Why using LAN switches improves the security of a network?
Why using LAN switches improves the security of a network?
The latest rage in network performance improvement is the use of switching technologies to isolate traffic from various systems. This is achieved by placing a system on a device called a switching bridge which, in turn, isolates traffic by only allowing packets to be sent to the port on which the system is located when a packet is actually addressed to the system in question or when the message is a group or broadcast message that would be sent to all nodes. In a typical LAN environment, systems on a network segment ‘see’ each other’s data packets which introduces a performance and security problem. With switching technology, it is possible to isolate traffic from system to system which has the effect of not only improving performance, but also improving security—you cannot collect data from the network you cannot ‘see’. The switch is basically only as good as the configuration. Just like ACLs on routers and firewalls, switch-level ACLs can filter traffic, permitting or denying access through the port. Port security stops people from attaching wireless access points and bypassing your site security. That alone should be a good enough reason to implement switch security on your network today. Port mirroring and port authentication are also good security measures for switches.
June 16th, 2010 at 1:09 am
The latest rage in network performance improvement is the use of switching technologies to isolate traffic from various systems. This is achieved by placing a system on a device called a switching bridge which, in turn, isolates traffic by only allowing packets to be sent to the port on which the system is located when a packet is actually addressed to the system in question or when the message is a group or broadcast message that would be sent to all nodes. In a typical LAN environment, systems on a network segment ‘see’ each other’s data packets which introduces a performance and security problem. With switching technology, it is possible to isolate traffic from system to system which has the effect of not only improving performance, but also improving security—you cannot collect data from the network you cannot ‘see’. The switch is basically only as good as the configuration. Just like ACLs on routers and firewalls, switch-level ACLs can filter traffic, permitting or denying access through the port. Port security stops people from attaching wireless access points and bypassing your site security. That alone should be a good enough reason to implement switch security on your network today. Port mirroring and port authentication are also good security measures for switches.
References :
http://www.youtube.com/watch?v=JNTsd7w-Ibk&feature=related
Cisco Networking Academy
Associate’s in Networking
Bachelor’s in Computer Science
CompTIA A+ Certified
June 16th, 2010 at 1:47 am
It does not. This is a fairly common myth.
Switches isolate *cooperating* segments from each other. But people who are trying to compromise your security won’t cooperate.
It’s like saying a guy at the door to a bank who won’t let anyone in unless they promise not to rob the place improves the bank’s security.
References :