How to overcome (LAN) network monitoring pain points

Network managers have a big responsibility when it comes to monitoring LANs and keeping them secure. So, what are the most common monitoring challenges?  And how can test equipment help?

Any organisation’s cyber security defence needs to start at the edge of its network. Virtual attacks, also known as “cyber-attacks” or network hacks, come from remote locations and attempt to access a network by exploiting vulnerabilities via the internet. There are also physical attacks, where the threat attempts to infiltrate the network by connecting directly to it through physical media. Commonly, through an organisation’s Wi-Fi network or LAN cabling system.

Network managers may get complacent because they feel like their organisation is not a target with valuable information to protect. However, they should always consider these potential threats and how network attacks can take a matter of seconds.

Overcoming network security challenges with LAN security measures

Unfortunately, network protection technologies like IEEE 802.1x, which requires any device to log in to the network at Layer 2, have proven difficult to implement and manage, so many organisations are abandoning these solutions.

This means that network managers need to be continuously monitoring their networks for unauthorised network devices.  Many tools exist to accomplish such tasks ranging from PC/mobile device applications to handheld testers and dedicated network security “boxes”.

Handheld network testers provide a simple way to connect to a network via wire or wireless and scan all the devices, generating a list that can be compared to previous scans or a list of known MAC (media access controller) addresses.

Apps running on mobile devices are convenient to use and often free. The main downside is that most networks are configured to have some level of segregation between the wireless and wired portions of the network. Meaning a network scanner that connects via wireless only may not detect intruders on the wired LAN as in the example mentioned above. 

What should be monitored on your Local Area Network?

Network monitors, whether hardware or software, primarily look at the MAC and IP addresses of a device to identify it on the network. The MAC address is hard-programmed into the Ethernet chip (PHY) of a device and each one on the planet is unique. The MAC identifies the manufacturer and provides a unique “serial number” for that manufacturer. Because MACs are unique, they are the easiest thing to track on a network.

In ultra-high security networks, only approved MACs (devices) may operate on the network. Therefore, any new device brought into the network must have its MAC recorded and programmed into the network router(s) as an allowed device. It’s a very time consuming yet relatively safe system.

However, even MAC level security is not 100% secure. Software tools allow network intruders to spoof another MAC address. Spoofing alters the data frames of an attacker’s computer and changes its own MAC address to be the same as an approved device that is already on the network.

For increased protection, network managers can go so far as to track the association between MAC addresses (permanent hardware ID) and IP addresses (temporary software addresses). They can then be alerted when a device on the network is using an unauthorised combination of MAC and IP addresses.

A handheld network tester like LanXPLORER Pro from TREND Networks, for example, can scan a network and record a list of associated MAC and IP addresses. A network technician can periodically re-scan the network and be alerted to changes in the association list. A network tester like this will also detect issues where two different devices are using the same IP address or where two IP addresses are coming from the same MAC. Both are indicators of an unauthorised device on the network.

How can LAN testers help?

In-line or dual port LAN testers are designed to sit silently between any two points in the network, like a switch and a router, and monitor the packets going back and forth. It is with this type of connection that all devices and the total bandwidth can be monitored.

TREND Networks’ LanXPLORER Pro is a versatile LAN tester for network diagnostics, maintenance and auditing. A dual-port design allows the network tester to be connected between any two network devices to monitor all traffic. The LAN tester also features a 2.4/5.8GHz Wi-Fi radio to scan access points, channel use, AP signal strength and SNR which helps optimise Wi-Fi networks.

Find out more about LanXPLORER Pro or contact us to demo our network testers.