Network security is a critical component of running an IT infrastructure. With so many security threats that IT organizations and MSPs need to defend against, network security remains a key aspect of that defensive posturing. One way of doing so is with VLAN steering. Because of this, the question many business owners and executives have is why use VLAN steering?
What is VLAN Steering?
Before diving into the benefits of VLAN steering, which is also referred to as VLAN assignment or VLAN tagging, we should dive into what it is. Historically, most IT networks are flat, that is, the network is joined via a wired or WiFi connection, with open traverse to any IT resource connected to the network. End users can interact with applications, files, and other server functions, regardless of whether they require access to it or not. Security in this scenario is based at the IT resources level, so accessing resources is secured by simply logging into them with username/password combinations.
Over time, sophisticated MSPs and IT admins started to ask why a user or group of users that aren’t permitted into a particular resource could access it from a networking perspective. Why wouldn’t the IT resource simply be invisible to those that should not access it? After all, since anyone could access the login screen of the resource, any bad actor with hacked credentials could access it just by making their way on to the network.
So, in attempts to preemptively protect network security, VLAN steering was developed. By segmenting the network into various tiers based on how much of the network they could access, less impactful credentials received access to less of the network. Unlike a flat network, this tiered network limited users to solely the segment they belonged in. That way, hackers outside or inside the network would need higher level credentials with access to the particular target of their attempted breach.
For example, a developer would not have access to the financial systems, while the finance team wouldn’t have access to the source code repository. Through the 802.1x networking protocol, (Read more...)