Enterprises with more than one location must juggle their networking security between the local area network (LAN) and the wide area network (WAN). A LAN is used to connect users within a small geographic location, while a WAN is used to connect LANs over a broader area. The interconnectedness of the LAN and WAN means that network professionals must have a good grasp of LAN and WAN security.
LANs and WANs serve different purposes, but they also differ in areas like speed, technologies used, and transfer rates for data. There are also important differences in the threats to each type of network and the steps that enterprises must take to address them.
Securing the LAN
A LAN is local and managed in-house, so it seems that it should be relatively secure. It is utilized by a single company or department within a company and doesn’t connect directly to other LANs.
Insider threats with access to sensitive data or who mistakenly download malware are two of the most common problems with LAN security. It often occurs in the form of an employee who falls prey to a phishing email or who connects an unauthorized device to the LAN.
Using the right security procedures for those with access to the equipment, combined with access management policies, can mitigate much of the risk to the LAN and avoid compromising data and systems.
In addition to the risk of connection directly to the internet, LANs also risk attacks through open ports. The LAN also requires frequent changes to the router administration credentials.
Many enterprises address these threats through the use of a wireless LAN or by using Wi-Fi, but these are not risk-free options either. In the case of a wireless LAN, an evil twin attack can be used to impersonate a LAN access point and lure users into a connection. A virtual private network and encryption can help protect against an evil twin attack. Enterprises can also consider using a virtual LAN to isolate certain sets of data or systems from the broader LAN.
Securing the WAN
Many of the concerns surrounding WAN security involve its widespread design connecting LANs across geographic locations. It requires a connection through the public internet or using access via a third-party telecom. The enterprise will have little or no information about the physical protections impacting the WAN with a third-party telecom, and a connection through the internet adds more threats.
Enterprises need to bolster security protocols with encryption that protects data in transit, as well as appropriately configure the routers and firewalls for the WAN.
Virtual private networks (VPNs) offer secure connections between the locations on the WAN because they can encrypt data, but they should not be solely relied upon for WAN security. Enterprises may also want to consider a software-defined WAN (SD-WAN) to enable a more centralized management and segmentation of traffic. SD-WAN also eliminates the data bottlenecks that can congest the WAN.
Enterprises need to keep in mind that implementing SD-WAN means moving security from a centralized firewall out to the edge. Adjustments need to be made to the provisioning process, and they may want to consider a zero-trust approach or a software-defined perimeter to the network.
When contemplating LAN and WAN security, contact us at eXemplify. We can help you identify any vulnerabilities in your network and then determine if SD-WAN or another infrastructure upgrade is right for your organization.