by Stephen Smith
Some might think of it as the good old days — that time when security and IT systems ran on separate networks and security folks did not have to worry about sharing bandwidth or protecting their data from hackers to the main system.
But standalone systems have given way to large-scale enterprise networked environments, especially in corporate, medical and educational settings. And with that comes the challenge of managing these systems to make them faster, more efficient and, most importantly, protected from outside intrusion.
There are several danger factors associated with flat, or unmanaged networks, beginning with a lack of inherent visibility. All the computers operating on a flat local area network (LAN) have the ability to connect with one another without anything to prevent this. Because they are able to communicate unimpeded, they are also vulnerable to would-be attackers from several points.
For example, an employee using a computer on this network could introduce a virus or make the system vulnerable to a hacker by downloading a particular file or linking to a suspicious website. That cute cat or kid video may seem innocuous, but it could leave a system open to a serious external threat.
Many companies wrongly believe that if they have a strong, hardened perimeter for their network, they do not have to spend as much time on defending the internal components — but that is not the case in today’s environment.
Security Systems: Another Back Door
Security systems with access control components and video cameras that operate on enterprise-level networks can become conduits, or attack vectors, for savvy cyber criminals.
As some of the recent major corporate hacking incidents have shown us, it only takes a small mistake — a miniscule tear in the fabric of the system — to allow someone to gain entry and wreak havoc. Using, for example, an IP camera that someone forgot to install the latest software patch, hackers can gain access to one vulnerable part of a system, then access to another portion of the system, such as a network video recorder, and then move on to a computer, a server and eventually the overall network.
Even if preventing cyber crime is not top-of-mind for your customer’s system, there are other issues that arise from operating an unmanaged network, such as traffic problems. Without segmenting the network, data flows in an unmanaged, non-prioritized fashion — which can lead to slowdowns, interrupted phone calls and choppy video. The ability to troubleshoot these problems is worsened by the lack of visibility; after all, it is hard to find the problem when everything is lumped together.
A Solution: Managed Switches
Increasingly, security integrators are steering their customers toward smart switches — also known as managed switches — for better network management.
An intelligent switch has the ability to make the interior of the network as secure as the exterior by segregating traffic between ports and devices. Instead of data from all devices traveling along one path, the use of switches can manage the data in a way that makes sense for the system operator from a traffic, maintenance and security standpoint.
It may be decided that all the cameras will be on one segment, while computers will be on another and phone/voice data will have its own as well — thus creating Virtual Local Area Networks, or “VLANing” the network. Having a segmented network controlled by smart switches is not unlike trying to carry on a conversation in a crowded room. If everyone is talking at once, it can be hard to understand what is going on, but if people are divided up into groups and carry on their conversations in smaller segments, it makes it easier for everyone.
Because some network activities are more intensive than others — for example, video surveillance and recording takes up significant bandwidth — one activity, such as a phone call, does not suffer because a large video file is being moved across the system.
A managed switch can be set up to prioritize traffic or, via link aggregation, two ports can be bound together to provide greater speed as well as a redundant path to the next switch either upstream or downstream. Administrators can even write rules within the system, designating which devices can talk to each other. By creating such restrictions it further protects the LAN from virtual attacks.
Use of smart switches also improves the visibility issue when it comes to diagnosing problems. Each port can be managed separately. They can also be mirrored and packet data can be captured and shared with analysis software to troubleshoot an issue. Some switches can even do this from a dashboard, so the system administrator can be in the computer room, at home or in another country and still handle the problem.
When tied in with a monitoring service, smart switches can provide alerts from temperature sensors or send email or text messages when a problem occurs, such as port going offline.
Variety of Applications
While having a managed network may seem a natural solution for a large enterprise with lots of devices and systems in play, even small companies operating under certain scenarios may see the advantage of smart switches. For example, businesses that accept credit cards are required to segment cardholder data to keep it secure, and smart switches can help with that. The same is true for healthcare operators that need to protect patient information.
Smart switches do come at a price; however, in today’s regulatory climate and with the increase of cyber threats, entities of all sizes are seeing the value in smart switches and a managed network, whether they are looking to manage it themselves or are putting that management into the hands of their integrator.
Stephen Smith joined Michigan-based integrator D/A Central Inc. as a Network Engineer and Development Supervisor, where he oversees the company’s Managed Services Team, in 2015. D/A Central is a member of the Security-Net network of independent security systems integrators.
Read the original article at Security Dealer & Integrator.