How to secure your subnets

Hi!

Can anyone point me to some good resources in securing your LAN (different
subnets)?

We have a windows network with different subnets and I want to make these
subnets more secure. If subnet A is the headoffice and subnet B,C and D
branch offices. A and B should have quiet open traffic but between B and C
it should be pretty close. Where should I begin?

regards
Tomppa

I think IPSec is best for you.

--
Dmitry Burtsev [(E-Mail Removed)]



"Tomppa" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi!
>
> Can anyone point me to some good resources in securing your LAN (different
> subnets)?
>
> We have a windows network with different subnets and I want to make these
> subnets more secure. If subnet A is the headoffice and subnet B,C and D
> branch offices. A and B should have quiet open traffic but between B and C
> it should be pretty close. Where should I begin?
>
> regards
> Tomppa
>
>
>
>
>

See http://www.microsoft.com/ipsec as a starting point.

--

Mark Swift
Software Test Engineer
IP Security
Windows Networking
Microsoft

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

--

"Burtsev Dmitry" <(E-Mail Removed)> wrote in message
news:e6enR$(E-Mail Removed)...
>I think IPSec is best for you.
>
> --
> Dmitry Burtsev [(E-Mail Removed)]
>
>
>
> "Tomppa" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi!
>>
>> Can anyone point me to some good resources in securing your LAN
>> (different
>> subnets)?
>>
>> We have a windows network with different subnets and I want to make these
>> subnets more secure. If subnet A is the headoffice and subnet B,C and D
>> branch offices. A and B should have quiet open traffic but between B and
>> C
>> it should be pretty close. Where should I begin?
>>
>> regards
>> Tomppa
>>
>>
>>
>>
>>
>
>

Hi!

Ipsec could be one thing, but what I had in mind was more something about
securing on hardware level. Minimize traffic between routers. A network
expert talked about putting more info into the routers:

Ip addresses
Port numbers
Direction
Protocol

Does this make sense?

Tomppa

"Mark Swift [MSFT]" <(E-Mail Removed)> skrev i meddelandet
news:%(E-Mail Removed)...
> See http://www.microsoft.com/ipsec as a starting point.
>
> --
>
> Mark Swift
> Software Test Engineer
> IP Security
> Windows Networking
> Microsoft
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> Use of included script samples are subject to the terms specified at
> http://www.microsoft.com/info/cpyright.htm
>
> --
>
> "Burtsev Dmitry" <(E-Mail Removed)> wrote in message
> news:e6enR$(E-Mail Removed)...
> >I think IPSec is best for you.
> >
> > --
> > Dmitry Burtsev [(E-Mail Removed)]
> >
> >
> >
> > "Tomppa" <(E-Mail Removed)> wrote in message
> > news:(E-Mail Removed)...
> >> Hi!
> >>
> >> Can anyone point me to some good resources in securing your LAN
> >> (different
> >> subnets)?
> >>
> >> We have a windows network with different subnets and I want to make
these
> >> subnets more secure. If subnet A is the headoffice and subnet B,C and D
> >> branch offices. A and B should have quiet open traffic but between B
and
> >> C
> >> it should be pretty close. Where should I begin?
> >>
> >> regards
> >> Tomppa
> >>
> >>
> >>
> >>
> >>
> >
> >
>
>

Running routers with ACLs is the standard way to do this, but it should be
the exception and not the "norm". It should only be done on subnets that
are "special cases". Filtering requires processing which causes
latency,...if you get too carried away with it you will at best cause poor
performance and at worse create such a mess that nothing works right.

Most filtering should take place at the LANS "edge" where it meets the
Internet, but traffic in the LAN, which is *extremely diverse*, was meant to
function freely within the private LAN.


--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


"Tomppa" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi!
>
> Ipsec could be one thing, but what I had in mind was more something about
> securing on hardware level. Minimize traffic between routers. A network
> expert talked about putting more info into the routers:
>
> Ip addresses
> Port numbers
> Direction
> Protocol
>
> Does this make sense?
>
> Tomppa
>
> "Mark Swift [MSFT]" <(E-Mail Removed)> skrev i meddelandet
> news:%(E-Mail Removed)...
> > See http://www.microsoft.com/ipsec as a starting point.
> >
> > --
> >
> > Mark Swift
> > Software Test Engineer
> > IP Security
> > Windows Networking
> > Microsoft
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > Use of included script samples are subject to the terms specified at
> > http://www.microsoft.com/info/cpyright.htm
> >
> > --
> >
> > "Burtsev Dmitry" <(E-Mail Removed)> wrote in message
> > news:e6enR$(E-Mail Removed)...
> > >I think IPSec is best for you.
> > >
> > > --
> > > Dmitry Burtsev [(E-Mail Removed)]
> > >
> > >
> > >
> > > "Tomppa" <(E-Mail Removed)> wrote in message
> > > news:(E-Mail Removed)...
> > >> Hi!
> > >>
> > >> Can anyone point me to some good resources in securing your LAN
> > >> (different
> > >> subnets)?
> > >>
> > >> We have a windows network with different subnets and I want to make
> these
> > >> subnets more secure. If subnet A is the headoffice and subnet B,C and
D
> > >> branch offices. A and B should have quiet open traffic but between B
> and
> > >> C
> > >> it should be pretty close. Where should I begin?
> > >>
> > >> regards
> > >> Tomppa
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> >
> >
>
>