There are many different ways to provide security for local area networks (LANs). Many of these apply to the common types of hardware that are used for these small, local network setups.
One common strategy is to install a firewall resource behind a single access point, such as an initial wireless router. It’s also appropriate to use specific security protocols like WPA or WPA2 for password encryption on traffic coming in from the internet.
Designers may also want to secure other routers and switches that serve different parts of the network.
Administrators can also filter traffic using a detailed knowledge of trusted network areas. Many of these strategies rely on specialized authentication policies where network traffic is scrutinized to prevent different kinds of unauthorized access. Some can use "tunnel" technologies like VPN or otherwise lock down various access points for more precision control. Users can also control security, i.e. control packets, through different layers of the OSI model, where experts talk about security "at the network layer" for effective control.
In addition, LANs typically need internal security strategies. These involve adding elements like anti-virus or anti-malware security, in case some of these types of hacking functions are introduced to networks through user activity. For example, many intrusive viruses and malicious programs operate off of a user opening an email, downloading a file from an illegitimate source or otherwise opening up the internal LAN to exterior threats.
Those who are trying to promote better security for a LAN need to look carefully at each aspect of security design, in order to close as many loopholes and prevent as many vulnerabilities as possible.