Which network infrastructure might an organization use to provide secure and safe access to individuals who work for a different organization but requ?

Many different components are required to allow a network to provide services and resources. These various components work together to ensure that resources are delivered in an efficient manner to those requiring the services.

Network Components (1.2.1)

Different network components are used within the network to provide services and resources. These various components work together to ensure that resources are delivered in an efficient manner to those requiring the services.

Overview of Network Components (1.2.1.1)

The path that a message takes from source to destination can be as simple as a single cable connecting one computer to another or as complex as a collection of networks that literally spans the globe. This network infrastructure provides the stable and reliable channel over which these communications occur.

The network infrastructure contains three categories of network components, as shown in Figures 1-4, 1-5, and 1-6.

Figure 1-4 Devices

Figure 1-5 Media

Figure 1-6 Services

Devices and media are the physical elements, or hardware, of the network. Hardware is often the visible components of the network platform such as a laptop, PC, switch, router, wireless access point, or the cabling used to connect the devices.

Services include many of the common network applications people use every day, like email hosting services and web hosting services. Processes provide the functionality that directs and moves the messages through the network. Processes are less obvious to us but are critical to the operation of networks.

End Devices (1.2.1.2)

The network devices that people are most familiar with are called end devices. Some examples of end devices are shown in Figure 1-7.

Figure 1-7 Examples of End Devices

An end device is either the source or destination of a message transmitted over the network. To distinguish one end device from another, each end device on a network is identified by an address. When an end device initiates communication, it uses the address of the destination end device to specify where the message should be sent. Devices between the source and destination are responsible for choosing the best path and forwarding messages sent between end devices, as shown in Figure 1-8.

Figure 1-8 End Devices Communicate Across the Internetwork

Intermediary Network Devices (1.2.1.3)

Intermediary devices connect the individual end devices to the network and can connect multiple individual networks to form an internetwork. These intermediary devices provide connectivity and ensure that data flows across the network.

Intermediary devices use the destination end device address, in conjunction with information about the network interconnections, to determine the path that messages should take through the network, as shown in Figure 1-8.

Examples of the more common intermediary devices are shown in Figure 1-9.

Figure 1-9 Examples of Intermediary Devices

Intermediary network devices perform some or all of these functions:

• Regenerate and retransmit data signals

• Maintain information about what pathways exist through the network and internetwork

• Notify other devices of errors and communication failures

• Direct data along alternate pathways where there is a link failure

• Classify and direct messages according to priorities

• Permit or deny the flow of data, based on security settings

Network Media (1.2.1.4)

Communication across a network is carried on a medium. The medium provides the channel over which the message travels from source to destination.

Modern networks primarily use three types of media to interconnect devices and to provide the pathway over which data can be transmitted. As shown in Figure 1-10, these media are

• Metallic wires within cables – data is encoded into electrical impulses

• Glass or plastic fibers (fiber optic cable) – data is encoded as pulses of light

• Wireless transmission – data is encoded using wavelengths from the electromagnetic spectrum

Figure 1-10 Examples of Network Media

Different types of network media have different features and benefits. Not all network media have the same characteristics, nor are they all appropriate for the same purpose.

Criteria to consider when choosing network media includes the following:

• What is the maximum distance that the media can successfully carry a signal?

• Into what type of environment will the media be installed?

• What is the amount of data and the speed at which it must be transmitted?

• What is the cost of the media and installation?

Network Representations (1.2.1.5)

Diagrams of networks often use symbols, like those shown in Figure 1-11, to represent the different devices and connections that make up a network.

Figure 1-11 Common Icons Use to Represent Network Devices

A diagram provides an easy way to understand how devices in a large network are connected. This type of “picture” of a network is known as a topology diagram. The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used when discussing how each of these devices and media connect to each other. Important terms to remember are

• Network Interface Card – A NIC, or LAN adapter, provides the physical connection to the network at the PC or other end device. The media that are connecting the PC to the networking device plug directly into the NIC (Figure 1-12).

  

  Figure 1-12 Network Interface Card

• Physical Port – A connector or outlet on a networking device where the media is connected to an end device or another networking device.

• Interface – Specialized ports on a networking device that connect to individual networks. Because routers are used to interconnect networks, the ports on a router are referred to as network interfaces.

Topology Diagrams (1.2.1.6)

Topology diagrams are mandatory for anyone working with a network. They provide a visual map of how the network is connected.

There are two types of topology diagrams:

• Physical topology diagrams – Identify the physical location of intermediary devices and cable installation (Figure 1-13).

  

  Figure 1-13 Physical Topology

• Logical topology diagrams – Identify devices, ports, and addressing scheme (Figure 1-14).

  

  Figure 1-14 Logical Topology

The topologies shown in the physical and logical diagrams are appropriate for your level of understanding at this point in the course. Search the Internet for “network topology diagrams” to see some more complex examples. If you add the “Cisco” to your search phrase, you will find many topologies using similar icons to what you have seen in this chapter.

Activity 1.2.1.7: Network Component Representations and Functions

Go to the online course to perform this practice activity.

LANs and WANs (1.2.2)

Network infrastructures can be differentiated is various ways. Two of the most common types of network infrastructures are LANs and WANs.

Types of Networks (1.2.2.1)

Network infrastructures can vary greatly in terms of

• Size of the area covered

• Number of users connected

• Number and types of services available

• Area of responsibility

Figure 1-15 illustrates the two most common types of network infrastructures

Figure 1-15 LANs and WANs

• Local Area Network (LAN) – A network infrastructure that provides access to users and end devices in a small geographical area, which is typically an enterprise, home, or small business network owned and managed by an individual or IT department.

• Wide Area Network (WAN) – A network infrastructure that provides access to other networks over a wide geographical area, which is typically owned and managed by a telecommunications service provider.

Play the video to watch Cisco’s Jimmy Ray Purser explains the difference between LAN and WAN.

Go to the online course to view this video.

Other types of networks include

• Metropolitan Area Network (MAN) – A network infrastructure that spans a physical area larger than a LAN but smaller than a WAN (e.g., a city). MANs are typically operated by a single entity such as a large organization.

• Wireless LAN (WLAN) – Similar to a LAN but wirelessly interconnects users and end points in a small geographical area.

• Storage Area Network (SAN) – A network infrastructure designed to support file servers and provide data storage, retrieval, and replication.

Local Area Networks (1.2.2.2)

LANs are a network infrastructure that spans a small geographical area, as shown in Figure 1-16.

Figure 1-16 Example of a LAN

Specific features of LANs include

• LANs interconnect end devices in a limited area such as a home, school, office building, or campus.

• A LAN is usually administered by a single organization or individual.

• LANs provide high-speed bandwidth to internal end devices and intermediary devices.

Wide Area Networks (1.2.2.3)

WANs are a network infrastructure that spans a wide geographical area, as shown in Figure 1-17. WANs are typically managed by service providers (SP) or Internet Service Providers (ISP).

Figure 1-17 Example of a WAN

Specific features of WANs include

• WANs interconnect LANs over wide geographical areas such as between cities, states, provinces, countries, or continents.

• WANs are usually administered by multiple service providers.

• WANs typically provide slower-speed links between LANs.

The Internet, Intranets, and Extranets (1.2.3)

Most individuals need to communicate with a resource on another network, outside of the local network within the home, campus, or organization. This is done using the Internet.

The Internet (1.2.3.1)

The Internet is a worldwide collection of interconnected networks (internetworks or internet for short). Figure 1-18 one way to view the Internet as a collection of interconnected LANs and WANs.

Figure 1-18 Collection of Interconnected LANs and WANs

Some of the LAN examples are connected to each other through a WAN connection. WANs are then connected to each other. The red WAN connection lines represent all the varieties of ways we connect networks. WANs can connect through copper wires, fiber optic cables, and wireless transmissions (not shown).

The Internet is not owned by any individual or group. Ensuring effective communication across this diverse infrastructure requires the application of consistent and commonly recognized technologies and standards as well as the cooperation of many network administration agencies. There are organizations that have been developed for the purpose of helping to maintain structure and standardization of Internet protocols and processes. These organizations include the Internet Engineering Task Force (IETF), Internet Corporation for Assigned Names and Numbers (ICANN), and the Internet Architecture Board (IAB), plus many others.

Intranets and Extranets (1.2.3.2)

There are two other terms that are similar to the term Internet:

Figure 1-19 shows the relationship of the Internet, extranets, and intranets.

Figure 1-19 Internet, Extranet, and Intranet

Intranet is a term often used to refer to a private connection of LANs and WANs that belongs to an organization and is designed to be accessible only by the organization’s members, employees, or others with authorization.

An organization may use an extranet to provide secure and safe access to individuals who work for a different organization but require access to the organization’s data. Examples of extranets include

• A company that is providing access to outside suppliers and contractors.

• A hospital that is providing a booking system to doctors so they can make appointments for their patients.

• A local office of education that is providing budget and personnel information to the schools in its district.

Internet Connections (1.2.4)

The type of connection to the Internet will depend on the type of network being connected. A business network will usually require a connection with more bandwidth than a home network.

Internet Access Technologies (1.2.4.1)

There are many different ways to connect users and organizations to the Internet.

Home users, teleworkers (remote workers), and small offices typically require a connection to an Internet Service Provider (ISP) to access the Internet. Connection options vary greatly between ISP and geographical location. However, popular choices include broadband cable, broadband digital subscriber line (DSL), wireless WANs, and mobile services.

Organizations typically require access to other corporate sites and the Internet. Fast connections are required to support business services including IP phones, video conferencing, and data center storage.

Business-class interconnections are usually provided by service providers (SP). Popular business-class services include business DSL, leased lines, and Metro Ethernet.

Home and Small Office Internet Connections (1.2.4.2)

Figure 1-20 illustrates common connection options for small office and home office users.

Figure 1-20 Connection Options

• Cable – Typically offered by cable television service providers, the Internet data signal is carried on the same cable that delivers cable television. It provides a high bandwidth, always on, connection to the Internet.

• DSL – Digital Subscriber Lines provide a high bandwidth, always on, connection to the Internet. DSL runs over a telephone line. In general, small office and home office users connect using Asymmetrical DSL (ADSL), which means that the download speed is faster than the upload speed.

• Cellular – Cellular Internet access uses a cell phone network to connect. Wherever you can get a cellular signal, you can get cellular Internet access. Performance will be limited by the capabilities of the phone and the cell tower to which it is connected.

• Satellite – The availability of satellite Internet access is a real benefit in those areas that would otherwise have no Internet connectivity at all. Satellite dishes require a clear line of sight to the satellite.

• Dial-up Telephone – An inexpensive option that uses any phone line and a modem. The low bandwidth provided by a dial-up modem connection is usually not sufficient for large data transfer, although it is useful for mobile access while traveling.

Many homes and small offices are more commonly being connected directly with fiber optic cables. This enables an ISP to provide higher bandwidth speeds and support more services such as Internet, phone, and TV.

The choice of connection varies depending on geographical location and service provider availability.

Businesses Internet Connections (1.2.4.3)

Corporate connection options differ from home user options. Businesses may require higher bandwidth, dedicated bandwidth, and managed services. Connection options available differ depending on the type of service providers located nearby.

Figure 1-21 illustrates common connection options for businesses.

Figure 1-21 Typical Business Connection Options

• Dedicated Leased Line – Leased lines are actually reserved circuits within the service provider’s network that connect geographically separated offices for private voice and/or data networking. The circuits are typically rented at a monthly or yearly rate. They can be expensive.

• Ethernet WAN – Ethernet WANs extend LAN access technology into the WAN. Ethernet is a LAN technology you will learn about in a later chapter. The benefits of Ethernet are now being extended into the WAN.

• DSL – Business DSL is available in various formats. A popular choice is Symmetric Digital Subscriber Lines (SDSL), which is similar to the consumer version of DSL but provides uploads and downloads at the same speeds.

• Satellite – Similar to small office and home office users, satellite service can provide a connection when a wired solution is not available.

The choice of connection varies depending on geographical location and service provider availability.

Page 2

The network has become a platform for distributing a wide range of services to end users in a reliable, efficient, and secure manner.

Converged Networks (1.3.1)

Modern networks are constantly evolving to meet user demands. Today’s networks are used for data, phone, and video.

Traditional Separate Networks (1.3.1.1)

Consider a school built thirty years ago. Back then, some classrooms were cabled for the data network, telephone network, and video network for televisions. These separate networks could not communicate with each other, as shown in Figure 1-22.

Figure 1-22 Multiple Networks

Each network used different technologies to carry the communication signal. Each network had its own set of rules and standards to ensure successful communication.

The Converging Network (1.3.1.2)

Today, the separate data, telephone, and video networks are converging. Unlike dedicated networks, converged networks are capable of delivering data, voice, and video between many different types of devices over the same network infrastructure, as shown in Figure 1-23. This network infrastructure uses the same set of rules, agreements, and implementation standards.

Figure 1-23 Converged Networks

Reliable Network (1.3.2)

With our reliance on networks, certain precautions must be taken to ensure that the network functions as designed, even if things go wrong. Networks must be able to expand to meet the increased needs of an organization. The services provided by the network must be secure and provide the quality of service to meet the expectations of the organization.

Network Architecture (1.3.2.1)

Networks must support a wide range of applications and services as well as operate over many different types of cables and devices, which make up the physical infrastructure. The term network architecture, in this context, refers to the technologies that support the infrastructure and the programmed services and rules, or protocols, that move data across the network.

As networks evolve, we are discovering that there are four basic characteristics that the underlying architectures need to address in order to meet user expectations:

• Fault Tolerance

• Scalability

• Quality of Service (QoS)

• Security

Fault Tolerance (1.3.2.2)

The expectation is that the Internet is always available to the millions of users who rely on it. This requires a network architecture that is built to be fault tolerant. A fault-tolerant network is one that limits the impact of a failure, so that the fewest number of devices are affected. It is also built in a way that allows quick recovery when such a failure occurs. These networks depend on multiple paths between the source and destination of a message. If one path fails, the messages can be instantly sent over a different link. Having multiple paths to a destination is known as redundancy.

One way reliable networks provide redundancy is by implementing a packet-switched network. Packet switching splits traffic into packets that are routed over a shared network. A single message, such as an email or a video stream, is broken into multiple message blocks, called packets. Each packet has the necessary addressing information of the source and destination of the message. The routers within the network switch the packets based on the condition of the network at that moment. This means that all the packets in a single message could take very different paths to the destination. In Figure 1-24, the user is not aware and is unaffected by the router dynamically changing the route when a link fails.

Figure 1-24 Fault Tolerance

This is not the case in circuit-switched networks traditionally used for voice communications. A circuit-switched network is one that establishes a dedicated circuit between the source and destination before the users may communicate. If the call is unexpectedly terminated, the users must initiate a new connection.

Scalability (1.3.2.3)

A scalable network can expand quickly to support new users and applications without impacting the performance of the service being delivered to existing users. Figure 1-25 shows how a new network can be easily added to an existing network.

Figure 1-25 Scalability

In addition, networks are scalable because the designers follow accepted standards and protocols. This allows software and hardware vendors to focus on improving products and services without worrying about designing a new set of rules for operating within the network.

Quality of Service (1.3.2.4)

Quality of Service (QoS) is also an ever-increasing requirement of networks today. New applications available to users over internetworks, such as voice and live video transmissions, create higher expectations for the quality of the delivered services. Have you ever tried to watch a video with constant breaks and pauses? As data, voice, and video content continue to converge onto the same network, QoS becomes a primary mechanism for managing congestion and ensuring reliable delivery of content to all users.

Congestion occurs when the demand for bandwidth exceeds the amount available. Network bandwidth is measured in the number of bits that can be transmitted in a single second, or bits per second (bps). When simultaneous communications are attempted across the network, the demand for network bandwidth can exceed its availability, creating network congestion.

When the volume of traffic is greater than what can be transported across the network, devices queue, or hold, the packets in memory until resources become available to transmit them. In Figure 1-26, one user is requesting a web page and another is on a phone call. With a QoS policy in place, the router can manage the flow of data and voice traffic, giving priority to voice communications if the network experiences congestion.

Figure 1-26 Quality of Service (QoS)

Security (1.3.2.5)

The network infrastructure, services, and the data contained on network-attached devices are crucial personal and business assets. There are two types of network security concerns that must be addressed: network infrastructure security and information security.

Securing a network infrastructure includes the physical securing of devices that provide network connectivity, and preventing unauthorized access to the management software that resides on them, as shown in Figure 1-27.

Figure 1-27 Security

Information security refers to protecting the information contained within the packets being transmitted over the network and the information stored on network attached devices. In order to achieve the goals of network security, there are three primary requirements, as shown in Figure 1-28.

Figure 1-28 CIA Triad

• Confidentiality – Data confidentiality means that only the intended and authorized recipients can access and read data.

• Integrity – Data integrity means having the assurance that the information has not been altered in transmission, from origin to destination.

• Availability – Data availability means having the assurance of timely and reliable access to data services for authorized users.

Activity 1.3.2.6: Reliable Networks

Go to the online course to perform this practice activity.

Page 3

The network environment continues to evolve, providing new experiences and opportunities for end users. The network is now capable of delivering services and applications in a manner that couldn’t be imagined years ago.

Network Trends (1.4.1)

Just as the way we work, play, and learn impacts the network, the availability of a robust reliable network has an impact on our daily lives.

New Trends (1.4.1.1)

As new technologies and end user devices come to market, businesses and consumers must continue to adjust to this ever-changing environment. The role of the network is transforming to enable the connections between people, devices, and information. There are several new networking trends that will affect organizations and consumers. Some of the top trends include

• Bring Your Own Device (BYOD)

• Online collaboration

• Video communication

• Cloud computing

Bring Your Own Device (1.4.1.2)

The concept of any device, to any content, in any manner, is a major global trend that requires significant changes to the way devices are used. This trend is known as Bring Your Own Device (BYOD).

BYOD is about end users having the freedom to use personal tools to access information and communicate across a business or campus network. With the growth of consumer devices, and the related drop in cost, employees and students can be expected to have some of the most advanced computing and networking tools for personal use. These personal tools include laptops, netbooks, tablets, smartphones, and e-readers. These can be devices purchased by the company or school, purchased by the individual, or both.

BYOD means any device, with any ownership, used anywhere. For example, in the past, a student who needed to access the campus network or the Internet had to use one of the school’s computers. These devices were typically limited and seen as tools only for work done in the classroom or in the library. Extended connectivity through mobile and remote access to the campus network gives students tremendous flexibility and more learning opportunities for the student.

Online Collaboration (1.4.1.3)

Individuals want to connect to the network, not only for access to data applications, but also to collaborate with one another. Collaboration is defined as “the act of working with another or others on a joint project.” Collaboration tools, like Cisco WebEx shown in Figure 1-29, give employees, students, teachers, customers, and partners a way to instantly connect, interact, and achieve their objectives.

Figure 1-29 Cisco WebEx

For businesses, collaboration is a critical and strategic priority that organizations are using to remain competitive. Collaboration is also a priority in education. Students need to collaborate to assist each other in learning, to develop team skills used in the work force, and to work together on team-based projects.

Video Communication (1.4.1.4)

Another trend in networking that is critical to the communication and collaboration effort is video. Video is being used for communications, collaboration, and entertainment. Video calls can be made to and from anywhere with an Internet connection. Consider how many people are now using Skype or FaceTime to communicate with friends and family.

Video conferencing is a powerful tool for communicating with others at a distance, both locally and globally. Video is becoming a critical requirement for effective collaboration as organizations extend across geographic and cultural boundaries. Play the video to view how TelePresence can be incorporated into everyday life and business.

Go to the online course to view this video.

Cloud Computing (1.4.1.5)

Cloud computing is another global trend changing the way we access and store data. Cloud computing allows us to store personal files, even backup our entire hard disk drive on servers over the Internet. Applications such as word processing and photo editing can be accessed using the Cloud.

For businesses, Cloud computing extends IT’s capabilities without requiring investment in new infrastructure, training new personnel, or licensing new software. These services are available on demand and delivered economically to any device anywhere in the world without compromising security or function.

There are four primary types of Clouds, as shown in Figure 1-30.

Figure 1-30 Types of Clouds

• Private clouds – Cloud-based applications and services offered in a private cloud are intended for a specific organization or entity, such as the government. A private cloud can be set up using the organization’s private network, although this can be expensive to build and maintain. A private cloud can also be managed by an outside organization with strict access security.

• Public clouds – Cloud-based applications and services offered in a public cloud are made available to the general population. Services may be free or are offered on a pay-per-use model, such as paying for online storage. The public cloud uses the Internet to provide services.

• Hybrid clouds – A hybrid cloud is made up of two or more clouds (example: part custom, part public), where each part remains a distinctive object, but both are connected using a single architecture. Individuals on a hybrid cloud would be able to have degrees of access to various services based on user access rights.

• Custom clouds – These are clouds built to meet the needs of a specific industry, such as healthcare or media. Custom clouds can be private or public.

Cloud computing is possible because of data centers. A data center is a facility used to house computer systems and associated components. A data center can occupy one room of a building, one or more floors, or an entire building. Data centers are typically very expensive to build and maintain. For this reason, only large organizations use privately built data centers to house their data and provide services to users. Smaller organizations that cannot afford to maintain their own private data center can reduce the overall cost of ownership by leasing server and storage services from a larger data center organization in the Cloud.

Networking Technologies for the Home (1.4.2)

Today’s home networks are used in every aspect of our daily lives, for entertainment, education, communications, and business.

Technology Trends in the Home (1.4.2.1)

Networking trends are not only affecting the way we communicate at work and at school, but they are also changing just about every aspect of the home, as shown in Figure 1-31.

Figure 1-31 Smart Home Technology

The newest home trends include ‘smart home technology.’ Smart home technology is technology that is integrated into everyday appliances, allowing them to interconnect with other devices, making them more ‘smart’ or automated. For example, imagine being able to prepare a dish and place it in the oven for cooking prior to leaving the house for the day. Imagine if the oven was ‘aware’ of the dish it was cooking and was connected to your ‘calendar of events’ so that it could determine what time you should be available to eat, and adjust start times and length of cooking accordingly. It could even adjust cooking times and temperatures based on changes in schedule. Additionally, a smartphone or tablet connection allows the user the ability to connect to the oven directly to make any desired adjustments. When the dish is “available,” the oven sends an alert message to a specified end user device that the dish is done and warming.

This scenario is not far off in the future. In fact, smart home technology is currently being developed for all rooms within a house. Smart home technology will become more of a reality as home networking and high-speed Internet technology become more widespread. New home networking technologies are being developed daily to meet these types of growing technology needs.

Powerline Networking (1.4.2.2)

Powerline networking is an emerging trend for home networking that uses existing electrical wiring to connect devices, as shown in Figure 1-32.

Figure 1-32 Powerline Networking

The concept of “no new wires” means the ability to connect a device to the network wherever there is an electrical outlet. This saves the cost of installing data cables and without any additional cost to the electrical bill. Using the same wiring that delivers electricity, powerline networking sends information by sending data on certain frequencies.

Using a standard powerline adapter, devices can connect to the LAN wherever there is an electrical outlet. Powerline networking is especially useful when wireless access points cannot be used or cannot reach all the devices in the home. Powerline networking is not designed to be a substitute for dedicated cabling in data networks. However, it is an alternative when data network cables or wireless communications are not a viable option.

Wireless Broadband (1.4.2.3)

Connecting to the Internet is vital in smart home technology. DSL and cable are common technologies used to connect homes and small businesses to the Internet. However, wireless may be another option in many areas.

Wireless Internet Service Provider (WISP) is an ISP that connects subscribers to a designated access point or hot spot using similar wireless technologies found in home wireless local area networks (WLANs). WISPs are more commonly found in rural environments where DSL or cable services are not available.

Although a separate transmission tower may be installed for the antenna, it is common that the antenna is attached to an existing elevated structure, such as a water tower or a radio tower. A small dish or antenna is installed on the subscriber’s roof in range of the WISP transmitter. The subscriber’s access unit is connected to the wired network inside the home. From the perspective of the home user, the setup is not much different than DSL or cable service. The main difference is that the connection from the home to the ISP is wireless instead of a physical cable.

Another wireless solution for the home and small businesses is wireless broadband, as shown in Figure 1-33.

Figure 1-33 Wireless Broadband Service

This uses the same cellular technology used to access the Internet with a smart phone or tablet. An antenna is installed outside the house providing either wireless or wired connectivity for devices in the home. In many areas, home wireless broadband is competing directly with DSL and cable services.

Network Security (1.4.3)

For a network to be entrusted with the communications of personal and business information, that network must be secure.

Security Threats (1.4.3.1)

Network security is an integral part of computer networking, regardless of whether the network is limited to a home environment with a single connection to the Internet or as large as a corporation with thousands of users. The network security that is implemented must take into account the environment as well as the tools and requirements of the network. It must be able to secure data while still allowing for the quality of service that is expected of the network.

Securing a network involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Threat vectors may be external or internal. Many external network security threats today are spread over the Internet.

The most common external threats to networks include

• Viruses, worms, and Trojan horses – malicious software and arbitrary code running on a user device

• Spyware and adware – software installed on a user device that secretly collects information about the user

• Zero-day attacks, also called zero-hour attacks – an attack that occurs on the first day that a vulnerability becomes known

• Hacker attacks – an attack by a knowledgeable person to user devices or network resources

• Denial of service attacks – attacks designed to slow or crash applications and processes on a network device

• Data interception and theft – an attack to capture private information from an organization’s network

• Identity theft – an attack to steal the login credentials of a user in order to access private data

It is equally important to consider internal threats. There have been many studies that show that the most common data breaches happen because of internal users of the network. This can be attributed to lost or stolen devices, accidental misuse by employees, and in the business environment, even malicious employees. With the evolving BYOD strategies, corporate data is much more vulnerable. Therefore, when developing a security policy, it is important to address both external and internal security threats.

Security Solutions (1.4.3.2)

No single solution can protect the network from the variety of threats that exist, both internal and external, as shown in Figure 1-34.

Figure 1-34 Threats to Networks

For this reason, security should be implemented in multiple layers, using more than one security solution. If one security component fails to identify and protect the network, others still stand.

A home network security implementation is usually rather basic. It is generally implemented on the connecting end devices as well as at the point of connection to the Internet and can even rely on contracted services from the ISP.

In contrast, the network security implementation for a corporate network usually consists of many components built into the network to monitor and filter traffic. Ideally, all components work together, which minimizes maintenance and improves security.

Network security components for a home or small office network should include, at a minimum

• Antivirus and antispyware – These are used to protect end devices from becoming infected with malicious software.

• Firewall filtering – This is used to block unauthorized access to the network. This may include a host-based firewall system that is implemented to prevent unauthorized access to the end device or a basic filtering service on the home router to prevent unauthorized access from the outside world into the network.

In addition to the above, larger networks and corporate networks often have other security requirements:

• Dedicated firewall systems – These are used to provide more advanced firewall capabilities that can filter large amounts of traffic with more granularity.

• Access control lists (ACL) – These are used to further filter access and traffic forwarding.

• Intrusion prevention systems (IPS) – These are used to identify fast-spreading threats, such as zero-day or zero-hour attacks.

• Virtual private networks (VPN) – These are used to provide secure access to remote workers.

Network security requirements must take into account the network environment, as well as the various applications, and computing requirements. Both home environments and businesses must be able to secure their data while still allowing for the quality of service that is expected of each technology. Additionally, the security solution implemented must be adaptable to the growing and changing trends of the network.

The study of network security threats and mitigation techniques starts with a clear understanding of the underlying switching and routing infrastructure used to organize network services.

Activity 1.4.3.3: Network Security Terminology

Go to the online course to perform this practice activity.

Network Architecture (1.4.4)

[The role of the network has changed from a data-only network to a system that enables the connections of people, devices, and information in a media-rich, converged network environment. In order for networks to function efficiently and grow in this type of environment, the network must be built upon a standard network architecture.

Cisco Network Architecture (1.4.4.1)

The network architecture refers to the devices, connections, and products that are integrated to support the necessary technologies and applications. A well-planned network technology architecture helps ensure the connection of any device across any combination of networks. While ensuring connectivity, it also increases cost efficiency by integrating network security and management and improves business processes. At the foundation of all network architectures, and, in fact, at the foundation of the Internet itself, are routers and switches. Routers and switches transport data, voice, and video communications, as well as allow for wireless access, and provide for security.

Building networks that support our needs of today and the needs and trends of the future starts with a clear understanding of the underlying switching and routing infrastructure. After a basic routing and switching network infrastructure is built, individuals, small businesses, and organizations can grow their network over time, adding features and functionality in an integrated solution.

CCNA (1.4.4.2)

As the use of these integrated, expanding networks increases, so does the need for training for individuals who implement and manage network solutions. This training must begin with the routing and switching foundation. Achieving Cisco Certified Network Associate (CCNA) certification is the first step in helping an individual prepare for a career in networking. Other certifications beyond the Associate are also available, as shown in Figure 1-35.

Figure 1-35 Cisco Certification Hierarchy

CCNA certification validates an individual’s ability to install, configure, operate, and troubleshoot medium-size routed and switched networks, including implementation and verification of connections to remote sites in a WAN. CCNA curriculum also includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills. This CCNA curriculum includes the use of various protocols, such as Ethernet, VLANs, IPv4, IPv6, Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), access control lists (ACLs) and others.

This course helps set the stage for networking concepts and basic routing and switching configurations and is a start on your path toward CCNA certification.

Page 4

An entertaining resource to help you visualize networking concepts is the animated movie “Warriors of the Net” by TNG Media Lab. Before viewing the video, there are a few things to consider. In terms of concepts you have learned in this chapter, think about when, in the video, you are on the LAN, on the WAN, on the intranet, on the Internet, and what are end devices versus intermediate devices.

Although all animations often have simplifications in them, there is one outright error in the video. About 5 minutes in, the statement is made “What happens when Mr. IP doesn’t receive an acknowledgment, he simply sends a replacement packet.” This is not a function of the Layer 3 Internet Protocol, which is an “unreliable,” best effort delivery protocol, but rather a function of the transport layer TCP protocol. IP is explained in Chapter 6 and TCP is explained in Chapter 9.

Download the movie from http://www.warriorsofthe.net

Conclusion (1.5.1.3)

Networks and the Internet have changed the way we communicate, learn, work, and even play.

Networks come in all sizes. They can range from simple networks consisting of two computers to networks connecting millions of devices.

The Internet is the largest network in existence. In fact, the term Internet means a ‘network of networks.’ The Internet provides the services that enable us to connect and communicate with our families, friends, work, and interests.

The network infrastructure is the platform that supports the network. It provides the stable and reliable channel over which communication can occur. It is made up of network components including end devices, intermediate devices, and network media.

Networks must be reliable. This means the network must be fault tolerant, scalable, provide quality of service, and ensure security of the information and resources on the network. Network security is an integral part of computer networking, regardless of whether the network is limited to a home environment with a single connection to the Internet or as large as a corporation with thousands of users. No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers using more than one security solution.

The network infrastructure can vary greatly in terms of size, number of users, and number and types of services that are supported. The network infrastructure must grow and adjust to support the way the network is used. The routing and switching platform is the foundation of any network infrastructure.

This chapter focused on networking as a primary platform for supporting communication. The next chapter will introduce you to the Cisco Internetwork Operating System (IOS) used to enable routing and switching in a Cisco network environment.

Page 5

The following activities provide practice with the topics introduced in this chapter. The Labs and Class Activities are available in the companion Introduction to Networks v5.1 Lab Manual (ISBN 9781587133534). The Packet Tracer Activities PKA files are found in the online course.

10. Check Your Understanding Questions | Next Section Previous Section