Networking Security

Network Security Devices

• An intrusion prevention system (IPS) can be installed between a multifunction device and a cable modem to prevent unauthorized access.
• A personal firewall can be installed on each computer to protect it from external threats.

Hubs and Switches

• Hubs operate only at the Physical layer, whereas switches operate at the Data link layer.
• All devices connected to a hub are part of a single collision domain, whereas each device connected to a switch has its own collision domain.
• There are switches available with Network layer functionality, but there are no hubs with that capability.
• Switches do not create a separate broadcast domain for each connected device; instead, they create a single broadcast domain for all connected devices.

Switch Types

• Cut-through switches immediately forward frames after looking at only the destination address.
• Source route switches are a type of switch that is not commonly used.
• Store-and-forward switches receive the entire frame before forwarding it.

Firewalls

• Firewalls capable of stateful packet inspection can filter traffic based on port numbers, block traffic destined for specific IP addresses, and scan Transport layer header fields for evidence of SYN floods.
• Firewalls can block all TCP traffic from entering a network.

Intrusion Detection Systems (IDSs)

• IDSs use anomaly-based detection, behavior-based detection, and signature-based detection to analyze incoming network traffic.
• IDSs can also use statistic-based detection, but it is not a common method.

Switches and Routers

• Routers operate at the Network layer, whereas switches operate at the Data link layer.
• All devices connected to a switch are part of a single broadcast domain, whereas the networks connected to a router form separate broadcast domains.
• Routers can communicate with each other and share information, but switches cannot.
• Routers forward packets based on their IP addresses, whereas switches forward packets based on their hardware addresses.

SIEM Systems

• SIEM (Security Information and Event Management) systems are used to collect information from IDSs.

Traffic Congestion

• Splitting a large, switched Ethernet LAN into two LANs by adding a router can help to alleviate traffic congestion and improve performance by reducing the amount of broadcast traffic on each LAN.

Bridges and Switches

• Bridges and switches are Data link layer devices that use media access control (MAC) addresses to forward frames.
• Bridges and switches build their internal tables based on destination addresses and forward packets based on source addresses.

Traditional Switches

• A traditional switch is a multiport bridge that forwards packets based on MAC addresses.

Layer 2 Switches

• Layer 2 switches improve network performance by reducing the number of collisions on the network.
• Layer 2 switches do not forward broadcast transmissions, which improves network performance.

Routers

• Routers are Network layer devices that use IP addresses to forward frames.
• Routers can connect two or more networks with dissimilar Data link layer protocols and media.
• Routers can learn and populate their routing tables through static and dynamic routing.
• Each port on a router defines a separate broadcast domain.

Load Balancers

• A load balancer is a type of device that expands on the capabilities of traditional routers and firewalls.

Next-Generation Firewalls (NGFWs)

• NGFWs are devices that expand on the capabilities of traditional firewalls by adding features like deep packet inspection (DPI) and an intrusion prevention system (IPS).

Proxy Servers

• Proxy servers can provide security against outside intrusion by using a public IP address, while the client computers use private addresses.
• Proxy servers can be used to monitor and regulate users' access to the Internet.

Intrusion Detection Systems (IDSs)

• IDSs can be used to monitor a network for abnormal or malicious traffic.
• IDSs can monitor traffic on a switched network using port mirroring.

Storage Area Networks (SANs)

• iSCSI, Fibre Channel, and FCoE are protocols used in SANs.
• iSCSI initiators use iSNS (Internet Storage Name Service) to locate iSCSI targets on the network.
• Fibre Channel and FCoE are not capable of sharing a network medium with standard LAN traffic.

iSCSI Packets

• iSCSI packets include Ethernet, IP, and TCP protocols.

Fibre Channel Packets

• Fibre Channel packets do not include Ethernet, IP, or TCP protocols.

FCoE Packets

• FCoE packets include Ethernet and Fibre Channel protocols.

Private Internetworks

• Private internetworks can use private IP addresses and proxy servers with public, registered IP addresses to connect to the Internet.
• This solution can provide access to web and email services while keeping client computers safe from unauthorized users on the Internet.