pace-it, security+1.1: introduction to network devices (part 1)

Introduction to network devices I.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Open Systems Interconnection model.

– Basic network devices.

PACE-IT.

Open Systems Interconnection model.Introduction to network devices I.

Open Systems Interconnection model.

The Open Systems Interconnection (OSI) model was developed as a way to help disparate computing systems communicate with each other.This layered approach to networking has an added

benefit of helping to create a secure networking environment as well.Security can be placed at the various layers of the OSI model to create a layered security arrangement that will vastly improve the security of an overall network.Knowing networking devices and where they fit into the reference model will help the security engineer to create a more safe, secure, and efficient network.


Basic network devices.Introduction to network devices I.

Basic network devices.

– Switch.» A switch utilizes an application-specific integrated

circuit (ASIC) chip and is considered a Layer 2 OSI device.

• The ASIC chip has specific programing that allows the switch to learn when a device is on the network and which ports it is connected to via that device’s Layer 2 MAC address.

» Managed switches allow for security to be placed on the individual switch ports, creating a more secure networking environment.

» A switch will only communicate with local network devices.

– Wireless access point (WAP).» A WAP is a specific type of network bridge that

connects (bridges) wireless network segments with wired network segments and is considered a Layer 2 OSI device.

• The most common type of WAP bridges 802.11 wireless network segments with 802.3 Ethernet network segments.

» All WAPs are capable of utilizing encryption to help ensure a secure networking environment.

» A WAP will only communicate with local network devices.



– Multilayer switch (MLS).» An MLS provides normal Layer 2 network switching

services, but it will also provide Layer 3 or higher OSI model services.

» The most common MLS is a Layer 3 switch.• It not only utilizes an ASIC chip for switching, but that

ASIC chip is also programed to handle routing functions. This allows the device to communicate and pass data to non-local network devices.

» The MLS commonly implements security at Layer 2 and higher of the OSI model.

– Router.» The router is the most common network device for

connecting different networks together utilizing the OSI model’s Layer 3 logical network information.

» The router uses software programming for decision making, as compared to the switch’s use of an ASIC chip.

» Firewalls and access control lists (ACLs) are commonly placed on routers to help secure networks.



– Firewall.» A firewall can be placed on routers or hosts (software

based) or can be its own device (network appliance).» It functions at multiple layers of the OSI model.

• Usually at layers 2, 3, 4, and 7.» It blocks packets from entering or leaving the network.

• Via stateless inspection: the firewall will examine every packet against a set of rules. Once the packet matches a rule, the rule is enforced, and the specified action is taken.

• Via stateful inspection: the firewall will only examine the state of the connection between networks. Specifically, when a connection is made from an internal network to an external network, the firewall will not examine any packets returning from the external connection. As a general rule, external connections are not allowed to be initiated with the internal network.

» It is the first line of defense in protecting the internal network from outside threats.

• Consider it the police force of the network.



– Load balancer.» A load balancer may also be called a content switch or

content filter.• Can be implemented to increase the security of the

network by limiting or filtering the content that is allowed.

» A network appliance that is used to load balance between multiple hosts that contain the same data—spreading out the workload for greater efficiency.

• Commonly used to distribute the requests (workload) to a server farm among the various servers, helping to ensure that no single server gets overloaded.

– Proxy server.» A proxy server is an appliance that requests resources

on behalf of client machines.» It is often used to retrieve resources from outside

untrusted networks on behalf of the requesting client.» It hides and protects the requesting client.» It can also be utilized to filter allowed content.» It can increase network performance by caching

commonly requested Web pages.


What was covered.Introduction to network devices I.

The OSI model was created to help disparate computing systems communicate with each other. An added benefit to the OSI networking model is that security can be added to the different layers, allowing for a highly secure interconnected network.

Topic

Open Systems Interconnection model.

Summary

Switches are Layer 2 devices that forward packets based on MAC addresses. Managed switches allow for security settings to be established for each individual port. WAPs are used to add wireless networking to the traditional wired network. All WAPs are capable of utilizing encryption. The MLS operates at more than one layer of the OSI model. The Layer 3 switch is the most common MLS. Routers operate at Layer 3 of the OSI model and often contain firewalls. Firewalls are capable of operating at more than one layer of the OSI model and can be considered the police force of the network. Load balancers are used to increase the efficiency of a network and may also be used to filter allowed content. Proxy servers are used to request content on behalf of clients from untrusted networks.


THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.