Category list

Security + Exam Guide (Charles River Media Networking/Security) - page 47

< Free Open Study >

Devices

Network devices such as routers, switches, bridges, and hubs connect computing systems and networks. They are responsible for productive network functionality, backbone support, and the proper forwarding of information to other networks. In short, without them, there would be little or no network connectivity and minimal network security at best. In order to grasp fully the network infrastructure security concepts, it is essential that you have a general understanding of how these devices work.

Routers

A router is a network device that is used to connect networks. They are most often used to connect LANs. A router uses packet header information in combination with a sort of stored database known as a routing table to determine the best route to use with the forwarding of packets to other networks or subnets (subnetworks.)

Routers use specialized protocols such as ICMP (Internet Control Message Protocol), OSPF (Open Shortest Path First), and RIP (Routing Information Protocol) to communicate with each other and carry out their advanced functions. ICMP is the most common protocol used by modern day routers. It allows for actual packet information to be read and provides support for packet error correction.

Routers connect different network segments. However, unlike bridges, routers do not use a computer's MAC address to forward information. Instead, a router operates at the network layer of the OSI reference model and has the ability to forward information based on a network or individual computer's TCP/IP address. This allows a router to connect entirely separate networks and filter information to the proper network or network segment. In other words, a router has the ability to send a request to a specific location without broadcasting to all of the other computer nodes on a network or network segment.

Routers are very intelligent . As mentioned earlier, they maintain sophisticated routing tables and have the ability to remember previous connections that where used as pathways from one computer node to another.

Here are some important points to remember concerning routers:

They provide filtering of packets and reduce broadcast storms.
They can segment networks into smaller and more manageable pieces.
They provide a network security layer between separate networks, functioning as firewalls.
They connect LAN segments that use the same or different protocols.

Switches

A switch is a network device similar to a router that chooses certain paths or routes in a network on which to send data. A switch is not a router although a switch can contain router functionality. Most modern day switches can operate at both the Data Link and Network layers of the OSI reference model. A switch that has the ability to operate at the Network layer is known as a layer 3 or IP switch. Switches can connect networks and subnetworks comprised of the same or different cable types. They can send units of data (packets) faster than most routers based on digital packet-switching technology. Switches connect LAN segments that typically use the same protocol.

Asynchronous Transfer Mode (ATM) Switches

ATM switches use cell relay switching technology that combines both conventional circuit and packet switching technologies. This results in a high-speed switching process that is well suited to support today's video and audio streaming technologies.

Bridges

Bridges are hardware devices that operate at the MAC sublayer of the OSI reference model's Data Link layer. Bridges are used to segment or separate LANs. Separating a larger network into smaller manageable segments can improve network performance and provide a way to isolate network bottlenecks.

A bridge reads the MAC hardware address that is stored in the NIC of every computer or node installed on either side of the bridge. The bridge knows where all of the computers are on the network and can forward information to a particular computer by the use of its NIC MAC address. Let's say, you are sitting at your computer that resides on network segment number 1. You want to send Brian a Word document and his computer is located on network segment number 2. There is a bridge that separates you on network segment number 1 from Brian on network segment number 2. The bridge can identify both of your computers by their respective network interface card's MAC address. So, when you send a Word document to Brian, it is forwarded to his network segment by the use of the bridge.

Bridges can provide the following services:

Reduce network traffic as a result of too many computers being attached to a network.
Connect different types of media connections such as coaxial cable and twisted pair cable.
Expand the length of a network segment.
Connect different network typologies such as Token Ring and Ethernet.

Although bridges serve their primary purpose, they are limited in their capabilities. If a destination's MAC address is not found in a bridge's internal table, the bridge will proliferate or broadcast (pass traffic) to all network segments. This can result in a broadcast storm that can slow or take down a network.

As networks grew larger, the demand for a more intelligent device that could handle more attached computer nodes and direct network traffic in more efficient manner increased. The router was technology's answer to this demand.

Hubs

As mentioned earlier in this chapter, a hub is a network device that acts as a central point used to connect computers. In network terms, a hub is a simple connection device that sends all data packets to all connected systems. A basic hub operates at the Physical layer of the OSI reference model.

Telecom/PBX (Telecommunications/Private Branch Exchange)

A telecom/PBX or just plain PBX is a telephone-switching system inside an enterprise that allows calls to be shared or switched to various numbers assigned within the enterprise. Callers inside of the enterprise also share external PBX lines for outbound or outside calling. A PBX offers the flexibility of inside calling numbers that are typically only three to four digits in length. The newest PBX technology is called Centrex. With Centrex, all telephone switching takes place at the local phone company, as opposed to switching at the customer's premises.

Modems

There are many types of modems available on the market today. Popular modems types include cable, wireless, Digital Subscriber Line (DSL), and analog dial-up modems. Modem is an abbreviation for Modulate Demodulate . A computer sends data from the CPU to a modem in digital format. For a standard analog modem, the modem ( modulator ) coverts digital data to analog format that can be sent over a POTS (Plain Old Telephone Service) line. When the analog signal reaches the receiving modem, it is converted back to digital format that can be understood by the receiving computer.

There are many ways your system can be attacked. Today, most systems are attacked by computer viruses through operating system and application flaws. The simplest way to safeguard your system if you use a modem is to remove access to your files and folders. Assuming that you are using Windows, ensure that you do not have file and print sharing enabled. This can accomplished using the Network Neighborhood Icon located in the Control Panel applet.

You should also have a good antivirus program and make use of a personal firewall system. Other than that, once again, back up your important data!

< Free Open Study >