Network Behavior in a Multinetted Environment
(like Interim Network 21)
Table of Contents
Description of a Multinetted Environment
A network is said to be multinetted when multiple logical groups of computers are brought together within a single broadcast domain (in our case, an Ethernet is a broadcast domain). These logical groupings of machines can be an IP subnet, an NT Domain, or an AppleTalk zone. Many of these protocols depend on broadcasts to relay information to their group; however, broadcasts are seen by the entire network which may cause computers outside of the logical group to detect (and possibly interact with the group).
Many networks installed as part of Interim Network 21 have been multinetted to economically aggregate bandwidth to the backbone networks for a short time until Phase 3 Network 21 is complete and ready for use.
Multinetting is a logical step towards Phase 3 where devices are connected into the same IDF switch and separated by VLAN. Currently, devices are connected to the same IDF switch but not separated by VLAN (i.e. share the same Ethernet).
Actual Behaviors
A common observed behavior is seeing more devices show up within an NT domain (or Network Neighborhood). These PCs have seen announcements from computers outside the logical group and have listed them as available resources.
Concerns
Although this behavior is in the spirit of networking to share information with your neighbors, it may cause problems when information needs to be secure and viewed only within the group. Resources like printers and files may be used by those outside the group..
Remedies
A simple way to maintain privacy of files on a networked machine is to configure the resources to need a password for access or to disable network access to files altogether. Installing passwords on resources may cause brief interruptions to service and some training time as the changes are made.
Services that need to be secure should already be protected with some sort of security like authentication. Existing security should provide a model for the rest of the devices on the network where it may be desirable to provide additional security in light of the multinetting architecture used in the Interim Network.
Each department is responsible for determining proper security actions for their environment. Switched Ethernet provides a small amount of added security for unicast traffic but does not limit broadcast traffic which is commonly used by network layer protocols. Use of switched Ethernet is not to be considered adequate security for a machine that contains sensitive information or resources.
Summary
Multinetting provided an economical means to connect machines to the network for an interim period of time. However, mulitnetting provides a level of access between computer "groups" that was previously limited to a single physical department network. Departmental network administrators should therefore take reasonable steps to ensure network security until Network 21 is implemented with VLANs.
[UC Davis][Information
Technology][Communications Resources][Network
21]
Administration by: Webmaster
- Editing corrections to: Clare Homan
Last modified 10/29/98