2.2 Network Design Elements & Components
In section 2.2, you’re looking to know the main differences between various network design elements and components. You should know that when creating a network security policy, you have to have a set list of procedures to follow in order to defend each and every user from data loss and harm. This means implementing proper security elements such as firewalls, VLANS, and so on. You’ll want to know what these elements and components can do for your network’s security.
- · DMZ – Demilitarized zone is a small network between the internal and the Internet. It allows outside users to have access to information said to be necessary but will not share internal information. Basically outside users can access data, but none of the data will be internal. This way your network has a shield of privacy and security. Many network engineers opt to put mail and web servers on the DMZ since they are often exposed to the internet. But this calls for upkeep with patches and further hardening.
- · NAC – Network Access Control. NAC is extremely effective in protecting networks from malicious hosts by ensuring proper configuration on computers. NAC will examine a computer and based on the results it gets, will either grant or not grant access to the network. Computes that aren’t given access are often times put on a guest VLAN or redirected to a different server. Know what the access requestor, policy decision point, and policy enforcement point are. Be aware of integrating NAC inline, switch based, host based, and out-of-band.
- · VLAN – Virtual Local Area Network is used to combine network nodes into the same broadcast domain without worrying about physical attachment. Can be used to reduce the amount of broadcast traffic in a switched network because it can create multiple isolated LANS.
- · NAT – Network address translation is a liaison that works between the Internet and an internal network. NAT lets many computers connect to the Internet by using a single IP address. This way, the internal network is hidden from the outside world because it uses a private IP address.
Also make note of network interconnections, subnetting, and telephony. Remember, this section is all about how you can use these various items to boost network security.
Going along with network security, many companies have opted to include built-in security features for networks. NETGEAR, a popular networking company, has added to its ProSafe Plus Switch line with models that have QoS prioritization for both voice and video traffic as well as VLAN configuration. The switches also offer protection against DoS attacks.
GetCertify4Less and GetCertified4Less
No comments:
Post a Comment