Ask the Expert

Security differences between a LAN and WAN

Generally, what kind of security needs to be considered in a network management environment? What's the different between security in a LAN and WAN network?


    Requires Free Membership to View

The primary difference between a Local Area Network (LAN) and a Wide Area Network (WAN), besides the technology used, is that generally you have control of all the resources for a LAN, but not for a WAN.

For example, for a single company LAN (not connected to another LAN or to the Internet), that company can provide physical security for the entire LAN and all the connected computers. They can provide background checks for all the people that have access to all of the equipment. They can establish security policies and procedures that can be enforced on all the equipment. All of the threats to the system come from within (assuming adequate physical security).

As soon as the LAN is connected to another LAN or the Internet and becomes a WAN, all of that changes. The company does not know what physical protections have been made to the rest of the WAN, only its small portion. In the case of an Internet connection, they have no idea who might try to access their LAN. The entire threat model changes. Not that any of the threats from the LAN-only environment have gone away, but many more have been added. One can think of the threat profile for a LAN as being a subset of the threat profile for a WAN.

This threat profile is what helps to decide what security measures are appropriate. In terms of network management, within a self contained LAN, there probably is no need to have network management protocols encrypted, or special authentication done for those protocols (unless you are worried that insiders may attempt to "manage" your network for you). On the other hand, you probably do not want your network management protocols to traverse the Internet without protection. Nor do you want your computers on a remote segment to respond to network management requests that are not authenticated.

So, as with any computer system or network, the first steps are to identify what the threats to your system or network are and what needs to be protected. Then you can go about devising ways to provide the required protection.


This was first published in October 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: