Network Devices

Question 1

Switch

Answer 1

Switch

• Connects hosts; directs traffic based on MAC address
• Unicast traffic only between communicating computers
• Port security - MAC address filtering - switch limits number of MAC addresses per port, or restricts physical ports to specific MAC addresses
• Switches pass broadcast traffic to all ports

Question 2

Hub

Answer 2

Hub

• Unicast traffic goes to all ports
• Replace hubs with switches

Question 3

Router

Answer 3

Router

• Connect multiple networks to create larger network
• Directs traffic based on destination IP address
• Routers do not pass broadcast traffic - reduce traffic on a segment
• Segments separated by subnet - reduces collisions
• Can implement ACLs - antispoofing - allow/block IP addresses

Question 4

STP

Answer 4

STP
Spanning Tree Protocol
-Prevents loops (connecting two ports, or wall jacks)
-Also RSTP

Question 5

MAC Flood Attack

Answer 5

MAC Flood Attack

• Normally one device per switch physical port
• Switch internal table stores MAC address/port associations
• Send large amount of traffic with spoofed MAC address to same port
• Switch runs out of memory and fails open - becomes hub
• Can use protocol analyzer on any port to see traffic between other ports
• Flood guard can prevent

Question 6

Flood Guard

Answer 6

Flood Guard

• Limit memory to store MAC address for each switch physical port
• Switches: prevents MAC flood attacks
• Routers: prevents SYN flood attacks

Question 7

Network Bridge

Answer 7

Network Bridge

• Connects multiple networks
• Can be used instead of router sometimes
• Directs traffic to subnets based on MAC address

Question 8

Firewall

Answer 8

Firewall

-Packet filtering with ACLs (implicit deny)

Question 9

Host-Based Firewall

Answer 9

Host-Based Firewall

• Monitor traffic into/out of single host
• OS includes SW to do: Linux xtables, iptables

Question 10

Stateless Firewall

Answer 10

Stateless Firewall

• Rules implemented as ACLs
• Implicit deny
• permission/protocol/source/destination/port
• permission: permit/deny
• protocol: TCP, UDP, IP (both TCP and UDP), ICPM

Question 11

Statefull Firewall

Answer 11

Statefull Firewall

• Decision to allow/deny based on context/state of traffic
• Block traffic not part of established session

Question 12

WAF

Answer 12

WAF
Web Application Firewall
-Can include load balancing

Question 13

NAT

Answer 13

Network Address Translation

• Translates public IP address to private
• home wifi router, internet facing firewall does
• PAT - Port Address Translation - common form of NAT
• Multiple computers can access internet through one router running NAT

Question 14

Layer 2 Switch

Answer 14

Layer 2 Switch

• Traditional
• Uses MAC address in packets to forward to right port
• Forwards broadcasts to all ports

Question 15

Layer 3 Switch

Answer 15

Layer 3 Switch

• Like router
• Forwards based on IP address
• Blocks broadcast traffic
• Allows VLAN creation
• Not susceptible to ARP attacks

Question 16

Transparent Proxy Server

Answer 16

Transparent Proxy Server

• Accepts and forwards requests (for URLs) without modifying
• Caches for performance

Question 17

Nontransparent Proxy Server

Answer 17

Nontransparent Proxy Server

-URL filters restrict what users can request

Question 18

Reverse Proxy

-What else does it do (two things)?

Answer 18

Reverse Proxy

• Accepts requests from internet, forwards to web server
• Allows web server to be behind firewall
• Caches web pages to improve performance
• Can be load balancer (when multiple web servers)

Question 19

UTM

Answer 19

UTM
Unified Threat Management
-Single solution combining multiple security controls
-URL filtering
-Malware inspection
-Content inspection
-DDoS Mitigator
-Mail gateway (maybe)

Question 20

Switch Use Cases

Answer 20

Switch Use Cases

• Prevent switching loops (STP or RSTP)
• Block MAC flood attacks (flood guards)
• Prevent unauthorized users from connecting to unused ports (disabling unused ports)
• Segmentation (VLANS w/ layer 3 switches)

Question 21

SNMP

Answer 21

SNMP
Simple Network Management Protocol
-Monitors and manages network devices
-Agent on devices