04 December 2007
I'm hearing more about new kinds of attacks on LANs, such as
voice-over-IP attacks or exploits that use printers as a source of
attack. How can LAN security help me prevent those attacks?
It's absolutely true that these kinds of attacks are on the rise. In fact, the SANS Institute
recently listed client-side attacks as one of today's most critical
vulnerabilities. While it may be foolhardy for any of us to think we
can fully prevent such attacks, you certainly have some strong options
for mitigating the threat that they pose to your enterprise.
One of the first steps to take is to implement an authentication scheme
in your LAN that encompasses devices as well as users. If you're
pursuing something like 802.1x, it won't be sufficient because phones,
printers, medical devices, robotics and other devices for the most part
will not be able to support the required 802.1x supplicant.