Practical solution to prevent users from sniffing traffic

Practical solution to prevent users from sniffing traffic

Can you please advice me of a practical solution to prevent users from sniffing traffic (revealing others data and passwords) inside my LAN. All switches and routers are Cisco, and the LAN contains more than 500 users.

    Requires Free Membership to View

    Login

    By submitting your registration information to SearchNetworking.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchNetworking.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

One word: encryption! Encrypt your data using a strong cipher. Avoid using programs such as FTP, Telnet, Remote Shell (rsh), etc, which use clear text and can be easily sniffed. Instead, use Kerberos tickets for your LAN, private/public key pairs for transfers, VPN for remote connectivity, SSL for commerce site, and encryption (EFS) for Win2K. Prevent unnecessary services and ports from going through your routers and firewalls. Read through my series for security tips on configuring Secure FTP (SFTP) and SSH2 Server; protecting your border routers and firewalls; securing your web servers and database servers.
Kind regards,
Luis

This was first published in May 2003

Back to top