Network Topologies, VPNs, VLANs, and Switches

FacebookTwitterGoogle+LinkedInEmail
Description

This segment will cover some of the more advanced topics in networking such as the topologies in client/server and peer-to-peer systems, the features and functions of Virtual Private Networks (VPNs), how to configure and deploy Virtual Local Area Networks (VLANs), and finally how to implement advanced switch features. Advanced network devices work at multiple OSI layers, an example of this is the home router which is actually a multilayer switch. For this course you need to understand logical network topologies including client/server, peer-to-peer, VPN, and VLAN.

Logical network topologies are logical models for networks involving computers playing the roles of servers and clients. These client/server topologies are the earliest network models, followed by peer-to-peer topologies. Systems like Windows 98 were peer-to-peer with the security flaw of having no user accounts and the choice between read only and full control. These networks are available to anyone connected over the network. Today’s peer-to-peer networks have much more robust security. These topologies are linked to individual application such as e-mail clients and servers. In this case, the client reads and writes e-mail while the server stores it.

VPNs, or Virtual Private Networks, are private networks that connect to the internet through encrypted tunnels. PPTP and L2TP are the two primary tunneling protocols. In Point-to-Point Tunneling Protocol (PTTP), the client interacts with a Routing and Remote Access Service (RRAS) and creates a tunnel through the internet. The Layer2 Tunneling Protocol (L2TP) was developed by Cisco and has all the good features of PTTP with added features. However, L2TP require a VPN concentrator to connect to internal LAN. L2TP has no authentication or encryption and requires IPsec for security. “L2TP/IPsec” would be a more accurate descriptor of this system.

Some serious networks are very complex and handle many tasks at once, making it difficult to manage. The solution to this is VLANs, or Virtual Local Area Networks. VLANs allow you to divide a complex network into easier-to-manage virtual networks. Ethernet switches in these networks use IEE 802.1Q. VTP, or VLAN Trunking Protocol, is used to manage multiple VLANs. These networks go from server, client, to transparent states.

Certain multilayer switches work to hide web servers behind a single IP address, solving problems with client caching and DNS load balancing. Content switches are also useful for load balancing by taking the workload of loading content off your browser and reduce load times. Quality of Service (QoS) controls bandwidth use, while traffic shaping guarantees a certain bandwidth and/or latency.

Now we will explore some network protection methods, including intrusion protection/intrusion detection, port mirroring, proxy serving, and lastly port authentication. Intrusion detection/intrusion prevention (IDS/IPS) inspect incoming packets for network based IDS, host-based IDS passively. IPS can actively react to an attack and block incoming devices. Port mirroring mirrors data from ports to single ports, allowing inspection of packets to and from various computers. Proxy servers offer an additional layer of security by making requests to servers on behalf of a client, but it does not allow DNS to be used to access the proxied server. Port authentication is authentication at the point of connection, and it is critical for AAA authentication in RADIUS, TACACS+, and 802.1X. TACACS+ is covered under CompTIA and many switches and WAPs support this port authentication.

Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google PlayGet it on the App Store
Practice Labs and Exam Vouchers

Congratulations! You're taking the first step to getting certified. Get some hands on experience with available practice labs OR save some money, support Cybrary, and purchase discounted exam vouchers. Ready to earn your next industry certification? Join cyber security's largest community and start learning today.

JOIN CYBRARY

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel