NS to enhance network security, Specialized Security Appliances, compare…
NS to enhance network security
Port security, dynamic ARP inspection and DHCP snooping
Access lists for a Layer 3 firewall
– Layer 4 stateful firewall
Web proxy firewall
Email proxy firewall
SSL security appliance
WPA2 encryption and authentication
Blocks malicious data from servers and clients.
Reduces security management complexity.
Sanitizes protocol flow.
can have serious consequences for the network.
performance can slow down.
cannot be passed over firewalls securely.
All traffic flows through the firewall.
resistant to network attacks.
enforce the access control policy
Transparent firewall -
Host-based (server and personal) firewall
Application gateway firewalls (Proxy firewall)
Packet filtering (Stateless) firewalls -
Packet Filtering Firewalls
simple policy table look-up
IDS and IPS
no impact network
no impact if sensor fail
can use stream
stop trigger packet
more vulnerable to netsec
cant stop trigger packet
overloading the network
affect network traffic
type of IPS
ombine antivirus software,
network based IPS
critical component of intrusion prevention.
Specialized Security Appliances
Filter traffic based on traffic type.
Provide traffic flow control.
Manager that runs SNMP management
the nodes being
provides statistics on packets flowing through
a Cisco router or multilayer switch.
common method of accessing system messages.
Allows networking devices to send their system messages across the network to
allows a switch to make duplicate copies of traffic passing
through a switch
send data out a port with a network monitor
synchronize their time settings with an NTP server
can be set up to synchronize to a private master clock
Accounting and auditing
encrypted to keep the data
confidential while it is transported across the public network
private network that is created over a public network
compare three categories of network component
logical and physical
physical connections and identifies how end
devices and infrastructure devices are interconnected.
network transfers frames from one node
to the next.
differences between WAN and LAN
hub and spoke
a central site
interconnects branch sites using point-to-point links.
provides high availability,
point to point
a permanent link between two endpoints.
interconnect other star topologies
All end systems are chained to each other
connected to a central intermediate device.
connected to their respective neighbors,