Bridge : A bridge is a kind of repeater, but it has
some intelligence. It learns the layer 2 (MAC) addresses of
devices connected to it. This means that the bridge is smart
enough to know when to forward packets across to the segments
that it connects. Bridges can be used to reduce the size of
a collision domain or to connect networks of differing media/topologies,
such as connecting an Ethernet network to a Token Ring network.
Switch : A switch is essentially a multi-port bridge.
The switch learns the MAC addresses of each computer connected
to each of its ports. So, when a switch receives a packet, it
only forwards the packet out the port that is connected to the
destination MAC address. Remember that a hub sends the packet
out every port.
Router : A router works at the logical layer of the
IP stack. It is basically required to route packets from one
network (or subnet) to another network (or subnet). In the given
question, all the computers are within the same subnet and a
router is inappropriate.
Gateway : A gateway works at the top layers of the
TCP/IP stack. For example, a Gateway may be used to facilitate
communication between a Unix mail server and a Windows mail
Load Balancer : A load balancer is used to distribute
workload across multiple computers or a computer cluster. It
could be done by a dedicated hardware or software.
Proxies : proxies also called as proxy servers cache
website information for the clients, reducing the amount of
requests that need to be forwarded to the actual corresponding
web server on the Internet. These save time, use bandwidth efficiently
also help to secure the client connections.
VPN ( Virtual Private Network) : VPN is private network
formed using public Internet. It is formed between two hosts
using tunneling protocols such as PPTP, L2TP, etc. Using VPN,
you can connect two LANs in geographically distant locations
together, as if they were located in the same building. The
cost of connecting these LANs together is small since public
Internet is used for providing the WAN link.
1. The VPN can be implemented in any of the following
a. Gateway-to-gateway VPN: It is transparent to the
b. Gateway-to-host VPN
c. Host-to-gateway VPN
d. Host-to-host VPN :This configuration provides
the highest security for the data
The host-to-host configuration provides the highest
security for the data. However, a Gate-to-Gateway VPN
is transparent to the end users.
2. VPN concentrators allow for secure encrypted remote
3. Intranet: It is used by the employes within the organization.
4. Extranet : The customers and vendors of the company
use this for order processing,and inventory control on-line.
NIDS (Network Intrusion Detection System) : It is
a type of IDS (intrusion detection system) that Detects malicious
network activities. It constantly monitor the network traffic.
A honeypot or honeynet is used to attract and trap potential
attackers. Example Snort,
NIPS (Network Intrusion Prevention System) : It is
designed to inspect traffic, and based on its configuration
or security policy, it can remove, detain, or redirect malicious
traffic. It removes, detains, or redirects malicious traffic.
Example MacAfee Intrushield.
Protocol Analyzer And Packet Analyzer (Sniffer) :
These are loaded on a computer and are controlled by the user
in a GUI environment; they capture packets enabling the user
to analyze them and view their contents. Example Network Monitor
Spam filters : Spam filters will help to filter out
spam (unwanted e-mail). They can be configured in most e-mail
programs or can be implemented as part of an anti-malware package
Network firewalls : These are also called as packet
filters and these operate at low level of the TCP/IP stack.
These do not allow packets to pass through unless they meet
some established set of rules.
Application Firewall : It can control the traffic
associated with specific applications. These work on the application
layer of TCP/IP stack. These inspect each packet traveling to
and from an application like browser, telnet and block them
if they are improper according to set rules.
URL Filtering : URL filtering is used categorize the
websites on the internet. You can allow/block specific website
access to o the web users of the organization. This can be done
by referring to central database or by classifying the websites
in real time. URL filtering can also be made applicable only
during certain times of a day or days of a week, if required.
Content inspection : Content inspection is the process
in which user data is actively monitored for malicious elements,
and bad behaviour according to configured policies before allowing
or denying the content to pass through the gateway and enter
into the network. This prevents any confidential data going
outside the network.
1.2 Apply and implement secure network administration
All web applications such as Web servers, News servers, email
servers etc. need to be configured as secure as possible. This
can be achieved by
Removing all unnecessary services. These are the services
that are installed but not used. For example, you might
have installed TFTP, but not using it. It is better to remove
the application or service that is not used as it may provide
an opportunity to a hacker to abuse the resource.
Remove all unnecessary protocols: These are the protocols
that are installed but not used. For example, you might
have installed Novell Netware protocol but not necessary.
It is preferable to remove that protocol.
Enable server and application logs: The logs provide
an opportunity to look into the activity on the server over
the past few hours or days. Check for any unusual activity
such as failed login attempts etc.
Secure router configuration : Before a router is put
on a network make sure you set a username and password for it.
Also, the password should be complex and difficult to crack.
Make sure you check all default settings and change them according
Access control lists (ACLs) :
ACL resides on a router, firewalls or computers and decides
who can access the network and who cannot. That means it enable
or deny traffic. It specify which user or group of users are
allowed what level of access on which resource. It makes use
of IP addresses and port numbers.
Port Security : It deals more with switches and the
restriction of MAC addresses that are allowed to access particular
802.1X : It is an IEEE standard that is known as port-based
Network Access Control (PNAC). It works on Data Link Layer.
It connect hosts to a LAN or WLAN. It also allows you to apply
a security control that ties physical ports to end-device MAC
addresses, and prevents additional devices from being connected
to the network.
Flood Guards : It can be implemented on some firewalls
and other devices. It tracks network traffic to identify scenarios
such as SYN, ping, port floods, etc. By reducing this tolerance,
it is possible to reduce the likelihood of a successful DoS
attack. If it looks that an resource is being overused, then
the flood guard comes in to picture.
Loop protection : To avoid loops, many network administrators
implement Spanning Tree Protocol in their switches. Loop protection
should be enabled on the switch to prevent the looping that
can occur when a person connects both ends of a network cable
to the same switch
Implicit deny : It requires that all access is denied
by default and access permissions are granted to specific resources
only when required. An implicit deny clause is implied at the
end of each ACL, and it means that if the provision in question
has not been explicitly granted, then it is denied.
Log Analysis : Log analysis is used to determine what
happened at a specific time on a particular system.