  • Brute force attacks
    • Repeatedly attempting a dictionary of passwords to gain access to a resource
  • Denial of Service
    • Overwhelming resources to take them offline
  • Man in the Middle (MITM)
    • Interception and / or manipulation of traffic in transit

Additional threats are present from poorly thought out design that has failed to consider the inner workings of a LAN, accommodate future growth or prevent unintentional changes to the intended operation of the network:

  • Network loops
  • Rogue devices
  • Accidental unplugging of power and data
  • Sub-optimal STP root bridge
  • Large broadcast domain
  • Legacy hubs remaining under desks
  • Insufficient bandwidth

In a future post I’ll go into details about these threats and how to mitigate them within your infrastructure.






Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s