Hey! How Did You Get in Here?

Hey! How Did You Get in Here?

In the figures so far in this chapter, the client (Fred) happens to be using a PC that's attached to a LAN inside the Fredsco corporate network. The applications prompt Fred for a password before he can use them, but Fred's PC can go ahead and use the network without verification of his identity. Many of us don't think about it, but in most places, the physical security of the LAN is assumed.

If a company has a LAN in an office building, and there is poor physical security, the network is exposed to people walking in to the building, connecting to the LAN, and trying to gain access to servers in the network. If physical security is good, it might be reasonable to allow anyone inside the building to just sit down, plug in his computer to an RJ-45 socket in the wall, and connect to the LAN. While most enterprise networks today allow any PC inside the corporate network to attempt to connect to servers, many enterprises are adding a security step to authenticate devices before they can even send a packet to a server.