In smaller “mom and pop” networks, all the resources and users are all on the same Local Area Network (LAN). These are the easiest to setup and typically resemble most home networks. The Wireless, and wired networks are typically all on the same IP space along with any printers or resources. The disadvantage here is that every device can easily see (communicate/scan) all other devices. For example, if a hacker gains access to one device/workstation, then they can see in their local MAC table all the local devices’ MAC addresses. From here, a hacker can figure out if it is a Dell laptop, a HP printer, a Cisco router, or a Synology disk array. That tells them which devices they can attack and what possible vulnerabilities and resources might be there. As you add more devices and users this problem increases.
The fix to limit this visibility is to segment or break up the network. By segmenting the network you are limiting visibility (communication) to other portions of the network. If a hacker cannot see a device, it makes it much harder to attack that device. At a base level, by segmenting you can no longer see MAC address from devices on other portions of the network.
Here are some advantages of network segmentation:
- Increased Security
- Allowed Access Control
- Monitoring
- Better Troubleshooting
- Increased Performance
- Possible Containment
Interested in seeing how failing to implement this simple security fundamental caused one major retail chain to suffer a major breach? See our related post, Segment Your Network! Or Else…
Jason Howe, PEI
Ready to get smart about your security? Contact PEI for a network security assessment to ensure you’re not vulnerable to these types of attacks.
