Tutorial

Secure network architecture best practices: DMZ and VLAN security

NAC security learning guide

This mini learning guide is a part of SearchSecurity.com’s multi-page series, NAC security guide: How to achieve secure network access in the enterprise

    Requires Free Membership to View

    Login

Ensuring your network architecture is secure is an essential component of a solid network security strategy.

This mini learning guide will cover best practices for achieving and maintaining a secure network architecture, discussing several aspects of DMZ security and VLAN security, including outlining VLAN attacks and how to prevent them.

How to compartmentalize Wi-Fi traffic with a VLAN
Configuring virtual LANs (VLANs) to tag Wi-Fi traffic can create be an effective way to increase greater security for an enterprise wireless network. Learn the difference between wired LAN and wireless network traffic and how to use these VLAN capabilities, found in both wired and wireless devices, to tag and compartmentalize Wi-Fi traffic, supporting your company's security and traffic management policies.

Popular VLAN attacks and how to avoid them
How to secure a VLAN from popular attacks such as the VLAN hopping attack and Address Resolution Protocol attack.

Configuring three or more switches to support a VLAN and partition a network is a fairly simple and straightforward process. However, ensuring a VLAN can withstand an attack is a different story! In order to secure a VLAN, you need to know what to protect it from. Here are a few of the most popular attacks against VLANs, ways you can fight them, and in some cases, minimize their effect.

More advice on DMZ and VLAN security

In this tip from SearchServerVirtualization.com, learn how virtualization affects DMZ design.

In this excerpt from, How to Cheat at Managing Information Security, author Mark Osborne examines how remote access DMZs can mitigate risks of unsecured remote access endpoints.

Segmenting a LAN to isolate malware
Is it possible – or beneficial – to isolate a worm or virus by segmenting a network LAN?

In this Q&A thread, which originally appeared on the IT Knowledge Exchange, learn about the disadvantages and risks associated with segmenting a LAN to isolate malware and Trojans, as well as best practices and the related alternatives for keeping malware off your corporate network.

How to set up a site-to-site VPN to coexist with a DMZ
Looking to set up a site-to-site virtual private network (VPN) within a demilitarized zone (DMZ)? In this Q&A, network security expert Anand Sastry, a SearchSecurity.com featured security expert, explains best practices for deploying a site-to-site VPN endpoint in a DMZ-type architecture.

How to set up SFTP automation for FTP/DMZ transfer
In this expert response, contributor Anand Sastry discusses DMZ security and explains how to create SFTP automation for locking down internal FTP/DMZ transfers and how to leverage public key authentication in order to do so.

This was first published in March 2012

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top