Flat Network Strength Also A Security Weakness

Upcoming Events

Take a fresh look at video conferencing ROI. It's not just about sunk costs, but the ability to measure existing capacity and future savings potential for your organization. How are employees adopting video conferencing today? What's working and what's not? And what's the roadmap for the future? Hear from one leading company who is bringing a new approach to delivering on the promise of cost savings via virtual collaboration.

See what others are doing to make it work - increasing video utilization and decreasing travel expenses without additional investment.

Register Now!

Flat Network Strength Also A Security Weakness

Posted by Frank J. Ohlhorst
March 22, 2012

Dreger identifies the key security elements for L2 as strong segmentation and filtering options between L2 entities; intuitive labeling and management of devices, because VLANs won’t necessarily provide context clues; consistent application of L2 access controls via usable tools; security controls designed for the unique requirements of virtual environments (for example, quick system builds and virtual machine migration); and an ability to clearly show how traffic is being controlled to meet audit requirements.

It is the above elements, combined with best practices, that will bring a stable security footing to flat networks. Naturally, it will also take an active management role to further improve security. That active management can take the form of defining rules on security appliances that support L2 firewalling. In most cases, those rules will take the form of VLAN access control lists (VACLs), private VLANs (PVLANs) and filtering controls.

Dreger reports that VACL technologies can be used in much the same way as traditional L3/L4 ACLs, with the added benefit that they are also applied at L2 on a physical switching/routing device. That means a VACL can filter traffic bridged between devices on the same VLAN and does not just need to apply to routed traffic going into or out of a VLAN. VACLs can be defined to block specific traffic types (such as UDP and TCP) and be applied directionally to and from various hosts. More specifically, VACLs can be tied to specific interfaces or be more generally applied to a whole VLAN.

Of course, VACLs are only the beginning when it comes to securing flat networks at the L2 level. Administrators will need to still take a layered approach to security, further fortifying virtual devices, virtual machines, applications and other members of a flat network architecture. Here, security begins to take a more familiar form, using the same security tools that tiered networks have come to rely on.

Dreger writes, "Fortunately, when you understand VACLs, PVLANs and L2 firewall control options in the physical realm, VM-centric controls will not appear radically different." In other words, if administrators can conquer the physical portion of L2 network security, the virtual elements should pose little or no problem.

Learn more about Strategy: SIEM by subscribing to Network Computing Pro Reports (free, registration required).

Page: « Previous Page | 1 | 2

More Insights


	To upload an avatar photo, first complete your Disqus profile. \| Please read our commenting policy.

Next Gen Network Reports

Data Center Interconnects: An Overview

It's common for organizations of a certain size to have two data centers as part of a disaster recovery or business continuity plan. A data center interconnect extends an Ethernet network between two physically separate data centers. While the idea is simple, Ethernet wasn't designed to run across a WAN. Thus, a DCI implementation requires a variety of technological fixes to work around Ethernet's limitations. This report outlines the issues that complicate DCIs, and examines the variety of options companies have to connect two or more data centers, -including dark fiber, MPLS services and MLAG, as well as vendor-specific options such as Cisco OTV and HP EVI.

Is Hosted VoIP Right for You? 6 Must-Ask Questions

We outline six questions you must ask when deciding whether to move your telephony system to a hosted VoIP provider, including questions about reliability, branch survivability, E911 capability and whether you�re looking for additional collaboration services. We also outline how to price a hosted VoIP option.

Understanding Flat Networks

A flat network or fabric provides more paths through the network and can maximize bandwidth and better support a highly virtualized data center. We'll look at standards-based approaches to designing a flat network, including TRILL and SPB, as well as proprietary implementations. We'll also discuss the implications of moving to a flat network and provide guidance to help you decide if this approach is right for your data center.

3 Paths To Network Convergence

Separate data and storage networks might have been necessary when Fast Ethernet was pitted against speedy, special-purpose Fibre Channel, but Ethernet's evolution has obviated most of the performance differences. We'll examine the trends behind network convergence, share exclusive research, and outline three deployment scenarios for those who want to merge data and storage networks.

Networking In A Virtualized World

Virtualization is rapidly evolving into a core element of next-generation data centers. This expanded role places new strains on the network. This report explore the technical issues exposed by virtualized infrastructure and looks at standards, technologies and best practices that can make your network ready to support virtualization.

Premium Content

Plan Now for the Hyperconverged Enterprise Network

In this Gartner report, industry analysts explain why changes in the business and application environment will result in up to 80% of end-user traffic moving to the WAN by 2014. This is a significant change to the old rule of thumb that 80% of traffic will stay within the enterprise LAN, and it means that network design is facing radical new requirements for network connectivity and performance. Find out how enterprises can modernize their network planning processes across IT groups to ensure they continue to meet business and end-user needs.

Infographic: Forces Disrupting the Network

Big data, mobile computing, social media and cloud computing are massively disrupting the network. Get the facts in this infographic.

Building for the Next Billion: What the New World of Business Means for the Network

Download research from Forrester Consulting to learn new approaches to network design, infrastructure and management. Find out how to transform your network into an Intelligent WAN that will help ensure your ability to meet IT challenges now and in the future.

Video: Wine.com Uncorks Network Bottleneck with MPLS

Watch how consolidating networking services with XO MPLS IP-VPN has given Wine.com a more scalable network that provides faster data speeds, prioritizes business-critical data, and delivers improved cost-efficiencies by converging voice and data traffic over a single IP network infrastructure.

Choosing the Right Ethernet Solution for Your WAN

Many enterprises are extending Ethernet to the WAN. Learn about drivers for adoption, benefits, the technology behind Ethernet services in the WAN, and how to evaluate the best service provider for your business.

Research and Reports

FEATURED RESEARCH

State of Server Technology

FEATURED STRATEGY

The Long-Distance LAN

Register for Network Computing Pro

Find hundreds of reports featuring research from your peers, and best practices from top IT pros.

Video

Network Computingwww.networkcomputing.com

Upcoming Events

An Interop Webcast:
Video Conferencing-ROI Deep Dive: Are you leaving money on the table?

June 20, 2013
11:00 AM PT / 2:00 PM ET

Subscribe to Newsletter

Vendor NewsFeed

Flat Network Strength Also A Security Weakness

Posted by Frank J. Ohlhorst
March 22, 2012