Announcement

Collapse
No announcement yet.

LAN Security

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LAN Security

    Is there any way to secure internal LAN from the packet sniffer like cain, hyena, sterm just a name of few.......these software sniff everthing from ur network and gives console from where u can access any service, shut down any server.

    Thanks

  • #2
    Re: LAN Security

    You could enable IPSEC to encrypt your traffic internally.
    You can lock down workstations so they can't install or use most of that software, enable switches so they only accept certain mac addresses on certain ports to reduce random machines connecting.

    This may be worth a read:
    http://www.securiteam.com/unixfocus/2EUQ8QAQME.html
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: LAN Security

      Hi Pushkar
      As a matter of fact, from passive scanning tools there is no active 100% defense, but:
      1. Use switches and not hubs in your LAN, so all sniffers will able to sniff only addressed to them traffic. Also use switches with ability to prevent ARP-poisoning feature (Cisco Catalyst etc) to prevent sniffers from mask themselves as gateway\servers in network. Configure MAC-address security on switches to prevent rouge clients to connect.
      2. Use more strict security policy in Your LAN Servers - to prevent unauthorized users from access the servers in LAN and perform any actions without authorisation. Enable logging of successful\unsuccessful attempts to manage servers remotely to real-time monitor this issues. Configure Mail\SMS notifications.
      3. Use scheduled scripts to check internal client hosts from installing all known sniffers. Look for known files, registry entries etc.
      4. Split servers and clients with gateway machine with IDS\IPS installed to monitor all traffic in network and identify malicious activity.
      5. Always be in touch with configured systems. Use internal firewall and antivirus software.
      and more and more...
      Depend of how much time and money you want to invest in security.
      Regards
      Denis Laskov
      MCSA/E - CWNA - CCNA

      Comment


      • #4
        Re: LAN Security

        Thanks & apreaciated for detaild answer; this is really good stuff........m working on it.....i'll write my experience or difficulties if any..

        Thanks a lot!


        Originally posted by dlaskov View Post
        Hi Pushkar
        As a matter of fact, from passive scanning tools there is no active 100% defense, but:
        1. Use switches and not hubs in your LAN, so all sniffers will able to sniff only addressed to them traffic. Also use switches with ability to prevent ARP-poisoning feature (Cisco Catalyst etc) to prevent sniffers from mask themselves as gateway\servers in network. Configure MAC-address security on switches to prevent rouge clients to connect.
        2. Use more strict security policy in Your LAN Servers - to prevent unauthorized users from access the servers in LAN and perform any actions without authorisation. Enable logging of successful\unsuccessful attempts to manage servers remotely to real-time monitor this issues. Configure Mail\SMS notifications.
        3. Use scheduled scripts to check internal client hosts from installing all known sniffers. Look for known files, registry entries etc.
        4. Split servers and clients with gateway machine with IDS\IPS installed to monitor all traffic in network and identify malicious activity.
        5. Always be in touch with configured systems. Use internal firewall and antivirus software.
        and more and more...
        Depend of how much time and money you want to invest in security.

        Comment

        Working...
        X