Chapter 11 - Advanced Networking Devices Flashcards
PPTP VPN
Point to Point Tunneling Protocol VPN
Creates tunnels between public networks
Now obsolete
Type of VPN connection where a single computer logs into a remote network and becomes a member of that network
Host-to-site
L2TP VPN
Layer 2 Tunneling Protocol VPN
Developed by Cisco, uses VPN Concentrators
Has no authentication or encryption, so often paired with IPsec
Connecting two VPN concentrators to connect two separate LANs permanently, enabling two LANs to function as a single network, sharing files and services as if in the same building.
Site-to-site
SSL VPN
Uses TLS (formerly SSL) to establish a secure connection over a web browser rather than using specific software
SSL Portal VPN
User is presented with a web page and gains access to anything linked to that page (email, data, other pages, etc)
DTLS VPN
Optimize connections for delay-sensitive applications, such as voice and video over a VPN.
After establishing a traditional TLS tunnel, DTLS VPNs use UDP datagrams rather than TCP segments for communication.
DMVPN
Dynamic Multipoint VPN
Creates direct connections between multiple locations directly rather than using a central VPN location, which would create bottlenecks
Uses IPsec
GRE
Generic Routing Encapsulation
Can pair with IPsec to create a point-to-point connection
In-Band Management
Uses the same network for management of network devices and regular user data. Simpler to set up but may be impacted if the network experiences issues.
Out-of-Band Management
Involves a separate, dedicated network for management of network devices. Provides a more secure and reliable means of managing devices, especially in critical scenarios.
Trunking
Process of transferring VLAN traffic between two or more switches
Trunk Port
A port on a switch configured to carry all traffic, regardless of VLAN number, between all switches in a LAN
VLAN Assignment
Process in which ports are assigned to a newly created VLAN
Tagged Ports
Network ports that carry traffic for multiple VLANs. When a frame leaves a device on a tagged port, it includes a VLAN tag in its header, indicating to which VLAN it belongs.
Typically used in scenarios where a device needs to communicate with multiple VLANs
Untagged Ports
Network ports associated with a specific VLAN. Frames leaving or entering through untagged ports do not include VLAN tags
VLAN Trunking Protocol (VTP)
Cisco proprietary protocol used to automate the updating of multiple VLAN switches. When you make changes to the VLAN configuration of the server switch, all the connected client switches update their configurations within minutes.
interVLAN Routing
The process of connecting separate VLANs through a single router
Relay Agent/DHCP Relay
DHCP cannot natively pass IP addresses through a router. When this is configured, the router will pass DHCP messages across the router interfaces. So now we can use a single DHCP server to serve addresses to multiple networks or subnetworks.
Cisco implements DHCP relay through a configuration command called ____
IP Helper
Command line- ip helper-address
Multilayer Switches
Operates at both Layer 2 and Layer 3. Multilayer switches have the capability to perform routing functions, making them more versatile in handling complex network environments.
Use MAC addresses to forward frames in the same VLAN
Use IP addresses to route between different VLANs or subnets
Can perform interVLAN Routing without the need for an external router
Load Balancing
Making a bunch of servers look like a single server, creating a server cluster.
Requests to these servers are distributed evenly so no one server is bogged down while another is idle.
DNS Load Balancing
Each DNS server for the domain has multiple “A” DNS records, each with the same fully qualified domain name (FQDN). The DNS server then cycles around these records, so the same domain name resolves to different IP addresses.
When a computer comes to the DNS server for resolution, the server cycles through the DNS A records, giving them out in a round robin fashion.
Content Switch/Content Filter
Network device designed to intelligently distribute network traffic based on content, application-layer information, or server health. It operates at Layer 7, making decisions based on information such as URLs, cookies, or application-specific data.
QoS
Quality of Service
Policies that prioritize traffic based on certain rules. These rules control how much bandwidth a protocol, PC, user, VLAN, or IP address may use
Traffic Shaping
Method of QoS where you control the flow of packets into or out of the network according to the type of packet or other rules
Port Bonding
Joining two or more connections’ ports logically in a switch so that the resulting bandwidth is treated as a single connection, increasing speed
Also called Port Aggregation
NIDS vs HIDS
Network Based Intrusion Detection System and Host Based Intrusion Detection System
Network Based scans for signatures
Host Based looks for behaviors
Port Mirroring
Network management feature that involves copying and forwarding network traffic from one network port (or a set of ports) to another designated port. This is done for the purpose of monitoring or analyzing network traffic without disrupting the normal operation of the network.
Proxy Server
Sits in between clients and external servers, and passes requests back and forth. The client computers never touch the outside servers and thus stay protected from any unwanted activity, as well as keeping the client locations hidden
Forward Proxy Server
Acts on behalf of clients, getting information from various sources and handing that information to the clients. The sources (servers) don’t know about the clients, only the proxy server
Reverse Proxy Server
Acts on behalf of the server, handling requests for clients, which don’t know about the server behind the scenes
AAA
Authentication, Authorization, Accounting
