Different Types Of Network Devices

assorted Types Of entanglement De debilitysInfrastructure credentials depends on the correct occasion of the profit components. Network components ar an natural aspect of the computing environment to improve the performance and certificate. The interlock components such(prenominal) as routers, merchandisees and cables connect to the firewalls and gateways that direct communication from the net income design to the protocols employed.If security fails then the availability of the system fails. Security failures bum emit in two ways as follows1. Sometimes un appoint exploiters admission fee the resources and entropy, which they atomic number 18 non authorised to physical exercise.2. Security failure prevents the engager from vexing the resources and data, the user is authorised to use.Both these security failures atomic number 18 serious. and so, primary coating of earnings infrastructure security is to allow all authorised usage and pass over all unlicensed usage of resources.8.2 DevicesTodays business environment consists of non solo clients and bonifaces but also web tresss that be undeniable to connect them. These vane devices are called communication devices. These devices are hubs, switches, routers, LAN cards, gateway, modem, hardware firewall and so on. This also includes tuner gravel points, special-purpose devices such as Virtual Private Network (VPN) devices. Each of these devices has a specific meshwork functions and plays an important role in makeing network infrastructure security.8.2.1 WorkstationsThe workstations are client discipline processing systems in the client- horde architecture. This device is employ to send and ingest e-mail, to create spreadsheets, to write report in a word processing political platform and to play game. Many threats to information security flowerpot start at a workstation when it is connected to a network.Workstation security can be maintained by following basic steps a s follows crawfish all share point that is not required.Rename the administrator account and inviolabled it with a strong password. abolish unnecessary user accounts.Install an antivirus program and suffer it updated.Disable USB ports in CMOS settings to restrict data withdraw through USB devices.Install firewall amongst the machine and the net profit.Install latest patch for the operating system (OS) and keep the OS up to date.8.2.2 ServersServers are the computers in a network that force applications and data for users to share. Servers are lendable in many sizes, from small single CPU systems to multiple CPU systems such as mainframe computer computers. Servers use operating system such as Windows Server, Linux, UNIX and new(prenominal) mainframe operating systems. Server OS is more robust than the workstation OS and is designed to service multiple users over a network at the same time. Workstation security basic steps are applicable to boniface as well.8.2.3 Network interface CardsNetwork Interface Card (NIC) is a hardware device apply to connect a server or workstation to a network. A NIC is employ for particular type of network connection, either ethernet or token ring. In local flying field networks, ethernet protocol is the most common network type in use and RJ-45 is most common connector.A NIC is the physical connection between a computer and the network. NICs are available as single-port and multiport NIC. Workstation use single-port NIC, as only a single network connection is required. Whereas, server use multiport NIC to increase the number of network connections that increases the data throughput to and from the network. Every NIC has a 48-bit unique number, referred to as a Media Access Control (MAC) wield which is stored in Read Only Memory (ROM). MAC bid is used in the addressing and delivery of network packets to the correct system.8.2.4 HubsHub is a central connecting device in a computer network. It connects multiple machi nes together in a star configuration with the hub as the centre. Hub mails all data packets that are received, to all LAN cards in a network. The intended recipient picks the data and all other computers discard the data packets. Hub has five, eight, sixteen and more ports. One of the ports is called up affaire port and this port is used to connect with the bordering hub.8.2.5 BridgesBridges operate at the data link layer of the OSI model. Bridges check the future traffic and decide whether to forward or discard it.8.2.6 SwitchesSwitches are a type of networking device equivalent to hubs, which connect network equipment together. In todays high-performance network environment switches sacrifice replaced both hubs and bridges. Switches operate at the data link layer of the OSI model. It uses MAC address of network cards to route packets to the correct port.Switches are intelligent network devices and are therefore can get hijacked by hackers. Switches are administered using th e guileless Network Management Protocol (SNMP) and telnet protocol. Both the protocols have a serious weakness. These two protocols send passwords crossways the networks in clear text. In such instances hacker can capture the administrative password. The major chore with the switch is that it ship with default passwords. If user does not change this password during setup, hacker can slowly access it.Caution To seize a switch, disable all access protocols other than a secure protocol such as Secure Shell (SSH). Use only secure methods to access switch go away limit the expo current to hackers and malicious users.8.2.7 RoutersRouter connects two or more computer networks and then exchanges packets of data between them. Each data packet contains address information that a router can use to control if the source and destination are on the same network, or if the data packet must be repositionred from one network to another. Routers operate at the network layer of the OSI model. It has two or more network interfaces through which network traffic is forwarded or blocked. They are used to segment networks into smaller subnets or to link multiple networks together. The router decides how and when to forward packets between the networks based on an internal routing table. Routing table tells the router which packets to forward.Routers allow technicians to explicitly deny some packets the ability to be forwarded between segments. For example, internal security experiences of some routers can prevent users on the internal network from using telnet to access right(prenominal)(a) system. Telnet is always a security find as the passwords and all communications are transmitted in clear text. Hence, do not create telnet sessions between the internal network and an international network.Router has the ability to block spoofed packets. Spoofed packets are packets that contain an IP address in the header which is not the actual IP address of the source computer. Hac kers used this technique to fool the systems present that the packet came from an authorised system whereas, it actually came from the hackers system. Router has the ability to drop such packets.Routers are available in various sizes, small and big and from different vendors. Small router is used with cable modem and DSL service. (Figure). Larger routers portion out traffic of up to tens of gigabytes per second per channel, using lineament visual cables and moving tens of thousands of concurrent net connections crossways the network.8.2.8 FirewallsA firewall is hardware or a software program that is used to protect an internal network from outside intruders. It is much like a wall with a window. The wall keeps clarifiedgs out, except those permitted through the window. (Figure.). Network security policies act like a glass in the window. Security policies define what traffic is allowable and what traffic is to be blocked or denied. For example, Web server connected to the pr ofits may be configured to allow traffic only on port 80 for HTTP and have all other ports blocked. Firewall allows only the necessary access for a function, and block or denies all unnecessary functions.8.2.9 WirelessIn wireless device, radio waves or infrared carry data, that allows anyone wi beautiful range access to the data. Placing a wireless device behind the firewall does not serve, as firewall stops only physically connected traffic from attain the device.The devices associated with wireless networking are wireless access points. The wireless network cards are used to channelise with the access points. (Figure). Wireless access points have a limited range within which they can fleet with the client systems. When planning a wireless implementation within a new construction, make sure that the external walls contain metal studs that are grounded. Create wireless shield by using thin layers of aluminium under the drywall. This will block radio infection into and out of the building. This will also interpose with pager and cellular phone usage.Note Applying secure transmission protocols and configuring the wireless access point to only accept authorised connections will help in securing a network.8.2.10 ModemsModulator and Demodulator (Modem) converts analogue signals to digital and vice versa. Modems are slow method of out-of-door connection that is used to connect client computers to outback(a) operate over standard telephone lines. Modems are becoming less necessary, but many corporate systems unchanging have modems installed for remote access.In corporate network, modems are regain in Remote Access advantage (RAS) servers and fax servers. Corporate users remotely access their system configuring modem in their PC. This is done when no other remote access solution is available or the existing remote access solution is inconvenient. These types of situations can rear an intruder the entry point to a network. The best solution to avoid this is to implement a security policy to control the installation of modems on corporate systems. Also verify that systems which use up modems are flop secure.8.2.11 Telecom/PBXIn the IT security field Telecommunication (Telecom) is often overlooked. Most small companies use a small number of dedicate telephone lines for both incoming and outgoing calls. However, in larger companies having dedicated lines for thousands of employees is both inefficient and expensive. Hence, to overcome these problems install a Private Branch eXchange (PBX).A PBX is a device that handles routing of internal and external telephone lines. This allows a company to have limited number of external lines and an unlimited number of internal lines. PBX systems are cost beneficial to large companies but they also have their own vulnerabilities. PBX s is designed to be maintained by an off station vendor and therefore have remote access available. The remote access can be through a modem or through a LAN. Hence, d isable these remote access methods to limit the susceptibility to direct remote access attacks until the vendor is notified that they need to perform maintenance or prepare an update.8.2.12 RASRemote Access Service (RAS) connects the client and server through a dial-up telephone connection. It is slower than cable and Digital subscriber line (DSL) connection. When a user dials into the computer system, certificate and authorisation are performed through a remote access protocols. RAS servers bye security feature such as mandatory callback. This allows server to call back to the client at a set of telephone number for the data exchange.For more information on remote access protocols refer chapter 9, Authentication and Remote Access8.2.13 VPNVPN allows users to create a secure tunnel through an unbolted network to connect to their corporate network. In large environments, VPNs are less expensive to implement and maintain than RAS servers, because there is no incoming telephone line or modem. In addition, a higher(prenominal) level of security can be implemented as communications are encrypted to create a secure tunnel.8.2.14 Intrusion Detection SystemsIntrusion Detection Systems (IDS) is a device designed to monitor network or system activities for malicious activities or policy violations. They are an essential part of network security. on that point are two main types of IDS that are used network-based IDS and host-based IDS.For more information on intrusion sleuthing systems refer chapter 11, Intrusion Detection Systems8.2.15 Network Access ControlNetwork Access Control is a method of network security that restricts the availability of network resources to endpoint devices as defined in the security policy. There are two main competing methodologies exist Network Access Protection (NAP) and Network entryway Control (NAC). NAP is a Microsoft applied science that controls network access of a computer host whereas, NAC is Ciscos technology that controls n etwork admission.8.2.16 Network Monitoring or DiagnosticThe computer network needs continuous monitor or diagnostic routine to keep administrators aware of the status of the network and allow them to take restorative actions to say-so problems. This can be done through monitoring software or dedicated devices located on the network. Network monitoring or diagnostic equipment that is remotely accessible uses strong password and encrypted sessions to handle security vulnerabilities.8.2.17 Mobile DevicesMobile phones and Personal Digital Assistants (PDAs) are the latest devices used to send and receive e-mail, connect to remote network applications, browsing the Web and so on. Many of the devices have word processor and spreadsheet applications and the ability to store limited amounts of data. Since these devices can be connected to the Internet, they are remotely accessible to potential attackers. Hence, use data encryption which is available in newer mobile devices built into their OS or use third-party software.8.3 MediaMedia is used for transmitting data to and from network devices. The media can be either in the form of wire, fibre or radio frequency waves. There are four common methods used to connect devices at the physical layer as follows homocentric crease writhe-pair CableFibre OpticsWirelessCoaxial Cable Coaxial cables are used for cabling televisions, radio sets and computer networks. The cable is referred to as coaxal because both the centre wire and the braided metal shield share a common axis. It is less susceptible to interference. Today, coaxial cable is replaced by faster and cheaper ill-shapen-pair cable.UTP/STP Twisted pair cables replaced coaxial cables in ethernet networks. Single pairs of twisted cables reduce electrical crosstalk and electromagnetic interference. Multiple groups of twisted pairs are then bundled together and tardily wired between devices. Twisted pairs are of two types Unshielded Twisted Pair (UTP) and Shielded Twis ted Pair (STP). STP has a foil shield around the pairs to provide extra shielding from electromagnetic interference. Whereas, in UTP twist itself eliminates interference.Depending upon the data transmission, twisted pair cables are classified into three different categories as follows jackassegory 3 (Cat 3) It is used for data and voice transmission and for 10Mbps Ethernet.Category 5 (Cat 5/ Cat 5e) It is used for 100 Mbps fast ethernet. Cat 5e is an enhanced version of the Cat 5 specification to address far end crosstalk.Category 6 (Cat 6) It is used for gigabit ethernet.Fibre Fibre is a very thin piece of glass or ductile that has been stretched out and enclosed in a sheath. Fibre optic cable uses beams of laser light to connect devices. It transfers data over long distances and at higher speeds. Since it does not contain any metal part to conduct current, it is not vulnerable to electromagnetic interference. This also protects it from lighten up strikes. Two major drawbacks using these cables are their high cost. Other drawback is the connection has to be optically complete(a) or performance will be downgraded or the cable may not work.Figureunguided Media Unguided media does not use any physical connector between the two devices for communication. The data transmission and reception is through the air or antenna and is referred to as wireless. The three types of wireless media are as followsRadio wavesMicrowavesInfrared waves8.4 Transmission Media Security8.5 Removable MediaRemovable media is a type of storage device that can be removed from a computer while the system is cultivatening. These media introduces virus when they are accustomed back to the network. Theft or loss of organisation secret information stored on a media can be severe financial problem or it will effect on organisations reputation. These issues can be rectified by using security policies and software. The removable media are of three types magnetic, optical and flash memory. magnetised Media Magnetic media devices are hard drives, floppy disks, zip disks and magnetic show. Each device is sensitive to external magnetic field. These devices are also affected by the high temperatures and by exposure to water.For the security worry about the critical and important organisational data, do not allow users to bring floppy disk inner the organisation, as they could contain viruses or other malicious programs. Another security policy can be applied by removing floppy disk drive from users computers. Encrypting the contents of a hard drive and tape ensures the security of data.Optical Media Optical media such as CD, DVD, blu-ray and optical jukebox hold the data in digital form. The data on the physical media is read and write by laser. Optical disks are not vulnerable to magnets consequently, they are more reliable and durable than the magnetic tape. CDs are very vulnerable to macrocosm scratched. If the plastic disk from the media is scratched too much, the laser will be unable to reflect through the plastic and the data will not be readable. For security of data, do not allow personal CDs at heart office premises. Only authorised users should have the access to these devices and for other users these devices should be disabled or physically removed from the computers.Electronic Media The electronic media uses integrated circuit technology to store the data hence they are more stable. Since these devices are small and portable, they can be used to store limited amounts of data when portability or reliability are key necessities. Smart cards, flash cards, memory sticks and CompactFlash devices are examples of electronic media. These devices are commonly used in digital cameras, mobile phones, MP3 player, video game consoles and so on. These devices are also used to transfer data between computers. Hence, they can easily carry the virus and worms with data. For security purpose run the antivirus software before transferring any d ata.8.6 Security TopologiesMultiple hardware devices are connected within a network and a key characteristics of a network is its layout or topology. Security topology is implemented in such a way that it provides the internal security and public access. For example, to place an online order the organisation will require Web servers which can be accessed by the users. Then the Web servers will require access to internal database servers and internal users will require access to different servers and Internet.8.6.1 Security ZonesModern secure network have different layers of protection with outermost layer provides basic protection and the innermost layer provides the highest level of protection. Trade-offs between access and security are handled through regularizes with successive partitions guarded by firewalls. The outmost zone is the Internet is guarded by the firewall. The internal secure corporate network and the Internet is an airfield where computers are considered at risk . This zone is called as Demilitarised Zone (DMZ).DMZ DMZ acts as a buffer zone between the Internet and organisations internal secure network. To differentiate the zones, a firewall is placed at both sides of the DMZ. The firewalls are placed in such a way that the Internet users cannot directly access the organisations secure data (Refer to Figure ).Web servers, remote access server and external e-mail servers are fall in DMZ area. Domain name servers and database servers which has organisation important data should not be accessible to the Internet users. As well as application servers, file servers and print servers of trusted network zone should be placed behind both the firewalls. The main idea behind using the DMZ topology is to result an outside user to get across DMZ before user can access information inside the trusted network zone.Internet The Internet is a worldwide connection of networks. It is used to transfer e-mail, Web pages, files, financial records between netw orks. It is an untrusted network as it is not possible to apply security policies. Hence a firewall should be present between organisations trusted network and the Internet.Intranet Intranet resides inside the trusted area of a network and network administrators can manage its security. Intranet Web servers contents are not available to the Internet users. The organisation data can be communicateed to outside users with two methods as follows1. Information can be duplicated onto computers in the DMZ so that untrusted users can access it2. Extranets can be used to publish data to trusted users.Extranet Extranet allows outside users such as companys partners, vendors, customers and resellers to share some of the business information with authentication and authorization. Extranet allows to access data available on the intranet mainly in the DMZ. To provide security and privacy of the information, extranet requires firewall server management or digital certificates or user authentic ation, encryption of messages. To protect it from unauthorised access use the VPN.VLAN Virtual LAN (VLAN) is network of computers and these computers are connected to the same broadcast domain, even though they are physically located on different location. VLAN s are configured through software hence they are more flexible. When system is physically moved to different location, without any hardware reconfiguration the system stick on the same VLAN. Increased network performance, easy manageability, less configurations and higher security is the advantages of VLAN.Note A broadcast domain is a network (or portion of a network) that will receive a broadcast packet from any node located within that network.NAT Network Address Translation (NAT) is developed by Cisco. It is commonly used in TCP/IP network. It works at OSI layer 3 which is network layer. It uses two sets of IP addresses, one set for internal use and other for external use.NAT is a feature of firewalls, proxies and routi ng capable systems. It has ability to hide the IP address and the internal network from the Internet users. This feature of NAT reduces the risk of strangers to collect important information about the network such as structure of a network, the network layout, the names and IP address of systems, and so on. Hence, they cannot gain access of the network.NAT enables internal users within an organisation to use nonroutable IP addresses which means that these IP addresses will not be routed across the Internet. These IP address is called snobbish IP address.The private address ranges are as follows break up A 10.0.0.0 10.255.255.255Class B 172.16.0.0-172.31.255.255Class C 192.168.0.0- 192.168.255.255After NAT configuration, external malicious users can access only the IP address of the NAT host that is directly connected to the Internet. The users are not able to access any of the internal systems that go through the NAT host to access the Internet. When NAT is used to hide interna l IP addresses (Refer to Figure), it is called a NAT firewall.Internal users communicate with outside networks through the NAT device such as NAT router (Refer to Figure). This NAT router has a routing table. This table keeps track of all connection requests that have come from internal network. Each outgoing request proceeds through NAT and replaces the internal users IP address with its own IP address. This IP address then forwards to the final destination. Returned packets look up in the routing table and forward the information to the correct internal user.8.7 Chapter Review Questions1. Which layer of the OSI model switches operate?(A) somatogenetic layer(C)Network layer(B)Data link layer(D) comport layerautonomic nervous system B2. Which layer of the OSI model router operates?(A)Physical layer(C)Network layer(B)Data link layer(D)Transport layerAns C3. DSL stands for ________.(A)Domain Subscriber discover(C)Digital Specific Line(B)Domain Specific Line(D)Digital Subscriber LineA ns D4. What should you do to secure data on the hard drive if the drive is removed from the site?(A)Encrypt the data(C) register the data(B)Compress the data(D)Keep strong password to log into all computers at the siteAns A5. Which is the most secure cable for implementing a secure network infrastructure?(A)Coaxial cable(C)Fibre cable(B)Twisted-pair cable(D) no(prenominal) of theseAns C6. What network topology area will contain public Web servers?(A)VPN(C)Firewall(B)VLAN(D)DMZAns D7. What network topology area will contain critical servers such as private Web servers, domain controllers or SQL servers?(A)Intranet(C)Internet(B)Extranet(D)DMZAns A8. What network topology area will allow business partners, customers to access the owners intranet?(A)Intranet(C)Internet(B)Extranet(D)DMZAns B9. Network access control is associated with which of the following?(A)NAT(C)IPv6(B)IPsec(D)NAPAns D10. The purpose of twisting the cables in twisted-pair circuits is to _____.(A)reduce crosstalk(C)in crease bandwidth(B)increase speed(D)None of theseAns A8.7.1 Answers1. B2. C3. D4. A5. C6. D7. A8. B9. D10. ASummaryIn the chapter, Infrastructure Security, you learnt aboutDifferent types network devices such as Workstations, Servers, NIC, Hubs, Bridges, Switches, Routers, Firewalls, Wireless, Modems, Telecom/PBX, RAS, VPN, IDS, Network Access Control, Network Monitoring and Diagnostic and Mobile Devices.Different types of communication media between the devices such as Coaxial Cable, UTP/STP Cable, Fibre Cable and Unguided Media.Different types of removable media such as Magnetic Media, Optical Media and Electronic Media.Different types of security topologies such as DMZ, Internet, Intranet, Extranet, VLAN and NAT.