Advanced Networking Devices

Question 1

Multilayer switches

Answer 1

• A switch (Layer 2) and router (Layer 3) in the same
physical device
• Layer 2 router?

• Switching still operates at OSI Layer 2, routing still
operates at OSI Layer 3
• There’s nothing new or special happening here

Question 2

Wireless networks everywhere

Answer 2

• Wireless networking is pervasive
• And you probably don’t just have a single access
point

• Your access points may not even be in the same
building
• One (or more) at every remote site

• Configurations may change at any moment
  
  • Access policy, security policies, AP configs
• The network should be invisible to your users
  
  • Seamless network access, regardless of role

Question 3

Wireless LAN controllers

Answer 3

• Centralized management of WAPs
  
  • A single “pane of glass”
• Deploy new access points
• Performance and security monitoring
• Configure and deploy changes to all sites
• Report on access point use
• Usually a proprietary system
  
  • Wireless controller is paired with the access points

Question 4

Balancing the load

Answer 4

• Distribute the load
  
  • Multiple servers
  • Invisible to the end-user
• Large-scale implementations
  
  • Web server farms, database farms
• Fault tolerance
  
  • Server outages have no effect
  • Very fast convergence

Question 5

Load balancer

Answer 5

• Configurable load
  
  • Manage across servers
• TCP offload
  
  • Protocol overhead
• SSL offload
  
  • Encryption/Decryption
• Caching
  
  • Fast response
• Prioritization
  
  • QoS
• Content switching
  
  • Application-centric balancing

Question 6

IDS and IPS

Answer 6

• Intrusion Detection System / Intrusion Prevention
System
• Watch network traffic

• Intrusions
• Exploits against operating systems, applications, etc.
• Buffer overflows, cross-site scripting, other
vulnerabilities

• Detection vs. Prevention
  
  • Detection – Alarm or alert
  • Prevention – Stop it before it gets into the network

Question 7

Identification technologies

Answer 7

• Signature-based
  
  • Look for a perfect match
• Anomaly-based
  
  • Build a baseline of what’s “normal”
• Behavior-based
  
  • Observe and report
• Heuristics
  
  • Use artificial intelligence to identify

Question 8

Proxies

Answer 8

• Sits between the users and the external network

• Receives the user requests and sends the request
on their behalf (the proxy)

• Useful for caching information, access control,
URL filtering, content scanning

• Applications may need to know how to
use the proxy (explicit)

• Some proxies are invisible (transparent)

Question 9

Application proxies

Answer 9

• Most proxies in use are application proxies
• The proxy understands the way the application works
• A proxy may only know one application, i.e., HTTP
• Many proxies are multipurpose proxies
  
  • HTTP, HTTPS, FTP, etc.

Question 10

VPN concentrator

Answer 10

• Virtual Private Network
  
  • Encrypted (private) data traversing a public network
• Concentrator
  
  • Encryption/decryption access device
  • Often integrated into a firewall
• Many deployment options
  
  • Specialized cryptographic hardware
  • Software-based options available
• Used with client software
  
  • Sometimes built into the OS

Question 11

Remote access VPN

Answer 11

• On-demand access from a remote device
• Software connects to a VPN concentrator
• Some software can be configured as always-on

Question 12

AAA framework

Answer 12

• Identification - This is who you claim to be
  
  • Usually your username
• Authentication - Prove you are who you say you are
  
  • Password and other authentication factors

• Authorization
• Based on your identification and authentication,
what access do you have?

• Accounting
• Resources used: Login time, data sent and received,
logout time

Question 13

RADIUS (Remote Authentication Dial-in User Service)

Answer 13

• One of the more common AAA protocols
• Supported on a wide variety of platforms and
devices

• Centralize authentication for users
  
  • Routers, switches, firewalls
  • Server authentication
  • Remote VPN access
  • 802.1X network access

• RADIUS services available on almost any server operating system

Question 14

UTM / All-in-one security appliance

Answer 14

Unified Threat Management (UTM) /
Web security gateway
• URL filter / Content inspection
• Malware inspection
• Spam filter
• CSU/DSU
• Router, Switch
• Firewall
• IDS/IPS
• Bandwidth shaper
• VPN endpoint

Question 15

Next-generation Firewalls (NGFW)

Answer 15

• The OSI Application Layer
  
  • Layer 7 firewall
• Can be called different names
  
  • Application layer gateway
  • Stateful multilayer inspection
  • Deep packet inspection

• Requires some advanced decodes
• Every packet must be analyzed, categorized,
and a security decision determined

Question 16

VoIP technologies

Answer 16

• PBX (Private Branch Exchange)
  
  • The “phone switch”
  • Connects to phone provider network
  • Analog telephone lines to each desk

• VoIP PBX
• Integrate VoIP devices with a corporate phone
switch

• VoIP Gateway
• Convert between VoIP protocols and
traditional PSTN protocols
• Often built-in to the VoIP PBX

Question 17

Content filtering

Answer 17

• Control traffic based on data within the content
  
  • Data in the packets
• Corporate control of outbound and inbound data
  
  • Sensitive materials
• Control of inappropriate content
  
  • Not safe for work
  • Parental controls
• Protection against evil
  
  • Anti-virus, anti-malware