Sorry I haven't written in so long but my new wife and I finally went on our honeymoon to South America. It was a great time. We went to a sleepy town called Buzios in Brazil and then to Buenos Aires and Mendoza in Argentina. Each city had its own charm and culture but they all had one thing in common HUGE wireless towers. You can tell you are obsessed when you have beauty all around you and you are constantly looking up in the sky. But I digress...
In Buenos Aires we stayed at the only "large" hotel on our trip. It was almost 200 rooms with a full business center, modern amenities, etc but the Internet was very slow so I couldn't write this while I was there. I did noticed however that the hotel had a hodge-podge of low cost analog CCTV cameras in "strategic" locations so I became curious. I went down to the business center, logged onto one of the noisy "white box" XP PCs that are prevalent in that part of the world and double clicked on "my network places". Guess what I found...You guessed it, all the hotels DVRs! I manged to find each IP addresses of each in a matter of seconds and could double click on them and get to the log in prompt instantly. Well, luckily I am not a malicious user and most of the young girls that were visiting the hotel with their parents checking their facebook accounts (for hours) didn't seem too bad either but, with a little work, anyone with the intention of harming the hotel or its guests would have access to the records of his/her wrong doing at their finger tips.
The moral of this story is USE VLANS! This is especially true for hospitality environments where you have hundreds of unmonitored guest users a day playing around on your computers who have absolutely no business looking at anything on the corporate network. I have spoken briefly about VLANs in the previous introductory posts but in basic terms a VLAN is a carved out section of you existing local area network (LAN) that you can dedicate to different user groups, apply different security policies to and most importantly segregate from other VLANs on your network.  VLANs can not speak to one another unless you introduce a router or layer3 switch into your network to make the connection between them.
We have segmented many flat (no VLAN) networks for our customers over the years and the increase in performance, control and security they see from the relatively painless upgrade is well worth the effort. Just ask yourself one question and you will see the value; What is the point of physical security if you don't protect the network that facilitates it?
Thanks for reading and as always comment away.
HAPPY NEW YEAR!
Ronen Isaac Continental Computers & WLANmall.com