Chapter 6: Network Components
You should be (deeply) familiar with bridges and repeaters, hubs and switches, routers, firewalls and edge devices from your Network+ studies.
Be clear that the functions of many of the edge devices are more and more often all found merged in one box. Depending on the size of your enterprise, that box may be from Cisco, Juniper, Fortinet or many others. If you have less to spend you’ll be looking at free/community edition edge devices or software (which will often be called “firewalls” though they do much more).
VPNs
IPsec
SSL / TLS
Types of Firewalls
- Packet filters (Layer 3)
- NAT
- Stateful packet filtering (Layer5)
- ACLs
- Application proxies (Layer 7)
- Network proxies (Layer 3)
- Host-based vs. Network-based
pfSense
“pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.” – https://en.wikipedia.org/wiki/PfSense
A Comparison: Ubiquity, pfSense, Untangle
NIDS / NIPS
- Signature-based
- Heuristic
- Anomaly
- Inline vs. Passive
- In-band vs. Out-of-band
Analytics
False positive
False negative
Routers
ACLs
Antispoofing
Switches
Port security:
- Static learning
- Dynamic learning
- Sticky learning
Loop prevention
Flood guard
Load Balancers
Scheduling:
- Affinity
- Round-robin
Active-Passive
Active-Active
Virtual IPs
WiFi
SSID
BSSID
ESSID
MAC filtering
Signal strength
Band and Bandwidth
Antenna Types
Fat vs. Thin APs
Controller-based vs. Standalone
SIEM: Security Incident Event Management
Functions:
- Aggregation
- Correlation
- Automated Alerts and Triggers
- Time synchronization
- Deduplication
- Log analysis
DLP: Data Lost Prevention
Cloud
USB
NAC: Network Access Control (802.1x)
Mail Gateways
Spam filtering
SSL/TLS Accelerators
For busy secure sites