Networking - Paiet/Tech-Journal-for-Everything GitHub Wiki

Explain the functions and applications of various network devices

  • Router (Diagram)
    • Used to connect dissimilar networks
      • Dissimilar networks will be on different subnets
        • Usually connecting private networks to/through public network
    • Used to separate broadcast domains
      • Any network nodes that can receive each other's broadcast traffic is in the same broadcast domain
    • Has multiple interfaces for connecting networks
    • Works on Layer 3 of the OSI model
      • Network Layer
      • Internet Protocol (IP)
      • Data packets
    • Learns networks through the building of a Routing Table
      • Routing tables are built automatically through the use of routing protocols
        • RIP
        • OSPF
        • EIGRP
      • Routing tables can also be made up by entering Static Routes
        • Static Routes are manually entered paths to different networks
    • 3 basic types of router uses
      • Access
        • SOHO devices that access the internet and provide internet access
        • Fairly inexpensive devices
      • Distribution
        • Aggregates data from multiple access routers and funnels them to a main centralized site
        • Higher capabilities than that found in access routers
      • Core
        • Internet backbone router with highspeed throughput
        • Has multiple interfaces
        • Supports multiple protocols
  • Switch (Diagram)
    • Used to connect network nodes and separate collision domains
    • Works on Layer 2 of the OSI model
      • Data-link Layer
      • Frames
      • LLC and MAC
        • Logical Link Control
          • Gives functionality of flow control, acknowledgements and error checking
        • Media Access Control
          • Used like a traffic cop to control access to the physical media
          • Carrier Sense Multiple Access w/ Collision Detection (CSMA/CD)
          • MAC Addresses
            • 48-bit hexadecimal address
            • Hard coded on network interface cards
            • Each MAC address is unique
    • Learns which MAC address is connected to which port on the switch
      • MAC Address Table
        • Switch keeps a table containing all the learned MAC addresses and their corresponding switch port
      • Data is passed in Frames
    • Data is sent only to the port that is connected to the destination host
      • Reduces collisions
      • Each port is its own Collision Domain
    • Great for all networks, particularly large enterprise-level businesses
  • Multilayer Switch (Diagram)
    • Does both switching and routing
      • Works on both Layer 2 and Layer 3 of the OSI model
  • Firewall (Diagram)
    • Appliance or software designed to permit or deny network traffic governed by a list of rules called an Access Control List (ACL)
      • This is done for the purposes of security
    • Can be a dedicated appliance or a feature of another appliance like a router
      • Cisco ASA
      • Sonicwall
    • Examples of software based Firewalls
      • Windows Firewall
      • PFSense
      • IPTables
    • Inspects incoming and/or outgoing packets
      • Packets can be filtered by...
        • Source address
        • Destination address
        • Port/Protocol
  • HIDS (No Diagram)
    • Host-based Intrusion Detection System
      • Software application that runs on a computer
      • Inspects traffic looking for intrusion specific footprints
        • Viruses, rootkits, malware, etc.
      • Also takes a baseline of the system which allows the HIDS to know if any critical or specified files have been changed
      • Alerts the user to unauthorized changes
      • SANS "What is a Host Intrusion Detection System?"
  • IDS/IPS (Diagram)
    • Intrusion Detection System (IDS)
      • Network appliance that checks for signs of intrusion
        • Modified log files
        • Modified system files
        • Malware/spyware, virus, worm
      • Passive
        • Alarms are tripped after the fact
        • Other than alerts, there is no countermeasures taken
    • Intrusion Prevention System (IPS)
      • Network Appliance that checks for signs of intrusion in real time
      • Actively working to prevent intrusion
        • 3 types of detection
          • Signature detection
            • Looks for known avenues or patterns of intrusion
          • Statistical anomaly detection
            • Creates a statistical analysis of normal network usage and then looks for abberations
            • Because of the statistical nature, new threats are detected before a signature can become available
          • Stateful protocol analysis detection
            • AKA Deep Packet Inspection
            • Has a knowledge base of how each protocol is supposed to work and then checks each packet for deviation
  • Access Point (wireless/wired) (Diagram)
    • Wireless Access Point
      • Appliance that facilitates the connection of wireless
      • enabled hosts to a network and/or the Internet
        • Most Wireless APs have routing capability built-in
      • Complies with 802.11x standards (a/b/g/n/etc.)
      • Connects by wire to network/internet appliance
    • Wired Access Point
      • Any appliance that facilitates a network connection via a wired media
        • Hub
        • Switch

Network Design Pt2

  • Content Filter (no Diagram)
    • Software or appliance that checks for defined unwanted web or email content and filters it from being passed to the network/host
    • Employed by home networks, school networks, and business networks
      • Home network users filter adult content to protect children
      • School networks filter adult content to protect children and since schools also have employees, it filters for work inappropriate content
      • Businesses filter to keep employees productive and to protect employees from offensive materials and/or content that isn't work related
    • Government content filtering
      • Some governments regulate content that speaks against that establishment or portrays it in an unfavorable way
      • They also filter for reasons of national security
    • Content filters also block potentially harmful/annoying software
      • Spyware
      • Adware
      • Pop-ups
  • Load Balancer (Diagram)
    • Appliance for aggregating multiple WAN connections for the purpose of distributing traffic evenly across the connections
      • Increases reliability and bandwidth
        • WAN links can be joined together to increase throughput
        • Reliability increases by increasing failure points
          • If one line goes down, traffic can continue through the other connected links
    • F5.com "Load Balancing 101: Nuts and Bolts"
  • Hub (Diagram)
    • Used as a centralized point of connection for connecting network nodes
    • Works on Layer 1 of the OSI model
      • Twisted-pair Ethernet (10/100/BaseT(X))
        • Most common type of network hub
        • Uses UTP (Unshielded Twisted Pair) copper cable with RJ45 connectors
        • Has multiple RJ45 ports for connecting multiple nodes
          • Traffic is broadcast out all ports
          • All connected nodes receive the broadcast traffic
          • The destination host accepts the traffic and the other hosts drop(ignore) the traffic
        • Prone to collisions
          • No collision detection or prevention
    • Works as a signal repeater
    • Not the best solution for networks with more than just a few network nodes
  • Analog Modem (Diagram)
    • Network interface that connects a node to a network using dial-up over the Plain Old Telephone System (POTS) or Publicly Switching Telephone Network (PSTN)
    • Has RJ11 ports for connecting to phone lines
    • MOdulate/DEModulate (MODEM)
      • Modulation is the process of converting the digital signal of the computer into an analog signal so that it can be passed over the telephone system
      • Demodulation is the process of the analog signal back
      • into a digital signal so the computer system can process it
    • Speeds are slow
      • Top download speed of 56Kbps
  • Packet Shaper (Diagram)
    • The active delaying or prioritizing of data packets for the purpose of reducing/regulating the demand on bandwidth resources
    • Increases overall network performance
      • If one user is streaming audio/video and taking up 75% of the available network bandwidth, then only 25% is left for other users
      • Packet shaping throttles the bandwidth so that one user can't saturate the connection, but are limited to a certain throughput
  • VPN Concentrator (Diagram)
    • Appliance for facilitating VPN connections from remote sites and/or hosts.
    • Usually found where many VPN connections are needed
    • Creates, configures, and manages VPN tunnels
      • User authentication, host addressing, encryption, and data delivery
      • VPN Clients are used to connect to the network through the VPN Concentrator