Filter
Top Products
interface (CLI) sent to the target component. Using the Secure Socket Layer (SSL) protocol over
HTTPS connections provides the same level of security enjoyed by Web-based financial transactions.
Simple Network Management Protocol version 3 (SNMPv3) limits access to sensitive Ethernet
switches that feature SNMPv3 agent software/firmware. Data and operational control functions require
user authentication, with access only permitted by specific IP addresses. Each IP address is configured
during initial set-up.
The User-based Security Model (USM) of the SNMPv3 standard specifies the use of the Data
Encryption Standard (DES-CBC), using a 56-bit key. Each manager must know the privacy key of
each agent with which it communicates. Any Ethernet switches employed should provide remote
access security for Telnet (CLI) communication, SNMP management, and Web-interface access.
Ethernet, because of its high bandwidth, is also the best protocol for deploying physical security
devices at remote and peripheral sites. Power over Ethernet (PoE) adds ease of supplying power to
remote security devices.
VIRTUAL LAN (VLAN) SUPPORT
VLANs are widely used today for reducing broadcast traffic by limiting the size of a collision
domain. Since crossing a collision domain involves a routing decision, the security of a given domain
can be assured. A VLAN creates separate collision domains or network segments that can span
multiple Ethernet switches. A VLAN is a group of ports designated by the switch as belonging to the
same broadcast domain. The IEEE 802.1Q specification establishes a standard method for inserting
VLAN membership information into Ethernet frames.
VLANs provide the capability of defining two or more Ethernet segments that co-exist on common
hardware. The reason for creating multiple segments in Ethernet is to isolate collision domains. A
collision domain includes all the cabling and hubs or repeaters supporting attached users, but excluding
bridges or routers. Reducing the number of users per collision domain also reduces the chance of a
collision and its recovery. VLANs can isolate groups of users, or divide up traffic for security or
bandwidth management. VLANs need not be in one physical location; they can be spread across
geography or topology.
VLANs, as the name suggests, create virtual LANs administratively. Instead of going to the wiring
closet to move a cable to a different LAN segment, the same task can be accomplished remotely by
configuring a port on an 802.1Q-compliant switch to belong to a different VLAN. The ability to move
end stations to different broadcast domains by setting membership profiles for each port on centrally
managed switches is one of the main advantages of 802.1Q VLANs.
Distributed with permission of author by ISA 2006
Presented at ISA EXPO 2006