communication, digital, computer-4871245.jpg

CEH Preparation Series: Various Network Architectures

Introduction

There are a variety of computer network architectures, but all share some common features. A computer network is a system of interconnected computers that can share data and resources.

Networks can be classified by the type of topology they use. The most common types of topologies are bus, star, and mesh. Networks can also be classified by the type of protocol they use. The most common types of protocols are TCP/IP and Ethernet.

A network architecture may be created by combining the topology with data flows and other network features.

A network design may include security enclaves as well as protocols and the places where they are employed. Other considerations include the possibility of working in numerous places.

Other aspects of security, such as isolation, should be taken into account. This might include classifying systems depending on how often they are used and how much danger they pose.

If a system is required to have direct Internet access, which means external users will connect to it on a regular basis, it should be kept separate and safeguarded from other systems, including those containing users or sensitive data.

Different Computer Network Types

Computer networks come in a variety of types, each with its own advantages and disadvantages. The most common types of computer networks are local area networks (LANs), wide area networks (WANs), and the Internet.

We will classify network types based on their geographic location. It’s good to see logical schematics, but they don’t give you an idea of where everything is.

If you look at a logical diagram, you can think that two systems are near when they are really thousands of kilometers away. As a result of contemporary network technology, you may have systems that are hundreds of miles away seem to be on the same physical network segment together.

As a result, we can categorize networks according to their geographical location.

Networking in the Local Area (LAN)

A local area network, or LAN, is exactly what it sounds like: a network of computers connected together. Since everything is on a single computer, it is quite unlikely that any of the systems are remotely located.

In other words, both systems are in the same broadcast or collision domain, which means they may interact directly at layer 2 without the need for a route.

However, it is possible that they aren’t utilizing layer 2 at all. This would need the routing of traffic between the two network portions, which would be a problem.

Networking in a virtual space (VLAN)

Layer 2 isolation is accomplished by software/firmware in a VLAN, as opposed to physically in a traditional LAN. Switches may be divided into distinct networks (VLANs) in this way, allowing one network segment to house certain systems and another to house them (VLAN).

Layer 3 boundaries must be crossed in order for traffic to go from one VLAN to another (router). This kind of segmentation helps to keep the network running smoothly.

Helps with network logical structure so that traffic regulations may be executed uniformly across all VLANs. Finally, there are certain security concerns to be aware of. You may use a firewall to separate your network portions using a VLAN.

There are host-based firewalls, however maintaining a single network firewall and restricting traffic according to the requirements of each network to cross the layer 3 barrier is significantly more convenient and manageable.

WAN

There are nodes in the WAN that are less than around 10 miles apart. Internet service providers all have a wide area network (WAN) Businesses may also use WANs to connect their various office locations through network connections.

Connecting geographically scattered places is possible through a variety of means, from VPNs and private network circuits to simple tunneling of traffic without encryption, as would be the case with a virtual private network.

MAN

There is a man sitting in the middle of two networks. If a corporation has a large campus with many buildings, you can come across this.

There would be a LAN (or many LANs) in each building, but the LANs connecting all the buildings would be connected by a single MAN.

If a city had a network of interconnected offices and buildings distributed over the city, the same would be true. It would take a man to make such connections. Basically, a MAN is anything smaller than a WAN yet stretched across a greater geographic region than a LAN.

Computer Network Isolation

In order to increase security, a computer network might be partitioned off into several pieces. Preventing unwanted access and safeguarding sensitive data may be accomplished by separating sensitive networks from unprotected ones.

It is critical to understand the idea of network isolation. The separation of network components to safeguard sensitive information is a generally accepted practice.

It might also be used to distinguish between systems that are only accessible from inside an organization and those that are not. Isolation may be achieved in a variety of ways.

A demilitarized zone is a typical strategy (DMZ). Untrusted systems should be put in this network section. A firewall or access control lists might restrict who has access to this part of the network. The DMZ may include systems such as the web server.

An email gateway may also be found here, which filters incoming emails before they are sent to the internal email server. A DMZ may be used to separate untrusted computers from the rest of the network in a variety of ways.

If anybody on the Internet can get into an untrusted system, then that system is vulnerable to attack because of the service that is being exposed. Access to internal systems is restricted by means of firewalls and/or access control lists.

System within the DMZ can’t communicate with systems inside the organization, as a result of the firewall.

As part of network isolation and strong access control, the use of a DMZ is required. Without the need for firewall rules or access control lists, a network segmentation may separate a variety of systems.

As you can see, in addition to the desktop networks, there are additional network segments for internal servers. One or more more network segments may exist. They would all have varying degrees of trust in each other.

There may also be a “guest” network that suppliers and other visitors may connect to, but they will not have access to the company’s internal systems on that network.

Remote Access Technologies

Computer remote access is the ability to control a computer from a remote location. This can be done through a variety of means, including through the use of a remote desktop application, or by logging in to the computer remotely through a web browser.

Modems and dialup connection used to be the primary means of achieving remote access. There was a time when employees who worked from home could not use company resources, but those days are long gone.

Remote access, on the other hand, is increasingly done through the Internet these days. Instead of using the open Internet for this purpose, encryption would be used.

Remote users may connect to an organization’s internal network via virtual private networks (VPNs). However, not all VPNs are made equal. This remote access may be done in a variety of ways.

Remote access may be a satellite office in certain instances. In such instance, a private, direct connection between locations may not be necessary.

As an alternative, the network provider may provide a service inside their network to go from one place to another.

For example, Multiprotocol Label Switching (MPLS) may be used to do this. An MPLS label encapsulates traffic and switches it between locations, creating what amounts to a tunnel from one place to another.

User-to-network connection is required more often, at least in terms of volume. In this case, too, there are a variety of options for completing the job.

One method, which has been in use for decades, was part of the development of IPv6. Extensions provided by the Internet Protocol Security (IPSec) allow for the encryption of data sent between two locations.

Encryption, message authentication, and user authentication are only a few of the features provided by IPSec. To deploy IPSec over IPv4 networks, another technique must be used. IPSec is not part of IPv4. As a result, the network stack must be modified to capture the transmitted traffic and then suitable IPSec rules must be applied.

Using a technology that most people are already acquainted with, another form of VPN connection may be established.

Encryption for online traffic now relies on Transport Layer Security (TLS) rather than Secure Sockets Layer (SSL) (SSL). A well-known encryption technology, such as 256-bit AES, means that many firms already have the infrastructure in place to operate this form of VPN.

In addition, a web browser is used to set up the VPN rather than a more cumbersome program.

Summary

A computer network is a system of interconnected computers. Networks can be classified by the type of topology they use. Common types of computer networks are local area networks, wide area networks (WANs), and the Internet.

The most common types of topologies are bus, star, and mesh. Layer 2 isolation is accomplished by software/firmware in a VLAN, as opposed to physically in a traditional LAN.

Layer 3 boundaries must be crossed in order for traffic to go from one VLAN to another (router) This kind of segmentation helps to keep the network running smoothly. Isolation may be achieved in a variety of ways. A demilitarized zone (DMZ) may be used to separate untrusted computers from the rest of the network. Access to internal systems is restricted by means of firewalls and/or access control lists.

Leave a Comment

Shopping Cart