Free How To Design Secure Vlan And IP Addresses Research Paper Sample

Network security is critical in the design of a network infrastructure. This is because such a design ensures that network equipment and devices including access mechanisms prevent unauthorized access. However, such can be implemented by protecting network links, hardening network devices such as routers and switches either through configurations or implementing new levels of security to perform the functions. The technology to be used in enforcing enterprise wide security matters a lot, some such as the Virtual Private Network guarantees security through encryption where data is encrypted and routed over a tunnel across the public network, while at the same time implementing security protocols to ensure secure transmission. In designing My Co network, the edge router needs to be secured before securing the vlans to ensure that no illegitimate traffic passes the network defense parameter to compromise the whole network. In the design of a secure vlan, there are considerations that need to be met because of the number of vlans participating within the network. This is to defend the network against potential vlan attacks and storms that may distort or interfere with network traffic. The vlan switches need to be protected from unauthorized attempts that may lead to changes on the switch configurations. This can be done by storing the switches in a safe location where only authorized administrators can be able to perform configurations on them.
The design can also include end-point security devices to protect the network against layer two attacks. Some of the implementations include implementing secure shell (SSH) access to secure access to switches, port security on vlan switches to mitigate storms within the network. On the other side, it is necessary for an administrator to configure port security to prevent MAC address table overflow attacks and implement a dedicated management vlan for administrators to configure security features as the network grows. Vlan attacks take advantage of incorrectly configured trunk ports. It is important to configure switch port security to mitigate against attacks such as hopping attacks. There are mechanisms that are implemented to prevent such attacks that take advantage of configuration vulnerabilities. This ensures that switches remain protected against mac spoofing and mac table attacks. This is done by limiting the number of mac addresses that communicate with the switches. It ensures that only a limited number of mac addresses and devices that are authentic can communicate with the vlan switches. This ensures that only devices with marked addresses are able to forward frames to other devices within the network. The importance of securing switch ports is to enable the switch to allow some actions when port violation occurs. Portaging needs to be configured as either absolute or inactive. Absolute portaging ensures that the mac addresses get deleted after a specified aging time while inactive ensures that mac addresses get deleted when they remain inactive after a specified amount of time. In order to maintain availability, switches need to be configured with port fast parameters. This ensures that there are no loops and stp attacks on the network. The vlan trunks also need to be secured against vlan hopping attacks which can be done by allowing trunking on switch ports that require trunking and through the use of a dedicated native vlan in the network to stop the attacks since they use an 802.1q encapsulation. In IP addressing within a vlan, the IP addressing scheme need be extendable and should be able to support security principles in the design. The ip addresses can be manually assigned to only issue credible devices access to other vlans. On the other side, dynamic host configuration protocol (DHCP) can be used to automatically issue the IP addresses to devices requesting for the same. Static ip address issuance is advantageous compared to the dynamic issuance. It is because an attacker can place a rogue dhcp server within the network, to issue fake IP addresses then use it to launch an attack. Configurations must be made to protect the network against dhcp snooping attacks. On the other hand, it is also necessary to implement access control lists (ACL) on the network. This controls access through permitting and denying certain traffic from communicating with certain segments of the vlans. Known as vlan access lists, they are used to filter traffic based on IP addresses hence deny VLAN traffic from accessing sensitive segments of other vlans. A Cisco switched port analyzer can also be used together with a dhcp server to monitor all traffic in order to detect any illegitimate ip address and traffic. Network security is implemented widely within a network to prevent unauthorized access. This is possible through implementing configurations on switches connected to the vlans. Port security and vlan trunk security are some mechanisms that safeguard a network against threats and attacks. These implementations are used to secure the network, therefore, sage guarding and enabling a tamper proof network is critical to ensuring a safe computing environment that is free from network attacks and threats.