.NODE

Network Equipment

Telecommunications equipment is all the hardware used to move data between networked devices. This equipment can be used in a LAN or WAN. This is important to know not only from a networking standpoint, but also to better implement security solutions and pass the CISSP exam.

Hubs

Hubs are one of the most basic networking devices. A hub allows all the connected devices to communicate with one another. A hub is logically a common wire to which all computers have shared access.

Hubs have fallen out of favor because of their low maximum throughput. Whenever two or more systems attempt to send packets at the same time on the same hub, there is a collision. As utilization increases the number of collisions skyrockets and the overall average throughput decreases.

Bridges

Another somewhat outdated piece of equipment is a bridge. Bridges are semi-intelligent pieces of equipment that have the capability to separate collision domains. Bridges examine frames and look up the MAC address. If the device tied to that MAC address is determined to be local, the bridge blocks the traffic. One of the big problems with bridges is that, by default, they pass broadcast traffic. Too much broadcast traffic can effectively flood the network and cause a broadcast storm.

Don't spend too much time worrying about hubs and bridgesjust know their basic purpose and that they have been replaced by switches.

 

Switches

A switch performs in much the same way as a hub; however, switches are considered intelligent devices. Switches segment traffic by observing the source and destination MAC address of each data frame.

The switch stores the MAC addresses by placing them in a lookup table, which is located in random access memory (RAM). This lookup table also contains the information needed to match each MAC address to the corresponding port it is connected to. When the data frame enters the switch, it finds the target MAC address in the lookup table and matches it to the switch port the computer is attached to. The frame is forwarded to only that switch port; therefore, computers on all other ports never see the traffic. Some advantages of a switch are as follows:

  • Provides higher-layer independence
  • Provides higher throughput than a hub
  • Provides virtual LAN (VLAN) capability
  • Can be configured for full duplex

Not all switches are made the same. Switches can process an incoming frame in three ways:

  • Store-and-forward After the frame is completely inputted into the switch, the destination MAC is analyzed to make a block or forward decision.
  • Cut-through This faster design is similar to the store-and-forward switch, but it focuses on examining only the first 6 bytes.
  • Fragment Free This is a Cisco design that has a lower error rate.

Routers

Routers reside at Layer 3 of the OSI model. Routers are usually associated with the IP protocol, which, as previously discussed, sends blocks of data that have been formatted into packets. IP is considered a "best effort" protocol, and IP packets are examined and processed by routers. Routers are used to join similar or dissimilar networks. A router's primary purpose is to forward IP packets toward their destination through a process known as routing. Whereas bridges and switches examined the physical frame, routers focus on what information is found in the IP header. One important item in the IP header that routers examine is the IP address. IP addresses are considered a logical address. Routers can also be used to improve performance by limiting physical broadcast domains, act as a limited type of firewall by filtering with access control lists (ACLs), and ease network management by segmenting devices into smaller subnets instead of one large network. The security of the router is paramount. A compromised router can have devastating consequences, especially if it is being used for other services, such as IPSec, a virtual private network (VPN) termination point, or a firewall.

Each time a router is presented with packets, the router must examine the packets and determine the proper interface to forward the packets to. Not all routing protocols that routers work with function in the same manner. Routing protocols can be divided into two broad categories:

  • Algorithms based on distance-vector protocols
  • Algorithms based on link-state protocols

Distance-vector protocols are based on Bellman-Ford algorithms. The basic methodology of a distance-vector protocol is to find the best route by determining the shortest path. The shortest path is commonly calculated by hops. Distance-vector routing is also called routing by rumor. The Routing Information Protocol (RIP) is probably the most common distance-vector protocol in use. One major shortcoming of distance-vector protocols is that the path with the lowest number of hops might not be the optimal route; the path with the lowest hop count could have considerable less bandwidth than a route with a higher hop count.

Distance-vector protocols such as RIP can be spoofed and are subject to redirection. It also easy for attackers to sniff RIP updates. RIP sends out complete routing tables every 30 seconds.

Link-state protocols are based on Dijkstra algorithms. Unlike distance-vector protocols, link-state protocols determine the best path with metrics such as delay or bandwidth. When this path is determined, the router informs other routers of its findings. This is how reliable routing tables are developed and routing tables reach convergence.

Link-state routing is considered more robust than distance-vector routing protocols. Open Shortest Path First (OSPF) is probably the most common link-state routing protocol; many times, it is used as a replacement for RIP.

Common routing protocols include these:

  • Routing Information Protocol (RIP) Legacy UDP-based routing protocol that does not use authentication and determines path by hop count.
  • Open Shortest Path First (OSPF) An improved link-state routing protocol that offers authentication.
  • Border Gateway Protocol (BGP) The core routing protocol used by the Internet. It is based on TCP and is used to connect autonomous systems.

The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author

Acknowledgments

We Want to Hear from You!

Introduction

Self-Assessment

The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics

Cryptography

Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2

show all menu





CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net