Q

How to protect a LAN from unauthorized access

In this Ask the Expert Q&A, web access control guru Joel Dubin outlines steps to take to protect a LAN.

What steps should I take to use filters to protect a LAN from unauthorized access?

The first, and easiest, way to protect a LAN is to put it in a separate subnet behind its own gateway router or firewall. This segregates the LAN from other networks and makes it easier to tune any gateways into it through hubs, switches or routers.

The next simplest step, at least for a Windows network, is to simply shut off port 139 on the gateway router. This prevents a malicious user from trying to map a drive to the LAN. Similarly, turn off NetBIOS over TCP/IP on the workstations within the LAN. This prevents some bad guy from trying to directly map a drive to the workstations inside the LAN by using the NetBIOS name of the computer over a TCP/IP connection from outside the LAN.

Each workstation can also be configured to only accept traffic from specific IP addresses. Every LAN has a range of internal IP addresses assigned by whoever set up the LAN. The IP filtering feature can be set to only accept traffic from those IP addresses. But might that block Internet access? Not necessarily. If the LAN accesses the Internet through the gateway, whose IP is in the network's range of accepted IP addresses, then the LAN will still be able to connect to the Internet. But it will do so securely since it's only accepting the traffic from the accepted gateway and not the Internet directly.

And, of course, tune your firewalls, both at the gateway and on the individual hosts, to only accept needed TCP protocols. If FTP or Telnet isn't needed, filter them out.

 

This was first published in November 2005
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close