2.3 Explain the purposes and use cases for advanced networking devices.

Question 1

Multilayer switches

Answer 1

• A switch (Layer 2) and router (Layer 3) in the same physical device

• Layer 2 router?
• Switching still operates at OSI Layer 2, routing still
operates at OSI Layer 3

Question 2

Wireless LAN controllers

Answer 2

• Centralized management of WAPs
• Deploy new access points
• Performance and security monitoring
• Configure and deploy changes to all sites
• Report on access point use
• Usually a proprietary system

Question 3

Balancing the load

Answer 3

• Distribute the load
• Large-scale implementations
• Fault tolerance

Question 4

Load balancer

Answer 4

• Configurable load
• Manage across servers
• TCP offload
• SSL offload
• Caching
• Content switching

Question 5

IDS and IPS

Answer 5

• Intrusion Detection System / Intrusion Prevention

Question 6

• Intrusions

Answer 6

• Exploits against operating systems, applications, etc.

* Buffer overflows, cross-site scripting, other vulnerabilities

Question 7

• Detection vs. Prevention

Answer 7

• Detection – Alarm or alert

* Prevention – Stop it before it gets into the network

Question 8

Identification technologies

Answer 8

• Signature-based
• Anomaly-based
• Behavior-based
• Heuristics

Question 9

Proxies

Answer 9

• Sits between the users and the external network
• Receives the user requests and sends the request
• Useful for caching information, access control,
URL filtering, content scanning
• Some proxies are invisible (transparent)

Question 10

Application proxies

Answer 10

• Most proxies in use are application proxies
• A proxy may only know one application, i.e., HTTP
• Many proxies are multipurpose proxies

Question 11

VPN concentrator

Answer 11

• Virtual Private Network
Concentrator - Often integrated into a firewall
• Many deployment options
• Used with client software

Question 12

Remote access VPN

Answer 12

• On-demand access from a remote device

* Software connects to a VPN concentrator

Question 13

AAA framework

Answer 13

• Identification - This is who you claim to be
• Authentication - Prove you are who you say you are
• Authorization • Based on your identification and authentication,

• Accounting -• Resources used: Login time, data sent and received, logout time

Question 14

RADIUS (Remote Authentication Dial-in User Service)

Answer 14

• One of the more common AAA protocols
• Centralize authentication for users
• RADIUS services available on almost any server operating system

Question 15

UTM / All-in-one security appliance

Answer 15

• Unified Threat Management (UTM) / • URL filter / Content inspection
• Malware inspection
• Spam filter• CSU/DSU
• Router, Switch , Firewall • IDS/IPS• Bandwidth shaper
• VPN endpoint

Question 16

Next-generation Firewalls (NGFW)

Answer 16

• The OSI Application Layer 7
• Application layer gateway
• Deep packet inspection
• Stateful multilayer inspection

• Requires some advanced decodes

Question 17

VoIP technologies

Answer 17

• PBX (Private Branch Exchange)
• Connects to phone provider network
• Analog telephone lines to each desk

Question 18

VoIP PBX

Answer 18

• Integrate VoIP devices with a corporate phone switch

Question 19

VoIP Gateway

Answer 19

• Convert between VoIP protocols and

Question 20

Content filtering

Answer 20

• Control traffic based on data within the content
• Corporate control of outbound and inbound data
• Control of inappropriate content
• Protection against evil

Question 21

• Protection against evil

Answer 21

• Anti-virus, anti-malware