Scribd
Upload
25 views5 pages

Network Topologies: WAN (Wide Area Network) : Description

The document outlines various network topologies including WAN, Data Center, SOHO, and Virtual Networks, detailing their descriptions and use cases. It emphasizes the importance of a Demilitarized Zone (DMZ) for enhanced security and controlled access, and explains the differences between intranet and extranet, as well as public and private networks. Additionally, it covers VLANs, AAA protocols, the advantages of SSH over Telnet, role-based privilege management, and common network attacks, highlighting the need for proper security measures.

Uploaded by

tanushshyam32
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
25 views5 pages

Network Topologies: WAN (Wide Area Network) : Description

The document outlines various network topologies including WAN, Data Center, SOHO, and Virtual Networks, detailing their descriptions and use cases. It emphasizes the importance of a Demilitarized Zone (DMZ) for enhanced security and controlled access, and explains the differences between intranet and extranet, as well as public and private networks. Additionally, it covers VLANs, AAA protocols, the advantages of SSH over Telnet, role-based privilege management, and common network attacks, highlighting the need for proper security measures.

Uploaded by

tanushshyam32
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Network Topologies

1.​ WAN (Wide Area Network):​

○​ Description: A WAN connects multiple LANs over large geographical distances,


often using leased telecommunication lines. It can span cities, countries, or
continents.​

○​ Use Case: Connecting branch offices of a corporation located in different cities.​

2.​ Data Center:​

○​ Description: A centralized facility that houses servers, storage systems, and


networking equipment to manage data and applications. Data centers provide
services such as hosting, cloud computing, and data storage.​

○​ Use Case: Hosting websites and applications for businesses.​

3.​ SOHO (Small Office/Home Office):​

○​ Description: Refers to small-scale office environments, typically with fewer than


10 employees. SOHO networks are designed for small businesses or remote
workers.​

○​ Use Case: A freelance graphic designer working from home.​

4.​ Virtual Networks:​

○​ Description: Virtual networks are created using software-defined networking


(SDN) technologies to segment traffic within physical networks. They allow for
flexible network management and resource allocation.​

○​ Use Case: Cloud service providers using virtual networks to isolate customer
environments.​

Importance of Demilitarized Zone (DMZ)


A DMZ is a perimeter network that separates an organization's internal network from untrusted
external networks, such as the internet. Its importance includes:
●​ Enhanced Security: It adds an extra layer of security by isolating public-facing services
(like web servers) from the internal network.​

●​ Controlled Access: Allows external users to access certain services while keeping the
internal network secure.​

●​ Reduced Risk of Attacks: If a service in the DMZ is compromised, the attacker has
limited access to the internal network.​

Intranet and Extranet


●​ Intranet:​

○​ A private network accessible only to an organization's employees, used for


internal communications and resource sharing.​

●​ Extranet:​

○​ An extension of the intranet that allows controlled access to external users, such
as partners or vendors, enabling collaboration while maintaining security.​

Public and Private Networks


●​ Public Network:​

○​ A network that is accessible to anyone, such as the internet. It is less secure due
to its open nature.​

●​ Private Network:​

○​ A restricted network used by an organization for internal communications. It is


more secure as it limits access to authorized users only.​

VLAN (Virtual Local Area Network)


●​ Description: A VLAN is a logical grouping of devices on a network that allows them to
communicate as if they were on the same physical network, regardless of their actual
location.​
●​ Uses:​

○​ Improved security by segmenting traffic.​

○​ Enhanced performance through reduced broadcast domains.​

●​ VLAN Hopping:​

○​ An attack where an attacker gains access to traffic on other VLANs that should
not be accessible.​

Types of VLAN Hopping


1.​ Double Tagging:​

○​ The attacker sends frames with two VLAN tags; the first tag is stripped off by the
switch, allowing the second tag to be processed by another VLAN.​

2.​ Switch Spoofing:​

○​ The attacker tricks the switch into thinking their device is a trunking switch,
allowing access to all VLANs.​

AAA (Authentication, Authorization, Accounting)


●​ Authentication: Verifying the identity of users trying to access a system.​

●​ Authorization: Determining what resources a user can access after authentication.​

●​ Accounting: Tracking user activity and resource usage for auditing purposes.​

Differences Between RADIUS and TACACS+


Feature RADIUS TACACS+

Protocol Type UDP TCP

Encryption Encrypts only password Encrypts entire payload

Authentication Method Supports PAP, CHAP Supports various methods


Multi-Service Support Primarily for network access Supports multiple services

Complexity Simpler configuration More complex but flexible

Telnet vs SSH
●​ Telnet:​

○​ An unencrypted protocol used for remote command-line interface access.​

●​ SSH (Secure Shell):​

○​ An encrypted protocol providing secure remote access and file transfer


capabilities.​

Why SSH is Better Than Telnet:

●​ SSH encrypts all data transmitted over the network, protecting against eavesdropping
and man-in-the-middle attacks, while Telnet transmits data in plain text.​

Role-Based Privilege
Role-based privilege management assigns access rights based on user roles within an
organization. This ensures that users have only the permissions necessary for their job
functions, enhancing security by minimizing unnecessary access.

Common Network Attacks


1.​ STP Attack (Spanning Tree Protocol Attack):​

○​ An attacker manipulates STP to create loops in the network or take over the role
of the root bridge, leading to broadcast storms and network downtime.​

2.​ ARP Attack (Address Resolution Protocol Attack):​

○​ An attacker sends false ARP messages to associate their MAC address with the
IP address of another device, allowing them to intercept traffic meant for that
device.​
3.​ DHCP Attack (Dynamic Host Configuration Protocol Attack):​

○​ An attacker sets up a rogue DHCP server on the network to assign incorrect IP


addresses or redirect traffic.​

4.​ CAM Overflow Attack:​

○​ An attacker floods a switch's Content Addressable Memory (CAM) table with fake
MAC addresses, causing legitimate traffic to be sent out of all ports, leading to
potential data interception.​

Each of these attacks can significantly compromise network security and integrity if not properly
mitigated through appropriate security measures and configurations.

Citations:

1.​ https://networklessons.com/switching/vlan-hopping
2.​ https://www.terminalworks.com/blog/post/2020/06/14/dmz-or-demilitarized-zone-for-netw
orking
3.​ https://www.techtarget.com/searchsecurity/definition/VLAN-hopping
4.​ https://www.diva-portal.org/smash/get/diva2:358209/FULLTEXT01.pdf
5.​ https://en.wikipedia.org/wiki/VLAN_hopping
6.​ https://www.fortinet.com/resources/cyberglossary/what-is-dmz
7.​ https://ccoe.dsci.in/blog/vlan-hopping-and-how-to-mitigate-an-attack
8.​ https://www.techtarget.com/searchsecurity/definition/DMZ

You might also like