What is a LAN?
A LAN is a series of computers and/or supporting hardware physically linked together for ease of accessibility to the users in the environment. This can be defined as a workgroup or its variants. It can also be a client-server environment. No matter that type of LAN you choose to implement you must consider its security.
LAN side network security is a wide-ranging topic. The thing to understand about local LAN security is where your threats are most likely to come from. The most common threat to information in a LAN (Local Area Network) is from a user.
This user or these users could be disgruntled and wish you or your organization harm, or they could be careless in their information handling. Either way this is where most of your security concerns should be directed. You can protect from this in many ways depending upon the infrastructure in place at your organization. I will outline a couple of different infrastructure designs popular with small businesses in todays’ marketplace.
The first type of security that people put in place is they copy the data held on their computer or a single computer to another through a file share in either a Windows, MAC, or Linux operating system. While this addresses a few concerns, it is almost impossible to define granular security and access to this data beyond the general, leaving yourself open to accidental or purposeful deletion of data, or loss of data through theft.
The second type of security that people consider is an external device. This option, while valid, raises the question of hardware susceptibility to damage through accident or hardware failure, or simple loss of an external device such as a hard drive, or thumb drive. There is no real security in either of these options though it might seem so at first look.
The third type of security that people consider is a NAS, or a Network Attached Storage device. This is a valid choice because it allows some granularity to access of data on a network, and, of course, centralization and accessibility of organization data. This option also, depending on the hardware manufacturer choice offers different levels of hardware redundancy through RAID technology. This protects their data from hardware failures to an extent but by no means completely. It is a cost-effective solution though.
A more stable and secure solution would be to use a server with the ability to control access to information for all users in the environment as well as the types of access, such as read-only, or not having the ability to delete or print files or files in folders. This option is offered through a few operating systems from UNIX, Linux, and Windows. By far the most robust and easy to use is the Microsoft platform. Because of its popularity and capabilities, it is a natural target for the unscrupulous and you must put many layers of security in place to protect yourself, and your data.
You can limit or control access to parts of your environment
through VLANS (Virtual Local Area Networks) by implementing the correct type of Switching hardware. In order to implement VLANS you must have a Layer 3 managed switch, which while more expensive is also much more capable.
UNIX and its children LINUX in all its variants are possible choices, but have serious limitations due to accessibility, and general knowledge. It is also more secure in some cases, but there is also the line of thought that that is because it is a less full featured operating system. The Microsoft Windows Server operating systems offer much but because of their popularity, must be protected more than other equipment and software.
All operating systems are variants of UNIX and even UNIX had multiple variants depending on hardware platforms. AIX for MAC, RSX for DEC, IBM OS for IBM mainframes, SUN OS for SUN Spark, and too many others to list over the last 70 years. With ease of use, and ease of management come security flaws because the people who create the code are themselves flawed and can’t think of everything in advance, and those that come after have a basis to look for ways around existing programming.
To sum up, LAN security is all about making data in your local network secure from tampering, loss, or theft. This can be done many ways in many environments, but in my opinion, and every person in the IT field has one, the best way is through a Windows Server and all the security protocols and products built in to make data accessible only to those authorized, and only in the ways that they are authorized. Different individuals or groups of individuals can have many different levels of security from MAC reservations which is the hardware address of every Network Interface Device that plugs into some form of cable or wireless communication platform.
There are hundreds of ways to limit and manage access to data in a LAN, and it takes someone with years of experience and breadth of knowledge to give you the options you can choose from. There are ways to have equipment on Premise or in the “Cloud” or have hybrid environments or LAN’s that offer redundancy.
This is not a deep dive into LAN security, but instead just the broad strokes. If you’d like to talk about all the variations that are or might be appropriate, we at IT1 Services, are here to serve the needs of your organization with a servants’ heart.
We are available via phone 24/7 and by appointment at your convenience.
There are many other ways to secure a LAN so don’t let this article make you think that these are the only ways. Our goal at IT1 Services, is to find the best ways to meet your information needs and offer you options on how to accomplish your goals.