Network Security Fundamentals

Network Security

• Threats:
  • Viruses
  • Worms
  • Trojan horses
  • Spyware
  • Adware
• Security measures:
  • Firewalls
  • Access control lists (ACLs)
  • Encryption
  • Authentication, Authorization, and Accounting (AAA)
• Cryptography:
  • Symmetric encryption (e.g., AES)
  • Asymmetric encryption (e.g., RSA)
  • Hash functions (e.g., SHA, MD5)

VLAN Configuration

• VLAN (Virtual Local Area Network):
  • Logically segmentation of a network into multiple broadcast domains
• VLAN types:
  • Port-based VLANs
  • Tag-based VLANs (IEEE 802.1Q)
• VLAN configuration:
  • VLAN assignment (static or dynamic)
  • VLAN trunking (ISL or 802.1Q)
  • VLAN membership (static or dynamic)

Routing Protocols

• Distance-vector routing protocols:
  • RIP (Routing Information Protocol)
  • IGRP (Interior Gateway Routing Protocol)
• Link-state routing protocols:
  • OSPF (Open Shortest Path First)
  • IS-IS (Intermediate System to Intermediate System)
• Hybrid routing protocols:
  • EIGRP (Enhanced Interior Gateway Routing Protocol)

DHCP (Dynamic Host Configuration Protocol)

• DHCP functions:
  • IP address assignment
  • Subnet mask assignment
  • Default gateway assignment
  • DNS server assignment
• DHCP message types:
  • DHCPDISCOVER
  • DHCPOFFER
  • DHCPREQUEST
  • DHCPACK
• DHCP relay agents:
  • Used to forward DHCP requests to a DHCP server on a different subnet

Network Security

• Network threats include viruses, worms, trojan horses, spyware, and adware, which can compromise system security.
• Firewalls, access control lists (ACLs), encryption, and authentication, authorization, and accounting (AAA) are used to prevent and mitigate security threats.
• Symmetric encryption, such as AES, uses the same key for encryption and decryption, while asymmetric encryption, such as RSA, uses a pair of keys.
• Hash functions, such as SHA and MD5, are used to ensure data integrity.

VLAN Configuration

• VLANs logically segment a network into multiple broadcast domains, improving network security and efficiency.
• Port-based VLANs assign VLAN membership based on the physical port, while tag-based VLANs use IEEE 802.1Q tags to identify VLANs.
• VLAN assignment can be static or dynamic, and VLAN trunking protocols, such as ISL or 802.1Q, are used to connect multiple VLANs.

Routing Protocols

• Distance-vector routing protocols, such as RIP and IGRP, use hop count to determine the best route.
• Link-state routing protocols, such as OSPF and IS-IS, use a more complex algorithm to determine the best route, taking into account network topology and traffic.
• Hybrid routing protocols, such as EIGRP, combine the benefits of distance-vector and link-state protocols.

DHCP (Dynamic Host Configuration Protocol)

• DHCP assigns IP addresses, subnet masks, default gateways, and DNS servers to devices on a network.
• DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, and DHCPACK are the four message types used in the DHCP process.
• DHCP relay agents forward DHCP requests to a DHCP server on a different subnet, allowing devices to obtain IP addresses across subnet boundaries.