Читать книгу CompTIA Network+ Review Guide - Ferguson Bill - Страница 18
Chapter 1
Domain 1.0 Network Architecture
1.1 Explain the Functions and Applications of Various Network Devices
ОглавлениеThe building blocks of your network architecture consist of various devices that perform a specific function or group of functions for your network. It’s important that you understand the purpose of each device so that you can place it in the right position in your network architecture. In this section, I will cover the function and correct application of each of the most common network devices.
Router
Routers are the devices that connect the Internet and make the World Wide Web possible. They also divide and then rejoin your network. They use a higher level of intelligence than that of switches. Routers use logical addresses and work at Layer 3 (Network) of the OSI model (which I will discuss further in Chapter 5), and they forward traffic from one network (or subnet) to another. Routers first determine whether the traffic belongs on their network; then they deliver it to the appropriate network hosts while forwarding the traffic that does not belong on their network to another router. Routers determine where to forward traffic by consulting a routing table. An administrator can configure the routing table manually, or the router can learn it by using routing protocols. Figure 1.1 shows a common router.
FIGURE 1.1 A router
Switch
A switch is a network device that optimizes traffic flow on your network. A switch works at Layer 2 (Data-Link); it learns the physical address (MAC address) of all the devices that are connected to it and then uses the MAC address to control traffic flow. Some switches, called multilayer switches, also work at Layer 3, but here I am focusing on switches that work only at Layer 2. Rather than forwarding all data to all the connected ports, a switch can forward data only to the port where the computer with the destination address actually exists.
This process automatically segments the network and dramatically decreases the traffic in the segments that are less used. Because of this, switches are often used to connect departments of a company so that communication between two or more departments does not affect other departments that are not involved in the communication. Also, large files can be transferred within the same department without affecting the traffic flow in any of the other departments. Switches can also be used to create virtual local area networks (VLANs) that improve the flexibility of a network design. I will discuss VLANs later in this chapter. Figure 1.2 shows a common switch.
FIGURE 1.2 A common switch
Multilayer Switch
Whereas a basic switch works solely at Layer 2 (Data-Link) of the OSI model, a multilayer switch can work at both Layer 2 and Layer 3. Multilayer switches (also called Layer 3 switches) are essentially switches with a router module installed in them. They are especially useful in networks with VLANs because you can create the VLANs and decide how the VLANs will be routed – all within the same switch. Multilayer switches can be connected to other multilayer switches and to basic switches to extend VLANs through an organization. I will discuss VLANs in greater depth later in Chapter 2.
Firewall
A firewall is a hardware or software system that is used to separate one computer or network from another one. The most common type of firewall is used to protect a computer or an entire network from unauthorized access from the Internet. Firewalls can also be used to control the flow of data to and from multiple networks within the same organization. Additionally, firewalls can be programmed to filter data packets based on the information that is contained in the packets. In the following section, I will discuss the different types of firewalls that you might use on your network and their configuration.
IDS and IPS
An intrusion detection system (IDS) is much more than a firewall. In effect, an IDS is an intelligent monitor of network traffic that “understands” what normal traffic is supposed to look like and what it is supposed to do and can therefore identify abnormal traffic as a threat. “How does it know?” you may ask. Well, either it’s configured with the latest attack signatures from its vendor (much like antivirus software) or it simply “watches” your network for a while to learn what normal traffic looks like. Of course, the best system is a combination of the two. In addition, an IDS can be configured to alert the network administrator when it detects a threat. In fact, the only action that a true IDS takes in response to a threat is to alert the administrator with an email message or network message if configured properly. Often an IDS just logs the threat so the network administrator can address it later.
An intrusion prevention system (IPS) is very similar to an IDS but can take more action in response to a threat than an IDS. An IPS can address an identified threat by resetting a connection or even closing a port. Of course, the IPS can also be configured to alert the administrator of the threat and the action that was taken. In practice, the main difference between an IPS and an IDS is one of software configuration.
HIDS
A host-based intrusion detection system (HIDS) in your network works like a moat does around a medieval castle. It’s specifically for the protection of that one device and doesn’t really help any of the other devices at all. It can be used along with IDS/IPS and firewalls to provide another layer of final protection from anything that gets through the prior layers. It is typically just a software program that analyzes network traffic and permits or denies it to the device based on a set of instructions of configuration from the administrator. Based on this configuration, it can determine normal traffic and traffic that might harm your system and take the appropriate action.
Access Point (Wireless/Wired)
An access point typically consists of a wireless switch with a router module. Most access points are both wired as well as wireless. They can receive signals from laptops and other wireless devices and direct them to connected computers or even to the Internet. I will discuss the use of wireless access points in much greater detail in Chapter 2.
Content Filter
A content filter is a specialized device that can be configured to allow some types of traffic to flow through it while stopping the flow of other types of traffic. This type of content filtering is essential to organizations so that security and productivity can be maintained simultaneously. The biggest difference between the different types of content filters is the level of content they filter. For example, a Layer 7 (Application layer) content filter can be configured to be much more selective than a Layer 3 (Network layer) filter. In fact, Layer 7 content filters can be configured to disallow access to websites that contain data or graphics that are deemed unacceptable by management standards. If a user tries to access a site that contains unacceptable graphics or data, the site will be disallowed not because of an IP address or hostname, or even port address, but because of the nature of the material on the site. This gives you much more granular control over users.
Load Balancer
In today’s networks, the resources that are essential for a user are often stored off the user’s computer, sometimes in multiple locations for the same resource. When this is done, the user can gain access to the resources by going to a specific logical location, and the network devices can quickly decide how to obtain the user data and from which physical location to obtain the resource. This all occurs completely unbeknownst to the user. The device that makes all this magic happen is a load balancer.
Actually, a load balancer is as much a network role as it is a network appliance. Many devices can be configured to provide a load-balancing function. Servers can be configured with multiple NICs and clustered together, routers can be configured with multiple associated interfaces or subinterfaces, and switches can be configured to direct traffic and to change the physical location on each request. This is sometimes referred to as round robin since the physical connection just keeps going round and round. These types of load-balancing techniques can dramatically improve the speed of the network for the user.
Hub
A hub is a device that has multiple ports into which connections can be made. All devices connected to a hub are also connected to each other. A hub does not filter any communication or provide any intelligence in regard to the data stream; it simply lets all the information flow through it and connects anything and everything that is connected to it. Hubs are now considered legacy and are rarely used in today’s modern networks. Figure 1.3 shows a legacy hub.
FIGURE 1.3 A four-port active hub
Analog Modem
An analog modem is a device that translates digital communication coming from a computer or device to analog communication that can be sent over normal telephone lines, as if it were the computer’s voice. In this newer age of networking, analog modems are now considered obsolete, but we all remember the irritating screeching noises that they used to make! You might still find an analog modem in the role of a backup management communication line for a device, but even that is very unlikely today.
Packet Shaper
A packet shaper is typically a hardware device that can examine traffic at a granular level. It first analyzes the traffic flowing through it and categorizes all traffic with minimal assistance from a network administrator. It can determine the needs of each type of traffic in regard to latency and bandwidth requirements. Using this information, it can then assure that traffic is balanced in the most efficient manner in order that latency- and bandwidth-sensitive applications get what they need while less-sensitive applications get less because they can function just as well without it. For the most part, it can do all of this without administrative configuration, but it will report its findings back to the network administrator in detailed reports.
VPN Concentrator
A virtual private network (VPN) is a network connection that is made secure even though it is flowing through an unsecure network, typically the Internet. This is done by using an encapsulation protocol. The encapsulation protocol creates a tunnel between two devices. A device that is sometimes used to create this tunnel is referred to as a VPN concentrator. Most VPN concentrators use either the Point-to-Point Tunneling Protocol (PPTP) or Layer 2 Tunneling Protocol (L2TP) to create the tunnel. The reason that it’s called a concentrator is that it can handle many VPN connections simultaneously. I will discuss PPTP and L2TP later in this chapter.
Exam Essentials
Know the functions and applications of various network devices. A router works at Layer 3 (Network) whereas a switch works at Layer 2 (Data-Link). An HIDS is host based like a moat, whereas IDS and IPS are network based to provide protection for multiple hosts. Packet shapers analyze traffic patterns and application needs and control traffic in ways that firewalls can’t duplicate. A VPN concentrator can make network traffic secure, even when it’s flowing through an unsecure network.