Unit 17
Chapter 11
You should be (deeply) familiar with bridges and repeaters, hubs and switches, routers, firewalls and edge devices from your Network+ studies.
Be clear that the functions of many of the edge devices are more and more often all found merged in one box. Depending on the size of your enterprise, that box may be from Cisco, Juniper, Fortinet or many others. If you have less to spend you’ll be looking at free/community edition edge devices or software (which will often be called “firewalls” though they do much more).
VPNs
Layer 2
PPTP
Think Microsoft
MS RRAS
Site-to-site
Host-to-site
L2TP
Think Cisco
VPN Concentrator
Layer 3
IPsec
OpenVPN, or
Provides encryption at L3 to many VPN systems
GRE + IPsec
Layer 4
SSL / TLS
Secure website, or
SSL Tunnel VPNs (which still use a browser, usually with some network access via plugins)
Switches
Port security:
-
-
-
- Static learning
- Dynamic learning
- Sticky learning
-
-
Loop prevention
Flood guard
VLANs
Trunking: 802.1q
VLAN1: the Native VLAN
VLAN Tagging (only for VLAN2 and up)
Dangers of double-tagging
Segmentation
Interface properties
Switch port vs. Router port
Static vs. Dynamic
Inter-VLAN Routing
DHCP Relay Agent / DHCP Helper
Load Balancers
Scheduling:
-
-
-
- Affinity
- Round-robin
-
-
DNS round-robin
Content switch: Layer 7
Failover and Redundancy
Active-Passive
Active-Active
Virtual IPs
NIC Teaming / NIC Bonding / NIC Aggregation
IDS / IPS
Signature-based
Heuristic
Anomaly
Inline vs. Passive
In-band vs. Out-of-band
Detection and notification vs. detection and prevention
Snort
Host-based: HIDS
Network based: NIDS
Port Mirroring
Analytics
False positive
False negative
Crossover rate
SIEM: Security Incident Event Management
Functions:
-
-
- Aggregation
- Correlation
- Automated Alerts and Triggers
- Time synchronization
- Deduplication
- Log analysis
-
DLP: Data Lost Prevention
Cloud
USB
Proxy Servers
Forward
Reverse
Types of Firewalls
Packet filters (Layer 3)
NAT
Stateful packet filtering (Layer5)
ACLs
Application proxies (Layer 7)
Network proxies (Layer 3)
Host-based vs. Network-based
pfSense
“pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network. It can be configured and upgraded through a web-based interface, and requires no knowledge of the underlying FreeBSD system to manage.” – https://en.wikipedia.org/wiki/PfSense
A Comparison: Ubiquity, pfSense, Untangle