The Top Five LAN Security Issues Facing IT Managers Today

    March 1, 2006

IT managers face many difficult LAN security issues today, but are confronted with a huge array of established and emerging security technologies that promise to deal with these issues.

A quick look at the top five security problems shows there is are tools to solve each one. But the one problem/one tool approach does not solve the full range of security problems and can be difficult to manage. This approach also begs the question, “Is there a better way to handle LAN security?”

Porous Perimeters

The conventional approach to enterprise security has been to apply security at the perimeter of the network. Today, however, perimeter defenses are no longer sufficient. Increasingly, sites no longer consist just of predictable managed desktops but include a mix of unmanaged mobile devices, such as laptops and PDAs. Sometimes these devices belong to employees, but often businesses must allow guests such as contractors, partners, and others with unmanaged mobile devices to directly connect to the internal network. These devices may be infected with malware and thus could inject a worm, bot, trojan, or other malware directly into the access port of the corporate network, bypassing perimeter defenses.

To cope with the threat posed by unmanaged mobile devices, client-side security measures are becoming essential. Network access control, a broad category that includes endpoint integrity compliance verification for up-to-date security patches and anti-virus signature files; user authentication for network access; and identity-based policies to control network use can mitigate these threats. However, these solutions only are effective if they are applied close to or at the point of entry to the network.

Increasingly Sophisticated Attacks

Perimeter-based security strategies are also no match for the increasing sophistication of attacks on the network. The hacker profile has begun to shift from adolescents crashing systems for fun to professional criminals bent on taking over systems for profit.

New strains of malware appear to have the goal of remotely controlling the victim’s computer. Nothing prevents a remote-access trojan on an internal corporate network from being used as a perfect corporate spy. A number of infected machines can be formed into a botnet and used to extract ransom with the threat of a DoS attack.

Spyware has become a commonplace element of both freeware and commercial downloads, and is often installed without the informed consent of the user. Spyware not only extracts personal information for potential sale, using, for example, keystroke loggers, but can also deliver sensitive corporate information such as user passwords. Since spyware runs on clients, it can avoid detection by disabling anti-virus and other client-side software security controls.

Some form of in-network security device that can apply a combination of behavioral anomaly detection and traditional misuse detection can be used to effectively detect and identify infected end systems. Enterprises need not only to detect infected end systems but also to swiftly isolate and, ideally, clean, remediate, and return them to productivity.

Unauditable Networks

Many enterprises built LANs with the assumption that internal users are trustworthy. Little thought was given to understanding exactly what devices are connected to the network, where these devices are located, and what users are doing with them. As a result, enterprises are finding themselves ill-equipped to deal with problems introduced by mobile end systems and end users.
Furthermore, the increasing number of regulations on data protection and compliance verification, including privacy, financial, health records, state information processing laws, and even anti-terrorism acts, has raised the importance of auditing network activity.

Enterprises need visualization and audit tools that associate different network identifiers and locations. Such tools could, for example, find the user, access port, and MAC address when given an IP address. The tools should also be able to display the location from which the user has accessed the network in a form that can IT can quickly understand.

Uncooperative Employees

Even with security awareness programs and employee censure for lax security practices, users still view security as something that gets in the way of doing their job. Users will often abort full disk scans, or even disable anti-virus or anti-spyware applications, if they believe they measurably slow down the computer.

Network access control mechanisms that perform periodic integrity re-assessments and policy compliance verification, and that have the ability to isolate an endpoint that fails, can mitigate the potential damage done by uncooperative employees.

Risky Applications

New types of collaborative computing tools, such as Instant Messaging, VoIP, and wireless, are increasingly in demand, since they enhance productivity and allow users to be in touch 24×7. However, many of these tools bring with them increased security risks, primarily because their reach extends within and beyond the traditional network boundary. Exploiting vulnerabilities in these applications can provide hackers a fast path into the network. Many of these kinds of exploits are difficult to detect and control, since they tunnel over allowed protocols such as IM and HTTP, and traditional firewalls cannot distinguish them from benign traffic.

Enterprises need application firewalls, sometimes referred to as “deep-inspection” firewalls, to recognize, monitor, and provide content-based access controls for collaborative computing tools.


There are so many IT security issues today that it sometimes becomes difficult to prioritize them. While there are tools to mitigate each specific risk, these tools can introduce another problem-how to manage these disparate systems and, at the same time, try to understand the alerts and alarms that they continuously produce.

Today a new generation of LAN security solutions is emerging that integrate the functions of many point security products into a single appliance that provides broad access control, deep threat defense, and fast threat response-and that can secure every user on the LAN, whether an employee or not. These appliances not only fully protect network assets from security threats but also simplify deployment and operations, making it are easier and more cost effective to provide full LAN security.

Joseph Tardo, Senior Principal Scientist, Nevis Networks

Joe Tardo brings over 25 years of experience in all aspects of computer and network security. He is responsible for the development of the Nevis Security Architecture, product feature set and deployments. Prior to Nevis Networks, he was a Senior Principal Scientist in the Security Line of Business at Broadcom Corporation , where he designed software interface and functionality for SSL and IPsec acceleration ASICs, and architected IPsec and SSL reference platforms using network processors and Broadcom’s security ASICs.