Chapter 8 - Advanced network devices

Question 1

Multi Layer Switch

Answer 1

Operates at both layer 2 (Data Link) and layer 3 (Network)

Performs basic functions of both a switch and router
Uses an Application Specific Integrated Circuit (APIS) to accomplish Routing
Examine packets to determine if it needs to send to another device on a different network using the IP Address.
If two network, it can use a segments of using the same IP Address.

!segment addresses must not overlap!
!giver option to configure two networks into one!
!assess packet forwarding on IP and MAC address!

Question 2

Multi Layer Switch Benefits

Answer 2

Easy to use
as it’s auto configurable and no need to learn new IP switching technology

Convergence
by responding to route failures and routing technology changes

!understands routing protocols!

Resilience
Supports Hot Standby Router Protocol (HSRP) which eliminates a single point of failure, allowing device to to send to a stand by device without disrupting services.

Access List Support
Can filter traffic base on access list and prevents traffic crossing between subnets

Transparency
No new routing protocols implemented and supports DHCP

Standards Based
Internet Engineering Task Force (IETF) protocols like
Open Shortest Path First (OSPF)
Routing Information Protocol (RIP)

Simplified network design by retaining existing structure

Management
Analysis of Accounting and Traffic to generate reports

Question 3

Wireless Controlers

Answer 3

Is centralised management device that manages and can configure all access points

Question 4

What can some WLAN Controllers enable?

Answer 4

VPN connectivity
Intrusion detection
Firewall settings

It’s simple to connect to a wireless controller to give access to all WAP in the network

Question 5

What a Wireless Controller Offers?

Answer 5

1/ Centralised Authentication
You don’t need to creat individual MAC Address Tables for each access point

Authentication performed by RADIUS, Active Directory and LDAP integration

2/ Interference Mitigation
Access Points operate in non overlapping channels
No loss of packets due to interference in a dense wireless network

3/ Load Balancing
Users shift to adjacent AP if load becomes unbalanced
It occurred when an AL has a higher number of users while a neighbour WAP has fewer

4/ Radio Balancing
Enables clients to connect only to 802.11n AP

5/ Fail Over
Automatic Shift to a neighbour WAP during failure

Question 6

Load Balancers

Answer 6

A physical network appliance use to distribute traffic across multiple servers.

It also won’t forward requests to a sever which has failed.

!all servers have to perform the same task!

!at least have 1 consistency service. Servers can perform other tasks!

Question 7

Load Balancer traffic routing

Answer 7

Based on

Availability
Resource utilisation
Number of connections to the server
Over all server performance

If server 1 is more robust than server two. You’d use server 1 to Handel more requests.

Question 8

Load Balancer Benefits

Answer 8

Minimise probability of servers becoming overwhelmed by traffic

Optimise bandwidth to each computer or terminal

Minimise network downtime

Perform traffic prioritisation

Provide end to end application monitoring

Provide user authentication

Protect against malicious attacks like DoS

!Load balancers can be configured to reject non logo to mate requests! (Attacks)

Question 9

IDS

Answer 9

Intrusion Detection System

Detects suspicious activity on a host or network
Analyses traffic patterns and tried to identify normal traffic
Other if the normal traffic considered an intrusion
Can mitigate detected activity using logs

!IDS doesn’t stop an attack! It only detects suspicious activity!

Question 10

IPS

Answer 10

Detects and prevents attacks

Question 11

Network firewall

Answer 11

Allows or Denys traffic based on packet header for

IP Address
Protocol type
Port Number

Question 12

IDS Types

Answer 12

1/Host Based
Web sever or database server

2/Network Based
Must see all network traffic to identify suspect activity

3/Logs
Log suspicious activity to alert of the threat but doesn’t stop it.

Question 13

IPS Types

Answer 13

1/Host Based
Runs on individual host on the network

2/Network Based
Must be able to see all network traffic to identify and prevent attacks

3/activity log
IPS activity logs alert of an occurrence and prevents the threat

Question 14

Proxy Servers

Answer 14

Places in a DMZ
Implemented to eliminate direct connectivity between
1/ Internal clients from internet and
2/ external clients from internal recourses

• Protects host identity as outgoing traffic appears to come from the proxy*
• Uses public IP Address to collect requested internet data for clients*

Question 15

Reverse Proxy

Answer 15

Listens for connection requests for a given network service like TCP vid port 80 for a website

Connection is then forwarded to internal host

Question 16

Proxy Configuration

Answer 16

Must be configured to a specific application like HTTP or FTP protocols

Question 17

Proxy Benefits

Answer 17

Retrieves internet content for clients
Concentrate can be cached
Client identity is never revealed
Can examine packet header and payload to block certain content and at specific times
Can configure cache again timers to discard expired content (TTL value)
Can schedule pre fetched content

Question 18

VPN Concentrator

Answer 18

Network device that provides remote access for VPNs
Allowing for high through out and encryption

It’s a dedicated device enabling servers to not be directly exposed to the internet

Question 19

Point to Point VPN

Answer 19

When a single user wants to connect

Question 20

Site to site VPN

Answer 20

Is when you want a persistent connection between HQ and branch offices

Question 21

VPN concentrator typical use

Answer 21

Site to site architecture 
Established tunnels
Authenticates users
Assigns IP address to users
Encrypts and decrypts data (offloads need vis internal resources)
Ensures data delivery

• Encryption accomplished using *
  1/ Internet Protocol Security (IPSec) and
  2/ Secure Socket Layer (SLL)

Question 22

VPN concentrator Authentication

Answer 22

Uses
Active Directory
Kerberos (used for AD users for authentication
Digital certificates
Remote authentication dial in service (RADIUS)

Question 23

AAA services for remote access

Answer 23

Authentication (Kerberos)
Authorisation
Accounting which keeps track of users and what they have done while logged in.

Question 24

RADIUS

Answer 24

Remote Authentication Dial In User Service

802.1X standard
Based on AAA protocol for remote connections
Controls authentication requests
A network access server forwards requests to the RADIUS server which handles authentication
Widely used for VPNs, Access Points, Remote Access

• Radius only encrypts passwords. UN is in clear text*
• only need to configure one policy to apply to all users*

Question 25

TACACS+

Answer 25

Terminal Access Controller Access Control System

CISCO developer AAA protocol
It’s not only supported by CISCO products
Encrypts all information between clients and server

Question 26

UTM

Answer 26

Unified Threat Management

All in one security device, designed to replace a typical firewall
Consolidated many security services into one device

Question 27

UTM Provides

Answer 27

Network firewall
Intrusion detection
Antivirus and anti spyware
VPN
Load Balancing 
Content filtering

Question 28

Enterprise UTMs provide

Answer 28

Identify base access control
QoS
SSL and SSH inspection
Network Intrusion prevention

Question 29

UTM advantage and disadvantage

Answer 29

Reduces complexity

Becomes a single point of failure

Question 30

NGFW

Answer 30

Next Generation Firewall
Can be hardware or software based
It detects and prevents network attacks through use of
- Security policy
- port and protocols
- operates through multiple OSI layers (up to application layer)

Question 31

NGFW capabilities

Answer 31

1/ URL Filtering
Can categorise website to allow or block
Enable filtering at specific times or days
Suitable proxy server URL filter

2/ implement app visibility and control
Detects every app on the network in real time
Optimises bandwidth using app awareness to allow or restrict

3/Monitor App Performance

4/Improve Security

5/ Identify Awareness
Enforce policy for users and groups

6/Implementation
Can be hard coded into firewall and block malicious activity by monitoring the network

7/IPS integration
Monitors a blocks malicious activity and can employ prevention by

• Alerts and notification
• Drop malicious packets
• block source traffic
• reset connections

8/ Malware monitoring
Inspect incoming traffic and block out going communication.

Question 32

VoIP Gateway

Answer 32

Uses internet to transmit voice
Converts voice calls between the Public Switch Telephone Network (PSTN) and IP Network

gateway not required for internal calls

Question 33

VoIP Gateway Characteristics

Answer 33

Voice and fax compressions and decompression
Packeting for IP
call routing
Control signal
Billing system
Network management system

Question 34

Content filter

Answer 34

Screens and excludes internet content

Implemented using character strings and preset thresholds which can be modified