Network Devices Flashcards
Switch
Switch
- Connects hosts; directs traffic based on MAC address
- Unicast traffic only between communicating computers
- Port security - MAC address filtering - switch limits number of MAC addresses per port, or restricts physical ports to specific MAC addresses
- Switches pass broadcast traffic to all ports
Hub
Hub
- Unicast traffic goes to all ports
- Replace hubs with switches
Router
Router
- Connect multiple networks to create larger network
- Directs traffic based on destination IP address
- Routers do not pass broadcast traffic - reduce traffic on a segment
- Segments separated by subnet - reduces collisions
- Can implement ACLs - antispoofing - allow/block IP addresses
STP
STP
Spanning Tree Protocol
-Prevents loops (connecting two ports, or wall jacks)
-Also RSTP
MAC Flood Attack
MAC Flood Attack
- Normally one device per switch physical port
- Switch internal table stores MAC address/port associations
- Send large amount of traffic with spoofed MAC address to same port
- Switch runs out of memory and fails open - becomes hub
- Can use protocol analyzer on any port to see traffic between other ports
- Flood guard can prevent
Flood Guard
Flood Guard
- Limit memory to store MAC address for each switch physical port
- Switches: prevents MAC flood attacks
- Routers: prevents SYN flood attacks
Network Bridge
Network Bridge
- Connects multiple networks
- Can be used instead of router sometimes
- Directs traffic to subnets based on MAC address
Firewall
Firewall
-Packet filtering with ACLs (implicit deny)
Host-Based Firewall
Host-Based Firewall
- Monitor traffic into/out of single host
- OS includes SW to do: Linux xtables, iptables
Stateless Firewall
Stateless Firewall
- Rules implemented as ACLs
- Implicit deny
- permission/protocol/source/destination/port
- permission: permit/deny
- protocol: TCP, UDP, IP (both TCP and UDP), ICPM
Statefull Firewall
Statefull Firewall
- Decision to allow/deny based on context/state of traffic
- Block traffic not part of established session
WAF
WAF
Web Application Firewall
-Can include load balancing
NAT
Network Address Translation
- Translates public IP address to private
- home wifi router, internet facing firewall does
- PAT - Port Address Translation - common form of NAT
- Multiple computers can access internet through one router running NAT
Layer 2 Switch
Layer 2 Switch
- Traditional
- Uses MAC address in packets to forward to right port
- Forwards broadcasts to all ports
Layer 3 Switch
Layer 3 Switch
- Like router
- Forwards based on IP address
- Blocks broadcast traffic
- Allows VLAN creation
- Not susceptible to ARP attacks
Transparent Proxy Server
Transparent Proxy Server
- Accepts and forwards requests (for URLs) without modifying
- Caches for performance
Nontransparent Proxy Server
Nontransparent Proxy Server
-URL filters restrict what users can request
Reverse Proxy
-What else does it do (two things)?
Reverse Proxy
- Accepts requests from internet, forwards to web server
- Allows web server to be behind firewall
- Caches web pages to improve performance
- Can be load balancer (when multiple web servers)
UTM
UTM Unified Threat Management -Single solution combining multiple security controls -URL filtering -Malware inspection -Content inspection -DDoS Mitigator -Mail gateway (maybe)
Switch Use Cases
Switch Use Cases
- Prevent switching loops (STP or RSTP)
- Block MAC flood attacks (flood guards)
- Prevent unauthorized users from connecting to unused ports (disabling unused ports)
- Segmentation (VLANS w/ layer 3 switches)
SNMP
SNMP
Simple Network Management Protocol
-Monitors and manages network devices
-Agent on devices
