CSMA/CD
(Carrier Sense Multiple Access with Collision Detection) - a network protocol for half-duplex lines where devices listen before sending packets by detecting if multiple transmissions collide. If transmissions collide the device will stop, send a jam signal, and wait a random time before retrying
Collison domain
a network segment where data packets can “collide” if multiple devices try to send data simultaneously
CAM
Content addresable memory - a specialized, high-speed memory used in network devices like switches and routers to rapidly look up and forward data by matching content (like MAC or IP addresses) to stored entries, enabling quick decisions and efficient traffic flow
SOHO network
Small office / home office network
Port based authentication
secures network access by requiring devices to prove their identity to an authentication server (like RADIUS) via an authenticator (switch/AP) before granting full network access
PoE
Power over ethernet
Routing table
A list of paths to various network destinations
Netmask
crucial 32-bit/4 byte number in IP addressing that separates an IP address into its network part and its host part, defining the size and boundaries of a local network (subnet)
On-link
devices or IP addresses directly reachable on the same local network segment, without needing a router (gateway)
Interface
the connection point where a device (like a computer) meets a network, enabling data exchange
Metric
is a value that helps determine the priority of routes when there are multiple possible paths to the same destination. A lower metric value indicates a preferred route. The metric of 25 is the preferred route; it is also the default route. Metric is also sometimes called the adminis- trative distance.
Default route
(0.0.0.0) used by the router as a last resort
If the router doesnt know where to send the packet , it forwards it to the default route which connects to either the network gateway or the ISP.
OSPF
Open shortest path first - a widely used, open-standard link-state routing protocol that efficiently finds the best path for IP packets within a single large network
RIP
Routing information protocol - an older, simple distance-vector routing protocol that helps routers find the best path for data using hop count (number of routers) as its metric, limited to 15 hops,
BGP
Boarder gateway protocol -the core routing protocol of the internet, acting like a postal service that directs data between different networks (Autonomous Systems, or ASes) by exchanging reachability information and choosing the most efficient paths, using policies and rules, not just shortest distance, to send traffic across the global network.
ACL
Access control list - a set of rules on a router, firewall, or switch that filters network traffic, deciding whether to permit or deny packets based on criteria like source/destination IP, protocol, and port numbers
IDS
Intrusion Detection system - monitors traffic and flags suspicious activity without stopping it (passive)
IPS
Intrusion prevention system - directly addresses the threat by preventing access based on intelligence
Passive versus proactive roles of IDS and IPs
IPS is proactive : it continuously analyzes traffic with the adidability to take a immediate action .
IDS is passive : it acts as an early warning system but does not block .
Signature based vs behavioral based detection for firewalls
Behavioral based :focuses on anomalies from normal traffic patterns * useful for detecting new threats
Signature based : matches traffic against a database of known threats .* requires regular updates to remain effective
Indicators of a threat (firewalls)
DDOS Signal : a massive spike in traffic from a single ip address .
Malware signal : data packets containing specific signatures
Exhilaration signal : a sudden transfer of sensitive data to an unfamiliar location
What is inline analysis and which firewall system uses it
IPS is used for inline analysis
It is placed in front of incoming traffic so that it can Inspect and potentially block packets as they pass through in real time .
How does IDS/IPS gather information
Sensors and collectors
User behavioral analytics (used to determine baseline activity)
Signature database (a reference library of known attack methods and viruses)
The downside of high volume IDS amd IPS inspection
Bottlenecks - large volumes of traffic inspection can degrade network performance . Solution use a load balancer
