Operation of Infrastructure Flashcards
4.2.1
Secure Network Components
make up the backbone of the logical infrastructure for an organization. These components are often critical to day to day operations, and an outage or security issue can be very costly
Modems
Provide modulation/demodulation of binary data into analog signals for transmission. A type of channel service unit (CSU)/Data Service Unit (DSU) typically used for converting analog signals into digital.
Channel Service Unit (CSU)
Handles communication to the provider network
Data Service Unit (DSU)
Handles communication with internal digital equipment (in most cases, a router)
Firewalls
Essential tools in managing and controlling network traffic. Used to filter traffic
Switch
repeats traffic only out of the port on which the destination is known to exist. Offer greater efficiency for traffic delivery, create separate collision domains, and improve the overall throughput of data. Usually operates on layer 2 but sometimes layer 3
Routers
Used to control traffic flow on networks and are often used to connect similar networks and control traffic flow between the two. Operates on layer 3
Gateways
connects networks that are using different network protocols. Also known as the protocol translators, can be stand alone hardware devices or a software service. Operates on layer 3
Repeaters, Concentrators, and Amplifiers
used to strengthen the communication signal over a cable segments as well as connect network segments that use the same protocol. operates on layer 1
Bridges
Used to connect two networks (even networks of a different topologies, cabling types, and speeds) in order to connect networks segments that used the same protocol. operates on layer 2
Hubs
were used to connect multiple systems and connect network segments that use the same protocol. A multiport repeater. Operates on layer 1
LAN Extenders
A remote access, multilayer switch used to connect distant networks over WAN links
Static Packet Filtering Firewalls
Filters traffic by examining data from a message header (source/destination address, ports, protocol) Operates on the Network Layer
Application Level Firewalls
filters traffic based on a single internet service, protocol, or application. Operates at application layer
Circuit Level Firewalls
Used to establish communication sessions between trusted partners. Operate at the session layer
Stateful Inspection Firewalls
Evaluate the state, session, or the context of network traffic. In order words review the header
Deep Packet Inspection Firewalls
filtering mechanism that operates typically at the application layer in order to filter the payload contents of communication rater than only on the header values. In other words review the payload.
Web Application Firewalls (WAF)
Protects web applications by filtering and monitoring HTTP traffic between a web application and the internet.
Typically protects web applications from common attacks like XSS, CSRF, and SQL injection
Next Generation Firewalls (NGFW)
a deep packet inspection firewall that moves beyond port/protocol inspection and blocking.
Adds application-level inspection, intrusion prevention, and brings intelligence from outside the firewall
Redundant Power
Typically used with components such as servers, routers, and firewall. Paired with other types of redundancies to provide high availability.
Warranty and Support
Orgs should maintain a current and active warranty on all network devices to provide coverage in the event of a system mulfunction.
Bastion Host
A type of firewall or host computer that is exposed on the internet and has been hardened by removing all unnecessary elements such as services, programs, protocols, and ports
Screen Host
is a firewall protection system logically positioned just inside a private network. Is the most secure option
Screened Subnet
Creates a DMZ network between trusted and untrusted
Proxy Server
functions on the behalf of the client requesting service, masking the true origin of the request to the resource.
Wireless Access Points (WAP)
Network device that allows wireless enabled devices to connect to a wired network. Connects directly to a wired LAN and then provides wireless connections into that wired LAN using Wifi.