Lesson 9 Implement Secure Network Designs Flashcards
Switches
Forward frames between nodes in a cabled network
- works at the Datalink layer (2) of the OSI Model
- makes forwarding decisions based on the HW MAC address of attached nodes
- can establish network segments to the cabling or logical segments to establish virtual LANS (VLANS)
- Data it moves is frames
WAP
Wireless Access Point
- Provides a bridge btwn a cabled network and wireless clients or stations
- works at the OSI model Datalink layer (2)
- works with frame data
Routers
Forward packets around an internet based on IP addresses
- works on OSI Model Network layer (3)
- can apply logical IP subnet addresses to segments within a network
- works on Frame data
Firewalls
Apply Access Control List (ACL) to filter traffic passing in or out of a network segment
- works a the OSI Model Network layer (3)
Load Balancers
Network appliance which distributes traffic btwn network segments or servers to optimize performance
- works at the OSI Model Transport layer (4) or higher
DNS
Domain Name System
- A system which resolves IP addresses to FQDNs
- Works at OSI Model Application layer (7)
- abuse of name resolution is a common attack vector
OSI Model - Layer 1
Layer 1: Physical PDU: bits HW: Hubs, net tap, repeaters Addressing: none Protocols: UTP, STP, COAX, Fiber, TDM, FDM Control: node
OSI Model Layer 2
Layer: Datalink - Connects nodes inside a LAN together - Nodes to Nodes
PDU: Frame
HW: Switch, Bridge, WAP
Addressing: MAC address (Physical Address), VLAN id
Protocols: Ethernet, PPP, LLC
Control: MAC Filtering
Address Resolution Protocol (ARP) between Physical and Datalink layers
OSI Model Layer 3
Layer: Network - Connects LANs together - LAN to LAN
PDU: Packet
HW: Router, Layer 3 Switches
Addressing: IP Addresses (Logical Addresses)
Protocols: IP, ICMP, IPSec, IGMP
Control: Packet Filtering Firewall
OSI Model Layer 4
Layer: Transport - End to end connections PDU: Segment HW: Load Balancer, Firewall Addressing: Logical Port Numbers Protocols: TCP, UDP, optionally SSL/TLS Control: Packet Filtering Firewall
OSI Model Layer 5
Layer: Session - Interhost Communication
- Synchronize upper layers with lower layers
- allows session establishment btwn processes
PDU:
HW:
Addressing:
Protocols:
OSI Model Layer 6
Layer: Presentation - Syntax layer
- Formats the data as needed
PDU: Data HW: Addressing: Protocols: Control: NGFW or App layer Firewall
OSI Model Layer 7
Layer: Application - End Used Layer PDU: Data HW: Addressing: Protocols: HTTP(TCP 80), HTTPS(TCP 443), SMTP(TCP 25), FTP (20, 21) Control: NGFW or App Layer Firewall
ARP
Address Resolution Protocol
- Maps a MAC address to and IP address
- Sits btwn Datalink (2) and Network (3) layers
Firewall
- sits between Network Layer (4) and Datalink Layer (3)
DNS
Domain Name System
- Sits btwn Transport Layer (4) and the upper layers (5-7)