Advanced Networking Devices Flashcards

1
Q

Multilayer switches

A

• A switch (Layer 2) and router (Layer 3) in the same
physical device
• Layer 2 router?

• Switching still operates at OSI Layer 2, routing still
operates at OSI Layer 3
• There’s nothing new or special happening here

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Wireless networks everywhere

A

• Wireless networking is pervasive
• And you probably don’t just have a single access
point

• Your access points may not even be in the same
building
• One (or more) at every remote site

  • Configurations may change at any moment
    • Access policy, security policies, AP configs
  • The network should be invisible to your users
    • Seamless network access, regardless of role
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Wireless LAN controllers

A
  • Centralized management of WAPs
    • A single “pane of glass”
  • Deploy new access points
  • Performance and security monitoring
  • Configure and deploy changes to all sites
  • Report on access point use
  • Usually a proprietary system
    • Wireless controller is paired with the access points
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Balancing the load

A
  • Distribute the load
    • Multiple servers
    • Invisible to the end-user
  • Large-scale implementations
    • Web server farms, database farms
  • Fault tolerance
    • Server outages have no effect
    • Very fast convergence
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Load balancer

A
  • Configurable load
    • Manage across servers
  • TCP offload
    • Protocol overhead
  • SSL offload
    • Encryption/Decryption
  • Caching
    • Fast response
  • Prioritization
    • QoS
  • Content switching
    • Application-centric balancing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IDS and IPS

A

• Intrusion Detection System / Intrusion Prevention
System
• Watch network traffic

• Intrusions
• Exploits against operating systems, applications, etc.
• Buffer overflows, cross-site scripting, other
vulnerabilities

  • Detection vs. Prevention
    • Detection – Alarm or alert
    • Prevention – Stop it before it gets into the network
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Identification technologies

A
  • Signature-based
    • Look for a perfect match
  • Anomaly-based
    • Build a baseline of what’s “normal”
  • Behavior-based
    • Observe and report
  • Heuristics
    • Use artificial intelligence to identify
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Proxies

A

• Sits between the users and the external network

• Receives the user requests and sends the request
on their behalf (the proxy)

• Useful for caching information, access control,
URL filtering, content scanning

• Applications may need to know how to
use the proxy (explicit)

• Some proxies are invisible (transparent)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Application proxies

A
  • Most proxies in use are application proxies
  • The proxy understands the way the application works
  • A proxy may only know one application, i.e., HTTP
  • Many proxies are multipurpose proxies
    • HTTP, HTTPS, FTP, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

VPN concentrator

A
  • Virtual Private Network
    • Encrypted (private) data traversing a public network
  • Concentrator
    • Encryption/decryption access device
    • Often integrated into a firewall
  • Many deployment options
    • Specialized cryptographic hardware
    • Software-based options available
  • Used with client software
    • Sometimes built into the OS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Remote access VPN

A
  • On-demand access from a remote device
  • Software connects to a VPN concentrator
  • Some software can be configured as always-on
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AAA framework

A
  • Identification - This is who you claim to be
    • Usually your username
  • Authentication - Prove you are who you say you are
    • Password and other authentication factors

• Authorization
• Based on your identification and authentication,
what access do you have?

• Accounting
• Resources used: Login time, data sent and received,
logout time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

RADIUS (Remote Authentication Dial-in User Service)

A

• One of the more common AAA protocols
• Supported on a wide variety of platforms and
devices

  • Centralize authentication for users
    • Routers, switches, firewalls
    • Server authentication
    • Remote VPN access
    • 802.1X network access

• RADIUS services available on almost any server operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

UTM / All-in-one security appliance

A
Unified Threat Management (UTM) /
Web security gateway
• URL filter / Content inspection
• Malware inspection
• Spam filter
• CSU/DSU
• Router, Switch
• Firewall
• IDS/IPS
• Bandwidth shaper
• VPN endpoint
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Next-generation Firewalls (NGFW)

A
  • The OSI Application Layer
    • Layer 7 firewall
  • Can be called different names
    • Application layer gateway
    • Stateful multilayer inspection
    • Deep packet inspection

• Requires some advanced decodes
• Every packet must be analyzed, categorized,
and a security decision determined

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

VoIP technologies

A
  • PBX (Private Branch Exchange)
    • The “phone switch”
    • Connects to phone provider network
    • Analog telephone lines to each desk

• VoIP PBX
• Integrate VoIP devices with a corporate phone
switch

• VoIP Gateway
• Convert between VoIP protocols and
traditional PSTN protocols
• Often built-in to the VoIP PBX

17
Q

Content filtering

A
  • Control traffic based on data within the content
    • Data in the packets
  • Corporate control of outbound and inbound data
    • Sensitive materials
  • Control of inappropriate content
    • Not safe for work
    • Parental controls
  • Protection against evil
    • Anti-virus, anti-malware