Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
This segment will cover some of the more advanced topics in networking such as the topologies in client/server and peer-to-peer systems, the features and functions of Virtual Private Networks (VPNs), how to configure and deploy Virtual Local Area Networks (VLANs), and finally how to implement advanced switch features. Advanced network devices work at multiple OSI layers, an example of this is the home router which is actually a multilayer switch. For this course you need to understand logical network topologies including client/server, peer-to-peer, VPN, and VLAN. Logical network topologies are logical models for networks involving computers playing the roles of servers and clients. These client/server topologies are the earliest network models, followed by peer-to-peer topologies. Systems like Windows 98 were peer-to-peer with the security flaw of having no user accounts and the choice between read only and full control. These networks are available to anyone connected over the network. Today's peer-to-peer networks have much more robust security. These topologies are linked to individual application such as e-mail clients and servers. In this case, the client reads and writes e-mail while the server stores it. VPNs, or Virtual Private Networks, are private networks that connect to the internet through encrypted tunnels. PPTP and L2TP are the two primary tunneling protocols. In Point-to-Point Tunneling Protocol (PTTP), the client interacts with a Routing and Remote Access Service (RRAS) and creates a tunnel through the internet. The Layer2 Tunneling Protocol (L2TP) was developed by Cisco and has all the good features of PTTP with added features. However, L2TP require a VPN concentrator to connect to internal LAN. L2TP has no authentication or encryption and requires IPsec for security. "L2TP/IPsec" would be a more accurate descriptor of this system. Some serious networks are very complex and handle many tasks at once, making it difficult to manage. The solution to this is VLANs, or Virtual Local Area Networks. VLANs allow you to divide a complex network into easier-to-manage virtual networks. Ethernet switches in these networks use IEE 802.1Q. VTP, or VLAN Trunking Protocol, is used to manage multiple VLANs. These networks go from server, client, to transparent states. Certain multilayer switches work to hide web servers behind a single IP address, solving problems with client caching and DNS load balancing. Content switches are also useful for load balancing by taking the workload of loading content off your browser and reduce load times. Quality of Service (QoS) controls bandwidth use, while traffic shaping guarantees a certain bandwidth and/or latency. Now we will explore some network protection methods, including intrusion protection/intrusion detection, port mirroring, proxy serving, and lastly port authentication. Intrusion detection/intrusion prevention (IDS/IPS) inspect incoming packets for network based IDS, host-based IDS passively. IPS can actively react to an attack and block incoming devices. Port mirroring mirrors data from ports to single ports, allowing inspection of packets to and from various computers. Proxy servers offer an additional layer of security by making requests to servers on behalf of a client, but it does not allow DNS to be used to access the proxied server. Port authentication is authentication at the point of connection, and it is critical for AAA authentication in RADIUS, TACACS+, and 802.1X. TACACS+ is covered under CompTIA and many switches and WAPs support this port authentication.