The Channel logo

back to article Don't lose control of those fast-breeding endpoints

So you want to know about security? Well you have come to the right place. I have been here for a while and I can tell you that outside these gates it’s full of cowboys, sharks and pirates, none of whom will hesitate to take what is yours and call it their own. The above is is a quote from a brochure I wrote in an attempt to …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

splendid isolation

What has helped us a lot is the use of switches that provide a port isolation feature of some sort. Vendors have many names for this functionality port based VLANs, asymmetric VLANs, L2 isolation, etc. but the key point is that the LAN ports to which PCs are connected are prevented from communicating with each other, but some ports can be set to exchange packets with any other port - these are used for servers, printers, internet links. Nowadays one can get suitable switches at around £80 ext VAT (24-port).

When wireless APs are used that support a "client isolation" feature, plugged into an isolated port on the switch, all client-to-client comms are blocked.

0
0
Silver badge

Excellent article

Excellent article. Fundamental and concise advice. These practices work day in and day out. You will never NOT have a breach, but instances can be held to a bare minimum and it can be contained very quickly if you follow these best practices.

0
0
This topic is closed for new posts.

Forums

Opinion

iot_internet_of_things

Chris Mellor

EMC is ahead overall with HDS mounting an IoT catch-up
Ship scrapyard photo via Shutterstock
Windows 10 Universal Apps

Features

Handing over dollars picture via Shutterstock
Steve Ballmer. Pic:  Aanjhan Ranganathan
Nokia is the biggest write-off yet, but it wasn't the first
Confused computer keyboard
Last Christmas, I gave you my Cloud, the very next day you gave it away
Time to pull out the magnifying glass to swot up on those Ts&Cs