Today, the media provides rather extensive coverage on the latest malicious web attacks, so most level 3 risks and above have been identified and widely documented. But this doesn’t hold true for risks associated with lower levels, especially risks on local networks.
A LAN is a local area network typically associated with RJ45 Ethernet outlets. For this reason, people often speak about LAN security and facility security in the same breath. However…
security inside the office…
Inside the office, local networks are highly vulnerable:
- to start with the obvious: how many wall outlets are there in your office and where are they located?
- what do the cables plugged into them connect to?
- a bit more difficult: how do you monitor the equipment connected to the LAN?
- how can you spot unmonitored replication equipment when switches are mass-market products available for just a few dollars?
- can you check if any PLC device is plugged in?
…and outside
Outside the office walls, companies often extend LANs using wireless equipment, such as WiFi .
As for “official” WiFi access points, you can find plenty of articles elsewhere pertaining to specific questions about security. But let’s not forget that WiFi boosting equipmToday, the media provides rather extensive coverage on the latest malicious web attacks, so most level 3 risks and above have been identified and widely documented. But this doesn't hold true for risks associated with lower levels, especially risks on local networks.
A LAN is a local area network typically associated with RJ45 Ethernet outlets. For this reason, people often speak about LAN security and facility security in the same breath. However...ent is also available on the mass market. And this equipment is easy to set up and hard to spot. That means a LAN’s range can be uncontrollably boosted.
That’s how you can use the same network to play computer games with your friend in a building across the street from yours.
Also outside the office, high-performance level 2 transport services have become more effective over long distances. Not only does WAN transport IP flow, but it now transports level 2 flow as well.
conclusion
For these reasons, it’s crucial to address level 2 security questions. And that’s what we’ll do in the following articles!
Pascal
photo credit: © nougaro - Fotolia.com
This blog post was originally published in French here.
I’ve worked on engineering Ethernet switches since 2004. I’m curious by nature, so I wanted to check out what was under the hood, and that’s where I found a mess of protocols. To me, it seems like this field is rarely covered, while the little information that is available is insufficient and often incorrect. So I want to share what I know, mainly based on lab tests and several hundred operational machines.