Скачать книгу

position in your network architecture. In this section, I will cover the function and correct application of each of the most common network devices.

      Router

Routers are the devices that connect the Internet and make the World Wide Web possible. They also divide and then rejoin your network. They use a higher level of intelligence than that of switches. Routers use logical addresses and work at Layer 3 (Network) of the OSI model (which I will discuss further in Chapter 5), and they forward traffic from one network (or subnet) to another. Routers first determine whether the traffic belongs on their network; then they deliver it to the appropriate network hosts while forwarding the traffic that does not belong on their network to another router. Routers determine where to forward traffic by consulting a routing table. An administrator can configure the routing table manually, or the router can learn it by using routing protocols. Figure 1.1 shows a common router.

FIGURE 1.1 A router

      Switch

      A switch is a network device that optimizes traffic flow on your network. A switch works at Layer 2 (Data-Link); it learns the physical address (MAC address) of all the devices that are connected to it and then uses the MAC address to control traffic flow. Some switches, called multilayer switches, also work at Layer 3, but here I am focusing on switches that work only at Layer 2. Rather than forwarding all data to all the connected ports, a switch can forward data only to the port where the computer with the destination address actually exists.

This process automatically segments the network and dramatically decreases the traffic in the segments that are less used. Because of this, switches are often used to connect departments of a company so that communication between two or more departments does not affect other departments that are not involved in the communication. Also, large files can be transferred within the same department without affecting the traffic flow in any of the other departments. Switches can also be used to create virtual local area networks (VLANs) that improve the flexibility of a network design. I will discuss VLANs later in this chapter. Figure 1.2 shows a common switch.

FIGURE 1.2 A common switch

      Multilayer Switch

      Whereas a basic switch works solely at Layer 2 (Data-Link) of the OSI model, a multilayer switch can work at both Layer 2 and Layer 3. Multilayer switches (also called Layer 3 switches) are essentially switches with a router module installed in them. They are especially useful in networks with VLANs because you can create the VLANs and decide how the VLANs will be routed – all within the same switch. Multilayer switches can be connected to other multilayer switches and to basic switches to extend VLANs through an organization. I will discuss VLANs in greater depth later in Chapter 2.

      Firewall

      A firewall is a hardware or software system that is used to separate one computer or network from another one. The most common type of firewall is used to protect a computer or an entire network from unauthorized access from the Internet. Firewalls can also be used to control the flow of data to and from multiple networks within the same organization. Additionally, firewalls can be programmed to filter data packets based on the information that is contained in the packets. In the following section, I will discuss the different types of firewalls that you might use on your network and their configuration.

      IDS and IPS

      An intrusion detection system (IDS) is much more than a firewall. In effect, an IDS is an intelligent monitor of network traffic that “understands” what normal traffic is supposed to look like and what it is supposed to do and can therefore identify abnormal traffic as a threat. “How does it know?” you may ask. Well, either it’s configured with the latest attack signatures from its vendor (much like antivirus software) or it simply “watches” your network for a while to learn what normal traffic looks like. Of course, the best system is a combination of the two. In addition, an IDS can be configured to alert the network administrator when it detects a threat. In fact, the only action that a true IDS takes in response to a threat is to alert the administrator with an email message or network message if configured properly. Often an IDS just logs the threat so the network administrator can address it later.

      An intrusion prevention system (IPS) is very similar to an IDS but can take more action in response to a threat than an IDS. An IPS can address an identified threat by resetting a connection or even closing a port. Of course, the IPS can also be configured to alert the administrator of the threat and the action that was taken. In practice, the main difference between an IPS and an IDS is one of software configuration.

      HIDS

      A host-based intrusion detection system (HIDS) in your network works like a moat does around a medieval castle. It’s specifically for the protection of that one device and doesn’t really help any of the other devices at all. It can be used along with IDS/IPS and firewalls to provide another layer of final protection from anything that gets through the prior layers. It is typically just a software program that analyzes network traffic and permits or denies it to the device based on a set of instructions of configuration from the administrator. Based on this configuration, it can determine normal traffic and traffic that might harm your system and take the appropriate action.

      Access Point (Wireless/Wired)

      An access point typically consists of a wireless switch with a router module. Most access points are both wired as well as wireless. They can receive signals from laptops and other wireless devices and direct them to connected computers or even to the Internet. I will discuss the use of wireless access points in much greater detail in Chapter 2.

      Content Filter

      A content filter is a specialized device that can be configured to allow some types of traffic to flow through it while stopping the flow of other types of traffic. This type of content filtering is essential to organizations so that security and productivity can be maintained simultaneously. The biggest difference between the different types of content filters is the level of content they filter. For example, a Layer 7 (Application layer) content filter can be configured to be much more selective than a Layer 3 (Network layer) filter. In fact, Layer 7 content filters can be configured to disallow access to websites that contain data or graphics that are deemed unacceptable by management standards. If a user tries to access a site that contains unacceptable graphics or data, the site will be disallowed not because of an IP address or hostname, or even port address, but because of the nature of the material on the site. This gives you much more granular control over users.

      Load Balancer

      In today’s networks, the resources that are essential for a user are often stored off the user’s computer, sometimes in multiple locations for the same resource. When this is done, the user can gain access to the resources by going to a specific logical location, and the network devices can quickly decide how to obtain the user data and from which physical location to obtain the resource. This all occurs completely unbeknownst to the user. The device that makes all this magic happen is a load balancer.

      Actually, a load balancer is as much a network role as it is a network appliance. Many devices can be configured to provide a load-balancing function. Servers can be configured with multiple NICs and clustered together, routers can be configured with multiple associated interfaces or subinterfaces, and switches can be configured to direct traffic and to change the physical location on each request. This is sometimes referred to as round robin since the physical connection just keeps going round and round. These types of load-balancing techniques can dramatically improve the speed of the network for the user.

      Hub

A hub is a device that has multiple ports into which connections can be made. All devices connected to a hub are also connected to each other. A hub does not filter any communication or provide

Скачать книгу