
	Home > Ask the Security Experts > Identity Management and Access Control Questions & Answers > How to protect a LAN from unauthorized access

Ask The Security Expert: Questions & Answers

EMAIL THIS

How to protect a LAN from unauthorized access

EXPERT RESPONSE FROM: Joel Dubin, past SearchSecurity.com expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 04 November 2005
What steps should I take to use filters to protect a LAN from unauthorized access?

BROWSE BY TAG

Identity Management and Access Control, Web Authentication and Access Control, Enterprise Identity and Access Management, Expert Archive: Identity Management and Access Control, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Identity Management and Access Control
	Is Identity Management as a Service (IDaaS) a good idea?
	How to log in to multiple servers with federated single sign-on (SSO)
	How to confirm the receipt of an email with security protocols
	Learn about enterprise strategy for server virtualization single sign-on
	Employee information security awareness training for new IAM systems
	Can you combine RFID tag technology with GPS to track stolen goods?
	Is there a free enterprise-caliber password-management tool?
	Cryptosystem attacks that do not involve obtaining the decryption key
	Can any firm or organization get a digital signature certificate?
	Should the CTO have domain administrator access?

Web Authentication and Access Control

Group to shed light on secure identity management threats

How to confirm the receipt of an email with security protocols

Schneier-Ranum Face-Off: Is Perfect Access Control Possible?

Kaminsky reveals key flaws in X.509 SSL certificates at Black Hat

Changing times for identity management

How to use single sign-on for Web access control to prevent malware

IBM USB banking device stops keyloggers, malware

Can mutual authentication beat phishing or man-in-the-middle attacks?

Could someone place a rootkit on an internal network through a router?

Sun launches open source OpenSSO for identity management

Expert Archive: Identity Management and Access Control

Enterprise password management policy: Finding the balance

How to conduct a periodic user access review for account privileges

Options for a mechanical door security system on a server room door

Comparing access control mechanisms and identity management techniques

User provisioning and SSO for PeopleSoft- and Unix-based products

Could someone place a rootkit on an internal network through a router?

Should a new user have to confirm an email address to gain access?

Can home PCs provide a way for viruses and spyware to enter a corporate LAN?

What should an enterprise look for in a password token and a vendor?

Using batch files for temporary user access to the local admin group

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

access log (SearchSecurity.com)

anonymous Web surfing (SearchSecurity.com)

authentication, authorization, and accounting (SearchSecurity.com)

identity chaos (SearchSecurity.com)

knowledge-based authentication (SearchSecurity.com)

multifactor authentication (MFA) (SearchSecurity.com)

walled garden (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

The first, and easiest, way to protect a LAN is to put it in a separate subnet behind its own gateway router or firewall. This segregates the LAN from other networks and makes it easier to tune any gateways into it through hubs, switches or routers.

The next simplest step, at least for a Windows network, is to simply shut off port 139 on the gateway router. This prevents a malicious user from trying to map a drive to the LAN. Similarly, turn off NetBIOS over TCP/IP on the workstations within the LAN. This prevents some bad guy from trying to directly map a drive to the workstations inside the LAN by using the NetBIOS name of the computer over a TCP/IP connection from outside the LAN.

Each workstation can also be configured to only accept traffic from specific IP addresses. Every LAN has a range of internal IP addresses assigned by whoever set up the LAN. The IP filtering feature can be set to only accept traffic from those IP addresses. But might that block Internet access? Not necessarily. If the LAN accesses the Internet through the gateway, whose IP is in the network's range of accepted IP addresses, then the LAN will still be able to connect to the Internet. But it will do so securely since it's only accepting the traffic from the accepted gateway and not the Internet directly.

And, of course, tune your firewalls, both at the gateway and on the individual hosts, to only accept needed TCP protocols. If FTP or Telnet isn't needed, filter them out.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy