LAN security aspects and relevant standards

Basic security requirements
The term "security" in everyday life, as well as in information technology, may have different meanings. To make it more explicit, how safe a certain one is from an insecure one, there are some basic requirements (or security objectives) that are outlined below:

 Reliability
 Integrity (Totality)
 validity

reliability

By the term confidentiality it is understood that the information will reach those who are allowed to own. Regarding network communication, credibility is similar to the secrecy of the message. If you send an e-mail to a recipient, you wait for the latter to read its content.
In order to guarantee reliability, various measures should be implemented: for example, data encryption or messaging between communication partners, or an incoming access, which only allows certain persons to view protected data .

Integrity (including authenticity)
If data is to be processed, a secure system must be able to guarantee that the data is correct (Integrity). It is also worthwhile here that opportunities are found to prevent errors during data transmission, or at least to be identified and corrected. Data, documents and systems must be protected against manipulation.

        Certificate of Authenticity
When it is possible to guarantee or confirm the integrity of the data and to combine the information about the creator or the author of the data with their receiver, a so-called authenticity authentication - In other words a digital signature. Authenticity also presents, in a way, a detailed view of integrity as a security objective.

validity
The third key security data objective is Availability. A secure system should be able to guarantee that the data that it processes will be accessible so that the services actually provided can be used.
Validity includes, as a rule, logical safeguards such as Measures against erroneous data deletion as well as measures that prevent the suspension of work due to hard defects or softwares. This includes, among other things, the creation of backup data on a regular basis, enabling quick data retrieval in the event of a defect. Even outside influences, such as Electricity outages or deliberate manipulation by sabotage in order to block system services for authorized users are problems with which the concept of validity should be taken. Then, when the service availability has to be guaranteed 24 hours, there are adequate solutions that enable high availability at such high levels, which, through special devices, software algorithms, and special hardware try to reach The maximum reliability of the system, so avoid the fall of the system. For example,

 Fire and Water Room Server Instructions
 Duplicate feed on servers
 Dual link (redundant) for data communication
 Connecting two or more hard disks to RAID to servers

Firewall
Firewall in principle is nothing but an intelligent filter. Firewalls are used to filter access to users, addresses, or applications, in order to prevent hostile attacks from the network. They ensure the transfer of data between "secure" private networks and "unsecured" public networks. The main area of ​​use for firewalls is the connection of LANs to the Internet. Firewalls can also be used between network shares belonging to a LAN. In addition to firewall protection, they can be used to restrict access of users to "Allowed" addresses and services via the LAN. Thus, some access to certain Internet addresses is limited.
Firewalls can be implemented as hardware or software solutions.

IDS - Intrusion Detection System (IDS)
IDS is a device or application that monitors a network or system for suspicious, malicious activities, company policy violations, generating a report for system administrators. It can be compared to an alarm system installed at home / store, which falls when entering thieves.

Standards in the field of data security
In order to reduce the time and costs of security work, and to improve security-enhancing efforts in practice, often use criteria-based catalogs that support the persons responsible for security in their work.
Below are some of the standard in the security field:

Taskforce Secure Internet
ISO / IEC 27001: 2013
FIPS 140-2 ITSEC / Common Criteria

Theme 14. Planning and documentation, requirements for network infrastructure

Structured cabling
Structured cabling presupposes an installation plan for the same cable for various services (data, video, and phone), as well as laying the groundwork for a future-oriented network infrastructure, thus anticipating changes that can be made in the future. Looking from a three dimensional perspective, we distinguish the following areas:
 The first area describes the cable between buildings located within a certain area (site). This is a distance of up to 1500 m. Optical fibers are used as cables.
 The second zone describes the connection between the floors of the building as well as the connecting cable and the respective switch-in. Fiber optic fiber is used as standard up to a maximum length of 500 m.
 The third zone includes the elements of the horizontal cable of the floor (the cable from the floor switch to the bottom of the network). As a cable is used twisted-pair (up to 100 m) or less fiber optic.

Structured cabling solutions are defined in the European Standard (EN 50173-1: 2011) for application-neutral information system cabling systems.

Structural works in the building
The most important task in the method of performing structural works is to inspect the spaces in which the works will be carried out. The environment where structural work will be carried out should be carefully checked from the inside. Pay attention to the following questions:

 Are all free wall sites or p. sh. Cupboards fixed to the wall?
 Can the required wall slits be smoothly carried out?
 How will the passage of cinnamon (cable cords) pass through the spaces where it is thought they will pass?
 Do you have to pass the main cable through the offices?
 Where and how should the main cable pass?
 Are parts of the fixed firehouse equipped?
 Can the permitted cable parameters be retained during breaks, especially for the FOC cable?
 Is there any additional work (eg on the electrical network)?
 Is there a clear plan for protection against voltage shocks?
 Is the maximum length of 100 m of cable from the switch port on the device's connection port maintained?
 Are additional works required (plastering, painting, etc.)?

Preparatory work
The purpose of troublesome cable laying is to provide jobs with the ability to connect to the ICT. In this case it does not matter which service the connection is foreseen.
If we are given the task of planning or setting up the company's communications infrastructure, then we have to act with a deep thought strategy. Hasty decisions in most cases always end up with higher costs, a chaos of partial networks with different devices, and with little or no prospect of future expansion. In this case it is necessary to collect and evaluate all necessary documentation. In any case, you have to put the desired solution on paper, then choose the tools and methods to achieve this solution.

Copper cable or fiber optic cable
A very important decision is the choice between using copper or fiber optic cables.

For any backbone that connects to the server or to the connections of floors and buildings, optic fibers should always be used. Alternatively, copper cables can be used for short distances between floors, or for connecting racks to each other. However, think that with this solution, in the event of a change of technology, or the need to transmit a larger stream of data, you may encounter great difficulty adjusting. In this variant you have to extend fiber optic cables to guarantee later expansion.
In this case, the overall costs increase, but there is always the possibility that without large additional works on the structure, a greater flow of transmitted data can be achieved. In addition, the investment costs are reduced during the first installation and additional costs will only be available if the backbone no longer meets the required needs.
Fiber optic cables should always be used when large distances are to be overcome, or when it is required to safely transmit data to a susceptible environment. In industrial areas with machines that produce powerful electric fields or in areas that need to be secure against interception, fiber optic cables should be used.
Space between buildings
For connection of buildings to each other, fiber optic should be chosen in each case. Since in this case the cable will perform the backbone function on the grid, there is no major role in the number of cables and the fiber fiber density in the cable. However, if possible, a second fiber optic cable (to provide redundancy) should be provided even if it is not put into operation. In the case of a damage to the first cable, eg. During digging, there is always the possibility of switching to the second cable and normal working continuity. Laying the second cable, as appropriate, should not be parallel to the main cable.

Infrastructure Requirements
For cabling in the third zone, plans should be put in place for established communication infrastructure conditions. When selecting plugs, patch panels and patchkabs should be based on a particular manufacturer. Care should be taken that the place where these components will be ordered will guarantee their supply for a long time and short supply time. You do not have any advantages if you are using a low-cost product, but provided by a supplier (exclusive seller).

Network and patchpanel sockets
For network sockets and patch panels, it is important to have the required features according to EN 50173 and ISO / IEC DIS 11801 in the installed state. The use of modular systems has the advantage, as it allows replacement simply by modifying the respective module elements. Such systems have as high a disadvantage.

Cabled cable
The paved cable should, for a later standard, support the maximum width of the gang. Check in advance that the cable transmission distance, including the connecting cable, does not exceed 100 meters. To reduce the breakdown in the event of a fire, a cable with halogen-free components is used. This also applies to fiber optic cables. Here, first of all, care should be taken to maintain angular bending parameters and overall condition when laying the cable in the enclosures. If the cable passes through the cellars or warehouses, then a cable that is used in the premises outside the building with moisture protection must be selected.

Rack-et
Before using racks check which requirements are absolutely needed to be met and which features may be neglected. When determining the requirements to be met by the rack, consider the security aspect of the data.
Racks apply to the following questions:

 How do the cables on the rack come from (up, down, sideways)?
 Can the side rack doors be removed?
 Is a rear door needed, or is it enough to support the wall?
 Are the front and rear door locks lockable?
 Do you need lighting inside the rack, or is lighting in the room where it is placed?
 Is additional ventilation required?
 Should an UPS be integrated into the rack in cases where power can be interrupted?

Sketch in all cases how the built-in rack will be considered considering the active / passive components control and the related backups. In this case it is important to give the components to the unit unit.