Network Components and Devices

This chapter is from the book

CompTIA Network+ N10-007 Exam Cram, 6th Edition

Learn More Buy

This chapter is from the book

This chapter is from the book 

CompTIA Network+ N10-007 Exam Cram, 6th Edition

Learn More Buy

Advanced Networking Devices

• Explain the purposes and use cases for advanced networking devices.

In addition to the networking devices discussed previously, CompTIA wants you to be aware of 12 others for the Network+ exam. The exam expects you to be able to explain the purposes and identify actual use cases for the advanced networking devices covered in this section.

Multilayer Switch

It used to be that networking devices and the functions they performed were separate. Bridges, routers, hubs, and more existed but were separate devices. Over time, the functions of some individual network devices became integrated into a single device. This is true of multilayer switches.

A multilayer switch is one that can operate at both Layer 2 and Layer 3 of the OSI model, which means that the multilayer device can operate as both a switch and a router. Also called a Layer 3 switch, the multilayer switch is a high-performance device that supports the same routing protocols that routers do. It is a regular switch directing traffic within the LAN; in addition, it can forward packets between subnets.

A content switch is another specialized device. A content switch is not as common on today’s networks, mostly due to cost. A content switch examines the network data it receives, decides where the content is intended to go, and forwards it. The content switch can identify the application that data is targeted for by associating it with a port. For example, if data uses the Simple Mail Transfer Protocol (SMTP) port, it could be forwarded to an SMTP server.

Content servers can help with load balancing because they can distribute requests across servers and target data to only the servers that need it, or distribute data between application servers. For example, if multiple mail servers are used, the content switch can distribute requests between the servers, thereby sharing the load evenly. This is why the content switch is sometimes called a load-balancing switch.

Wireless Controller

Wireless controllers are often used with branch/remote office deployments for wireless authentication. When an AP boots, it authenticates with a controller before it can start working as an AP. This is often used with VLAN pooling, in which multiple interfaces are treated as a single entity (usually for load balancing).

Load Balancer

Network servers are the workhorses of the network. They are relied on to hold and distribute data, maintain backups, secure network communications, and more. The load of servers is often a lot for a single server to maintain. This is where load balancing comes into play. Load balancing is a technique in which the workload is distributed among several servers. This feature can take networks to the next level; it increases network performance, reliability, and availability.

A load balancer can be either a hardware device or software specially configured to balance the load.

IDS/IPS

An intrusion detection system (IDS) is a passive detection system. The IDS can detect the presence of an attack and then log that information. It also can alert an administrator to the potential threat. The administrator then analyzes the situation and takes corrective measures if needed.

A variation on the IDS is the Intrusion Prevention System (IPS), which is an active detection system. With IPS, the device continually scans the network, looking for inappropriate activity. It can shut down any potential threats. The IPS looks for any known signatures of common attacks and automatically tries to prevent those attacks. An IPS is considered an active/reactive security measure because it actively monitors and can take steps to correct a potential security threat.

Following are several variations on IDSs/IPSs:

• Behavior based: A behavior-based system looks for variations in behavior such as unusually high traffic, policy violations, and so on. By looking for deviations in behavior, it can recognize potential threats and quickly respond.

• Signature based: A signature-based system, also commonly known as misuse-detection system (MD-IDS/MD-IPS), is primarily focused on evaluating attacks based on attack signatures and audit trails. Attack signatures describe a generally established method of attacking a system. For example, a TCP flood attack begins with a large number of incomplete TCP sessions. If the MD-IDS knows what a TCP flood attack looks like, it can make an appropriate report or response to thwart the attack. This IDS uses an extensive database to determine the signature of the traffic.

• Network-based intrusion detection/prevention system (NIDS or NIPS): The system examines all network traffic to and from network systems. If it is software, it is installed on servers or other systems that can monitor inbound traffic. If it is hardware, it may be connected to a hub or switch to monitor traffic.

• Host-based intrusion detection/prevention system (HIDS or HIPS): This refers to applications such as spyware or virus applications that are installed on individual network systems. The system monitors and creates logs on the local system.

Proxy Server

Proxy servers typically are part of a firewall system. They have become so integrated with firewalls that the distinction between the two can sometimes be lost.

However, proxy servers perform a unique role in the network environment—a role that is separate from that of a firewall. For the purposes of this book, a proxy server is defined as a server that sits between a client computer and the Internet and looks at the web page requests the client sends. For example, if a client computer wants to access a web page, the request is sent to the proxy server rather than directly to the Internet. The proxy server first determines whether the request is intended for the Internet or for a web server locally. If the request is intended for the Internet, the proxy server sends the request as if it originated the request. When the Internet web server returns the information, the proxy server returns the information to the client. Although a delay might be induced by the extra step of going through the proxy server, the process is largely transparent to the client that originated the request. Because each request a client sends to the Internet is channeled through the proxy server, the proxy server can provide certain functionality over and above just forwarding requests.

One of the most notable extra features is that proxy servers can greatly improve network performance through a process called caching. When a caching proxy server answers a request for a web page, the server makes a copy of all or part of that page in its cache. Then, when the page is requested again, the proxy server answers the request from the cache rather than going back to the Internet. For example, if a client on a network requests the web page www.comptia.org, the proxy server can cache the contents of that web page. When a second client computer on the network attempts to access the same site, that client can grab it from the proxy server cache, and accessing the Internet is unnecessary. This greatly increases the response time to the client and can significantly reduce the bandwidth needed to fulfill client requests.

Nowadays, speed is everything, and the capability to quickly access information from the Internet is a crucial concern for some organizations. Proxy servers and their capability to cache web content accommodate this need for speed.

An example of this speed might be found in a classroom. If a teacher asks 30 students to access a specific uniform resource locator (URL) without a proxy server, all 30 requests would be sent into cyberspace and subjected to delays or other issues that could arise. The classroom scene with a proxy server is quite different. Only one request of the 30 finds its way to the Internet; the other 29 are filled by the proxy server’s cache. Web page retrieval can be almost instantaneous.

However, this caching has a potential drawback. When you log on to the Internet, you get the latest information, but this is not always so when information is retrieved from a cache. For some web pages, it is necessary to go directly to the Internet to ensure that the information is up to date. Some proxy servers can update and renew web pages, but they are always one step behind.

The second key feature of proxy servers is allowing network administrators to filter client requests. If a server administrator wants to block access to certain websites, a proxy server enables this control, making it easy to completely disallow access to some websites. This is okay, but what if it were necessary to block numerous websites? This is when maintaining proxy servers gets a bit more complicated.

Determining which websites users can or cannot access is usually done through something called an access control list (ACL). Chapter 3 discussed how an ACL can be used to provide rules for which port numbers or IP addresses are allowed access. An ACL can also be a list of allowed or nonallowed websites; as you might imagine, compiling such a list can be a monumental task. Given that millions of websites exist, and new ones are created daily, how can you target and disallow access to the “questionable” ones? One approach is to reverse the situation and deny access to all pages except those that appear in an “allowed” list. This approach has high administrative overhead and can greatly limit the productive benefits available from Internet access.

Understandably, it is impossible to maintain a list that contains the locations of all sites with questionable content. In fairness, that is not what proxy servers were designed to do. However, by maintaining a list, proxy servers can better provide a greater level of control than an open system. Along the way, proxy servers can make the retrieval of web pages far more efficient.

A reverse proxy server is one that resides near the web servers and responds to requests. These are often used for load balancing purposes because each proxy can cache information from a number of servers.

VPN Concentrator

A VPN concentrator can be used to increase remote-access security. This device can establish a secure connection (tunnel) between the sending and receiving network devices. VPN concentrators add an additional level to VPN security. Not only can they create the tunnel, they also can authenticate users, encrypt the data, regulate the data transfer, and control traffic.

The concentrator sits between the VPN client and the VPN server, creates the tunnel, authenticates users using the tunnel, and encrypts data traveling through the tunnel. When the VPN concentrator is in place, it can establish a secure connection (tunnel) between the sending and receiving network devices.

VPN concentrators add an additional level to VPN security. Depending on the exact concentrator, they can do the following:

• Create the tunnel.

• Authenticate users who want to use the tunnel.

• Encrypt and decrypt data.

• Regulate and monitor data transfer across the tunnel.

• Control inbound and outbound traffic as a tunnel endpoint or router.

The VPN concentrator invokes various standard protocols to accomplish these functions.

AAA/RADIUS Server

Among the potential issues network administrators face when implementing remote access are utilization and the load on the remote-access server. As a network’s remote-access implementation grows, reliance on a single remote-access server might be impossible, and additional servers might be required. RADIUS can help in this scenario.

RADIUS functions as a client/server system. The remote user dials in to the remote-access server, which acts as a RADIUS client, or network access server (NAS), and connects to a RADIUS server. The RADIUS server performs authentication, authorization, and auditing (or accounting) functions and returns the information to the RADIUS client (which is a remote-access server running RADIUS client software); the connection is either established or rejected based on the information received.

UTM Appliances and NGFW/Layer 7 Firewalls

A firewall can employ a variety of methods to ensure security. In addition to the role just described, modern firewall applications can perform a range of other functions, often through the addition of add-on modules directed at the application layer (Layer 7) of the OSI model; they are then often referred to as Unified Threat Management (UTM) devices or Next Generation Firewalls (NGFW). UTMs can include the following functionality:

• Content filtering: Most firewalls can be configured to provide some level of content filtering. This can be done for both inbound and outbound content. For instance, the firewall can be configured to monitor inbound content, restricting certain locations or particular websites. Firewalls can also limit outbound traffic by prohibiting access to certain websites by maintaining a list of URLs and IP addresses. This is often done when organizations want to control employee access to Internet sites.

• Signature identification: A signature is a unique identifier for a particular application. In the antivirus world, a signature is an algorithm that uniquely identifies a specific virus. Firewalls can be configured to detect certain signatures associated with malware or other undesirable applications and block them before they enter the network.

• Virus scanning services: As web pages are downloaded, content within the pages can be checked for viruses. This feature is attractive to companies concerned about potential threats from Internet-based sources.

• Network Address Translation (NAT): To protect the identity of machines on the internal network, and to allow more flexibility in internal TCP/IP addressing structures, many firewalls translate the originating address of data into a different address. This address is then used on the Internet. The most common type of NAT is Port Address Translation (PAT), enabling multiple devices on the network to share one single public address (or a few). NAT is a popular function because it works around the limited availability of TCP/IP addresses in IPv4. When the migration to IPv6 becomes complete, the need for NAT will lessen.

• URL filtering: By using a variety of methods, the firewall can choose to block certain websites from being accessed by clients within the organization. This blocking allows companies to control what pages can be viewed and by whom.

• Bandwidth management: Although it is required in only certain situations, bandwidth management can prevent a certain user or system from hogging the network connection. The most common approach to bandwidth management is to divide the available bandwidth into sections and then make a certain section available to a user or system.

• Other: Although the preceding functions are the most common, UTMs can also be used for network intrusion IDS/IPS, VPN, data loss prevention (DLP), and load balancing, as well as to enable logging and monitoring features.

These functions are not strictly firewall activities. However, the flexibility offered by a firewall, coupled with its placement at the edge of a network, makes a firewall the ideal base for controlling access to external resources.

VoIP PBX and Gateway

When telephone technology is married with information technology, the result is called telephony. There has been a massive move from landlines to Voice over IP (VoIP) for companies to save money. One of the biggest issues with the administration of this is security. By having both data and VoIP on the same line, they are both vulnerable in the case of an attack. Standard telephone systems should be replaced with a securable PBX.

A VoIP gateway, also sometimes called a PBX gateway, can be used to convert between the legacy telephony connection and a VoIP connection using SIP (Session Initiation Protocol). This is referred to as a “digital gateway” because the voice media are converted in the process.

Content Filter

A content filter is any software that controls what a user is allowed to peruse and is most often associated with websites. Using a content filter, an employer can block access to pornographic sites to all users, some users, or even just an individual user. The filter can be applied as software on client machines (known as client-side filters), on a proxy server on the network (a server-side filter), at the Internet service provider (ISP), or even within the search engine itself. The latter is most commonly used on home machines.