Networking Devices
Router
Routes traffic between IP subnets
- OSI layer 3 device (Routers inside of switches sometimes called “layer 3 switches”)
- Often connects diverse network types (LAN, WAN, copper, fiber)
Switch
Bridging done in hardware
- Application-specific integrated circuit (ASIC: Application Specific Integrated Circuit)
- OSI layer 2 device (forwards traffic based on data link address)
- Many ports and features (the core of an enterprise network, may provide Power over Ethernet - PoE)
- Multilayer switch (Includes Layer 3 - routing/functionality)
Firewalls
Filter traffic by port number or application
- Traditional vs. NGFW
- Encrypt traffic (VPN between sites)
- Most firewalls can be layer 3 devices (routers) - often sits on the ingress/egress of the network, Network Address Translation (NAT), Dynamic routing
Intrusion Detection System (IDS)/ Intrusion Prevention System (IPS)
Watch network traffic
-identify, alter, and prevent attack from gaining access to the network
Intrusions
an attack type that exploits against operating systems, applications, etc. (take advantage of vulnerabilities)
- Buffer overflows, cross-site scripting, other vulnerabilities
Detection vs. Prevention
Detection - Alarm or alert
Prevention - Stop it before it gets to the network
Load Balancer
Distributes the load - multiple servers, invisible to the end-suer
- Large-scale implementations (web server farms, database farms)
- Fault tolerance - server outages have no effect, very fast convergence
- Configurable load (manage across servers), TCP offload (protocol overhead), SSL offload (encryption/decryption), caching (fast response), Prioritization (QoS), Content switching (application-centric balancing)
Proxies
Sits between the users and the external network, receives the user requests and sends the request on the behalf (the proxy)
- useful for caching information, access control, URL filtering, content scanning
- applications may need to know how to use the proxy (explicit)
- some proxies are invisible
NAS
Network Attached Storage
- Connect to a shared storage device across the network
- File-level access
SAN
Storage Area Network (SAN)
- Looks and feels like a local storage device (Block-level access)
- Very efficient reading and writing
- Requires a lot of bandwidth (may use an isolated network and high-speed network technologies)
AP
Access Point
- Not a wireless router but a bridge that extends the wired network onto the wireless network
- OSI layer 2 device
Wireless Router
a router and an access point in a single device
