Objective 1.2 Flashcards
Compare and contrast networking appliances, applications, and functions. (23 cards)
Physical vs. Virtual Appliance
A physical appliance is a dedicated hardware device built for one purpose (e.g., a Cisco firewall).
A virtual appliance is the same software running in a virtual machine (VM) on a generic server or in the cloud.
They perform the same job, but one is hardware and one is software.
Router:
What is its primary function and at which OSI layer does it operate?
A Router connects different networks together.
It operates at Layer 3 (Network), using IP addresses to make decisions about the best path to forward a packet.
Switch:
What is its primary function and at which OSI layer does it operate?
A Switch connects devices within the same local network (LAN). It operates at Layer 2 (Data Link), using MAC addresses to forward a frame directly to the correct device port.
Router vs. Switch:
What is the most fundamental difference?
Switches create networks; Routers connect networks. A switch builds the local neighborhood of devices, while a router builds the roads and highways between all the different neighborhoods.
Scenario:
An office has 30 computers that need to communicate with each other and share a printer.
What device forms the core of this local network?
A Switch. It will create the LAN, allowing all 30 computers and the printer to communicate directly using their MAC addresses.
Scenario:
The 30 computers in the office now need to access the internet.
What device is needed to connect the local office network to the external internet network?
A Router. It will sit between the switch and the internet, routing traffic from the local IP addresses to the public IP addresses on the internet.
Firewall:
What is its primary function?
To act as a security barrier. It inspects network traffic and permits or denies it based on a set of security rules (an Access Control List). Its job is to enforce what traffic is allowed in or out of a network segment.
IDS (Intrusion Detection System):
What is its function and key characteristic?
An IDS monitors the network for malicious activity or policy violations. Its key characteristic is that it is passive; it only detects and creates an alert.
It does not stop the threat.
IPS (Intrusion Prevention System):
What is its function and key characteristic?
An IPS actively monitors the network, detects malicious activity, and then takes action to block or prevent the threat from succeeding.
It is an active system placed “in-line” with traffic.
What is a simple analogy for an IDS vs. an IPS?
An IDS is a security camera that sounds an alarm.
An IPS is a security guard who is watching the camera feed and can tackle an intruder at the door to stop them from entering.
Load Balancer:
What is its purpose?
To distribute incoming traffic across multiple backend servers (a “server farm”). This prevents any single server from becoming a bottleneck, ensuring high availability and reliability for applications.
Proxy Server:
What is its primary role?
To act as an intermediary for client requests. It forwards requests to the internet on behalf of clients, hiding the clients’ original IP addresses. For the external server, the request appears to come from the proxy itself.
What are two common corporate uses for a Proxy Server?
- Content Filtering: To block employees from accessing specific websites.
- Caching: To store (cache) frequently accessed web pages, reducing internet usage and speeding up access for users.
NAS (Network-Attached Storage):
How does it work and present data?
A simple, self-contained storage device connected to a standard network. It presents data at the file-level, meaning devices see it as a shared network folder (e.g., \\fileserver\share).
SAN (Storage Area Network):
How does it work and present data?
A complex, high-speed, dedicated network of storage devices. It presents data at the block-level, meaning a server’s operating system sees the storage as a local hard drive that it needs to format and manage.
What is the easiest way to remember the difference between NAS and SAN?
NAS is for sharing files.
SAN is for creating drives.
(NAS = Ethernet/File-level, SAN = Fibre Channel/Block-level)
Wireless Access Point (AP):
What is its role?
To act as a bridge between a wired Ethernet network and a wireless 802.11 network. It allows wireless clients (laptops, phones) to connect to the wired LAN.
Wireless Controller (WLC):
What problem does it solve?
It solves the problem of managing many APs at scale. A WLC allows administrators to centrally configure, manage, and monitor hundreds or thousands of APs from a single dashboard.
It is vastly more efficient than logging into each one individually.
CDN (Content Delivery Network):
What is its function?
A globally distributed network of servers that caches content (like images, videos, and scripts) close to end-users. When a user requests the content, it’s served from the nearest CDN server, dramatically reducing latency.
VPN Concentrator:
Why use this instead of a router’s built-in VPN?
A VPN Concentrator is a specialized, high-performance appliance built specifically to terminate thousands of simultaneous VPN tunnels. It’s used in large enterprises to support a massive remote workforce, where a standard router or firewall would be overwhelmed.
DNS (Domain Name System):
What is its core function?
To resolve human-friendly domain names (e.g., google.com) into the computer-friendly IP addresses (142.250.192.78) needed to route traffic on the internet.
It’s the “phone book of the internet.”
DHCP (Dynamic Host Configuration Protocol):
What four critical pieces of information does it provide?
It automatically provides a client device with its:
1. IP Address
2. Subnet Mask
3. Default Gateway
4. DNS Server(s)
Syslog Server:
What is its function and why is it critical for a SOC Analyst?
It provides a centralized location for collecting and storing log messages from all network devices. For a SOC Analyst, it is the primary tool for aggregating event data to investigate security incidents, hunt for threats, and perform forensic analysis across the entire network.
