Provides improved performance.
Provides improved security.
A Virtual LAN (VLAN) allows the segmentation of physically connection components on switches to be logically divided.
A Virtual Local Area Network (VLAN) creates multiple subnets and smaller broadcast domains.
VLANs can scale to entire layer 2 network, however it is stopped by a router.
VLANs help us segment the network on a per interface basis and isolate traffic.
Demilitarized Zone
Allows strict access to users from the Internet to devices within the DMZ
Allows external vendors and suppliers to access a part of the network.
Allows only authorized users.
This is a private network containing corporate resources to only internal users such as employees.
North-South traffic is traffic entering and leaving the network.
The East-West traffic is traffic between systems within a network such as a data center.
Trust nothing
Secure communications over an unsecure network such as the Internet.
Provides confidentiality.
Virtual Private Network (VPN) between 2 branch offices.
Allows you to access a network securely over an unsecure network.
All traffic between encrypted on the VPN tunnel.
Allow teleworkers to connect to the corporate network from a computer or laptop.
A VPN client application is installed on the user's device.
The VPN client establishes a secure tunnel between the computer and the VPN concentrator.
Creates a VPN tunnel between one device to another.
Requires a software to be installed on each device.
Traffic for the corporate network goes through the VPN tunnel while all other traffic goes directly out to the Internet.
All traffic is routed through the VPN tunnel to the corporate network, then out to the Internet.
Creates the tunneling communication between systems.
This does not perform data encryption.
Can be used with data encryption protocols to provide confidentiality.
Widely supported
Provides weak data encryption.
Uses Microsoft Point-to-Point Encryption.
Widely supported.
Provides stronger security.
Very complex to configure.
Firewall can block this protocol.
Uses IPsec.
Works over port 443.
Works with only Microsoft systems.
Uses SSL 3.0.
Supports mobility.
There is limited support.
Uses IPsec.
Filter URLs.
Perform caching.
Content filtering.
Conserves Internet bandwidth.
Forward Proxy - Intercepts and forwards internal clients requests to the Internet.
Reverse Proxy - Intercept and forwards request from systems on the external network to the internal network.
Jump Server
A load balancer is designed to distribute load between multiple devices
Provide fault tolerance
A Virtual IP address is an IP address that does not change as compared to the IP address on the physical network interface card.
Active/active - Distribute the load equally between all active servers.
Active/passive - Distribute load to the active system only and failover to the standby system if the active system is offline.
Round robin
Weighted round robin
Least connection
Weighted least connection
Broadcast storm - Multiple systems generating broadcast frames across the network.
Loop prevention - Spanning Tree Protocol (STP) prevents layer 2 loops on a switch network.
BPDU guard - Prevents Bridge Protocol Data Unit (BPDU) from entering a switch port.
DHCP snooping - Used to prevent rogue DHCP servers on a network.
MAC filtering - Create a list of allowed and denied MAC addresses.
Port mirroring - Allows a switch to create a copy of traffic and send the copy out a specific interface. Also known as a Switch Port Analyzer (SPAN) port.
Firewalls are used to filter both inbound and outbound traffic.
They are used to prevent malicious traffic from entering and even leaving your network.
Firewalls can be installed on host devices such as your computers and mobile devices.
Firewalls can be implemented on a network to monitor all network traffic.
Some firewalls are able to operate up to Layer 4 of the OSI model
Filter traffic based on the source and destination IP addresses and source and destination port numbers.
These types of firewalls can restrict traffic between networks
This type of firewall does keep track of sessions.
Looks the 5 Tuples: source and destination IP address, source and destination service port numbers and Protocol.
Highly rely on the access-control lists rules to filter traffic between networks
This type of firewall simply takes a look at the sessions between a sender and a destination.
Blocks URLs and website addresses.
Can perform inspection of each packet
Can detect if the traffic is going to YouTube, Microsoft and other websites.
Can prevent malware or malicious code from passing through the firewall
Allow or deny traffic based on the Tuples
Source IP, destination IP, Source Port, Destination Port, Protocol
At the bottom of all ACLs is an implicit deny rule
Intrusion Detection System can only monitor traffic and send an alert only after it detects a threat.
Intrusion Prevention System sits in-line to network and blocks malicious traffic as it is detected.
Signature-based - Look for a perfect match in the traffic.
Anomaly-based - Build a baseline of what’s “normal”
Behavior-based - Observe and report
Heuristics - Looks for a specific patterns in the traffic
False Positive - No threat exists and an alert is triggered
True Positive - A threat exists and an alert is triggered
False Negative - Threat exists and no alert is triggered
True Negative - No threat exist and no alert is sent.