Menu
Welcome to Exam Notes by CertBlaster! In this edition, we will cover advanced networking devices and their deployment. We will examine the benefits of each device with respect to how it protects the network or manages traffic. Have fun!
We can take what we know about hubs, bridges, and switches from objective 2.2 and apply that information to a multilayer switch. A multilayer switch performs the Layer 2 MAC address direction and additionally performs the Layer 3 IP based routing functions. Switching is still performed at Layer 2. Routing takes place at Layer 3.
In large organizations, your wireless network will have multiple APs and some may even be in different buildings. The nature of wireless networking is that it is constantly changing APs are added and policies are modified. In order to be compliant with these changes, A Wireless controller is used. The wireless controller is capable of centralized management of all WAPs through a single interface. The wireless controller allows you to add access points, manage and configure all access points and monitor activity on each AP.
If you are providing large scale services like Web servers or Databases the availability of your service is a primary concern. You will have multiple servers and use a Load balancer to provide fault tolerance should a server fail, the other servers connected to the load balancer will continue service.
The load balancer can also be configured as an SSL endpoint taking the encryption overhead away from the servers and increasing their efficiency. Load balancers can also cache information requests and provide the cached information to any client making the same request.
An Intrusion Detection System (IDS) is a device that monitors network traffic for exploits and other malicious traffic. When suspicious activity is detected the IDS will issue an alarm. It does not have the capability to block the suspected traffic. This is where an Intrusion Prevention System (IPS) will become more useful. An IPS can block suspicious traffic before it reaches the network.
A proxy server is a device placed between your private network/LAN and the internet. It is designed to handle all internet requests by caching them then sending the request, receiving the response and analyzing it for potential problems. If the response is clean it will be allowed on to the local network host.
For large organizations that maintain multiple simultaneous VPN connections, a device called a VPN concentrator is used as the VPN server. The VPN concentrator can assume the tasks of VPN client authentication, establishing VPN tunnels and managing the encryption used for VPN transmissions. VPN encryption will be IPsec and SSL
Authentication, authorization, and accounting (AAA) is the method of controlling user access to resources and tracking their activity on an IP network. Remote Authentication Dial-In User Service (RADIUS) uses a centralized server to enforce the AAA controls. RADIUS is often deployed on a dedicated server, but it can also run as software on a remote access server.
A Unified Threat Management (UTM) appliance represents the culmination of network security devices It could be but is not necessarily a single device. A UTM appliance can be a router, switch, firewall, an IDS/IPS or gateway. The NFGW (below) has been added to this configuration. The concept is to provide the overall protection of these methods in a layered implementation. Importantly here, this implementation is only as strong as the weakest link
In earlier editions, we discussed Standard packet filtering firewalls. While these are effective at the Network Layer they cannot examine the contents of a packet and discriminate between authorized authentic traffic and potentially malicious traffic. The Next Generation Firewall (NGFW) can examine packets up to OSI Layer 7 making it capable of providing protection up to the Application Layer. NGFW is considered a component of a sound UTM environment. Since the Layer 7 firewall can examine application data it is sometimes referred to as a content filter.
In companies the use VoIP telephone systems aka telephony, a VoIP gateway is installed to convert the analog VoIP signal to digital IP packets for delivery to the recipient.
You will often see a dedicated telephony switch called a VOIP PBX that handles all internal VoIP communications while handling the external VoIP traffic through the VoIP gateway.
That’s everything for objective 2.3! See you in 2.4!
By continuing to browse this site, you accept the use of cookies and similar technologies that will allow the use of your data by CertBlaster in order to produce audience statistics- see our privacy policy.