1.

Core Components of Enterprise Network Architecture

a) Network Infrastructure

• This includes routers, switches, access points, and firewalls that connect all
devices.
• It ensures smooth data transfer between computers, servers, and the internet.

b) Network Devices

• Routers – Direct internet traffic between networks.

• Switches – Connect devices within a network.
• Access Points – Provide Wi-Fi connectivity.
• Firewalls – Protect networks from cyber threats.

c) Network Protocols

• Rules that control how data moves in a network.

• Examples: TCP/IP, HTTP, FTP, DNS, DHCP, ICMP.

2. Types of Enterprise Networks

a) LAN (Local Area Network)

• Connects computers within a small area (e.g., an office or building).

• Fast and reliable, but limited in range.

b) WAN (Wide Area Network)

• Connects multiple locations across cities or countries.

• Uses the internet or private leased lines.

c) WLAN (Wireless LAN)

• A Wi-Fi-based network inside an enterprise.

• Employees can connect wirelessly to the internet and company servers.

d) VPN (Virtual Private Network)

• Securely connects remote users to the company network over the internet.
• Helps employees work from anywhere safely.

e) SD-WAN (Software-Defined WAN)

• Uses software to manage and optimize network traffic.

• Improves security and reduces network costs.
ERP (Enterprise Resource Planning)

ERP stands for Enterprise Resource Planning. It is a software system that helps
businesses manage and automate their core processes in one place.

ERP integrates all business processes into one system, making operations smoother and more
efficient!

Key Functions of ERP

1. Finance & Accounting – Tracks company expenses, profits, and budgets.

2. Human Resources (HR) – Manages employee records, payroll, and recruitment.
3. Inventory Management – Keeps track of stock levels and supply chain.
4. Customer Relationship Management (CRM) – Manages customer interactions
and sales.
5. Manufacturing & Production – Streamlines production and supply chain.
6. Sales & Marketing – Automates sales tracking and marketing campaigns.

Examples of ERP Software

• SAP ERP
• Oracle ERP
• Microsoft Dynamics 365

Attack Surface

The attack surface is the total number of possible entry points where an attacker can try
to gain unauthorized access to a system, network, or application.

Types of Attack Surfaces:

1. Digital Attack Surface – Includes software vulnerabilities, exposed APIs, open

ports, and weak credentials.
2. Physical Attack Surface – Involves physical access to devices, like USB ports,
stolen laptops, or unauthorized entry.
3. Social Engineering Attack Surface – Uses human manipulation, like phishing
emails or fake calls, to gain access.

How Enterprise Technology is Managed

Managing enterprise technology means handling all the IT systems, software, and networks
that help a business run smoothly.
Typical Enterprise Network Zoning

Enterprise networks are divided into different zones for security, efficiency, and
management. Each zone serves a specific purpose and ensures that sensitive data is
protected while allowing necessary communication.

1. Internet Zone 🌍
• The outside world where users, customers, and threats exist.
• Everything outside the company’s private network, including websites, cloud
services, and external users.
• Risk Level: High – vulnerable to hacking, malware, and cyberattacks.
• Protection Methods: Firewalls, encryption, intrusion prevention systems (IPS).

2. DMZ (Demilitarized Zone) 🔥

• A buffer zone between the internet and the internal network.
• Hosts public-facing services like web servers, email servers, and VPN gateways.
• Risk Level: Medium – limited access to internal data, but still exposed.
• Protection Methods: Firewalls, limited access, intrusion detection systems (IDS).

3. Proxy Server Zone 🌐

• A middleman between internal users and the internet.
• Hides company IP addresses to prevent direct cyberattacks.
• Helps with content filtering (blocking harmful websites).
• Risk Level: Low – mainly used for monitoring and control.
• Protection Methods: Web filters, encryption, firewall integration.

4. Honeypot Zone 🎭
• A trap set up to attract hackers and study their attacks.
• Contains fake data that appears valuable but has no real business use.
• Risk Level: Intentional – designed to lure attackers.
• Protection Methods: Strict isolation, monitoring tools.
5. VPN Zone (Virtual Private Network) 🔒
• Securely connects remote users to the enterprise network.
• Encrypts internet traffic, making it unreadable to hackers.
• Risk Level: Low – only as secure as the users' devices.
• Protection Methods: Multi-factor authentication (MFA), strong encryption,
monitoring.

6. Intranet Zone 🏢
• The private network for employees only.
• Stores internal applications, databases, and communication tools.
• Risk Level: Low – access is controlled.
• Protection Methods: Role-based access control (RBAC), firewalls, monitoring.

7. Extranet Zone 🤝
• A shared network for business partners, vendors, and suppliers.
• Allows controlled access to specific enterprise data.
• Risk Level: Medium – external users have access, but with restrictions.
• Protection Methods: Access controls, VPN, monitoring.

8. Staff VPN Zone 👨‍💼

• Secure access for employees working remotely.
• Used for accessing emails, files, and company applications.
• Risk Level: Low to Medium – security depends on employee devices.
• Protection Methods: Endpoint security, multi-factor authentication (MFA), VPN
encryption.

9. Business VPN Zone 🏢🔒

• Used by companies to connect offices and branches securely.
• Creates a private communication channel over the public internet.
• Risk Level: Low – as long as encryption and security policies are enforced.
• Protection Methods: IPsec VPN, MPLS VPN, strong encryption.
10. Core Network Zone 💡
• The central backbone of the enterprise network.
• Connects all departments, data centers, and servers.
• Risk Level: Low to Medium – internal traffic only, but critical for operations.
• Protection Methods: Firewalls, access control, network segmentation.

11. Compliance Zone 📜

• Stores regulated and legally sensitive data (e.g., customer records, payment info).
• Used to meet security standards like GDPR, HIPAA, ISO 27001.
• Risk Level: High – data breaches here can cause legal issues.
• Protection Methods: Strong encryption, strict access control, security audits.

12. Security Management Zone 🛡️

• Manages firewalls, security policies, and incident response.
• Monitors threats and blocks suspicious activities.
• Risk Level: Low – but critical for overall security.
• Protection Methods: Access restrictions, network monitoring, strong
authentication.

13. SIEM (Security Information and Event Management)

Zone 📊
• Collects, analyzes, and alerts on security logs from all zones.
• Helps detect cyberattacks, insider threats, and suspicious activities.
• Risk Level: Low – only for monitoring.
• Protection Methods: AI-driven analytics, real-time alerts, automated response
tools.
Role of Routers in an Enterprise Network

Routers are essential devices in enterprise networks that manage data traffic, enhance
security, and ensure smooth communication between different network segments. They
work with various protocols, subnets, and subnetworks to optimize performance and
scalability.

1. Network Traffic Management 🚦

• Routers direct data packets between different networks, ensuring they reach the
correct destination.
• They use routing protocols like OSPF, BGP, and EIGRP to find the best path for
data transmission.

2. Subnetting and Subnet Management 🖧

• Subnetting divides a large network into smaller subnetworks (subnets) to
improve efficiency and security.
• Routers use subnet masks (e.g., 255.255.255.0) to differentiate between different
subnetworks.
• Subnets help isolate traffic, reduce congestion, and enhance security in enterprise
networks.

3. Routing Protocols & IP Addressing 🌍

Routers operate using different protocols to efficiently manage data flow:

➡️ Routing Protocols:

• OSPF (Open Shortest Path First) – Used for dynamic routing in large enterprise
networks.
• BGP (Border Gateway Protocol) – Manages data flow between different ISPs and
global networks.
• EIGRP (Enhanced Interior Gateway Routing Protocol) – Cisco’s proprietary
protocol for better efficiency.

➡️ IP Addressing & Subnets:

• IPv4 (e.g., 192.168.1.1) and IPv6 (e.g., 2001:db8::1) for device identification.
• Routers handle public and private IP addressing using Network Address
Translation (NAT).
4. Security and Firewall Protection 🔒
• Routers filter traffic using Access Control Lists (ACLs) to block unauthorized
access.
• Firewalls and Intrusion Detection Systems (IDS/IPS) help protect against cyber
threats.
• VPN (Virtual Private Network) support ensures secure remote access.

5. Load Balancing and Redundancy ⚖️

• Routers distribute network traffic using load balancing techniques.
• They provide redundancy with protocols like HSRP (Hot Standby Router
Protocol) to ensure uptime.

6. Network Address Translation (NAT) 📡

• NAT allows multiple devices to share a single public IP address.
• PAT (Port Address Translation) enables multiple devices to communicate using
unique port numbers.

Types of Servers in an Enterprise Network

Enterprise networks use different types of servers to manage various functions, ensuring
efficiency, security, and smooth communication. Here’s a breakdown of the key server
types:

1. Web Servers 🌐
• Function: Hosts websites and web applications.
• Example Software: Apache, Nginx, Microsoft IIS.
• Usage: Handles HTTP/HTTPS requests, delivers web pages, and manages dynamic
content.
2. Database Servers 🗄️
• Function: Stores and manages structured data for applications.
• Example Software: MySQL, PostgreSQL, Microsoft SQL Server, Oracle DB.
• Usage: Supports web apps, ERP systems, analytics, and data storage.

3. File Servers 📂
• Function: Centralized storage for sharing files across the network.
• Example Software: Windows Server (File Services), Samba, NAS/SAN systems.
• Usage: Allows users to store, access, and collaborate on files securely.

4. Mail Servers 📧
• Function: Manages sending, receiving, and storing emails.
• Example Software: Microsoft Exchange, Postfix, Zimbra, Sendmail.
• Usage: Ensures business email communication and supports IMAP/SMTP/POP3
protocols.

5. DNS and DHCP Servers 🏷️

📌 DNS Server (Domain Name System)

• Function: Translates domain names (e.g., google.com) into IP addresses.

• Example Software: BIND, Microsoft DNS, Google Public DNS.

📌 DHCP Server (Dynamic Host Configuration Protocol)

• Function: Assigns IP addresses to devices dynamically.

• Example Software: Microsoft DHCP Server, ISC DHCP.
• Usage: Helps in managing IP addressing automatically across the enterprise.

6. Identity & Access Management (IAM) Servers 🔑

• Function: Controls user authentication and access permissions.
 • Example Software: Microsoft Active Directory (AD), LDAP, Okta, AWS IAM.
• Usage: Manages login credentials, single sign-on (SSO), and user roles.

7. Virtualization Servers 🖥️
• Function: Hosts multiple virtual machines (VMs) on a single physical server.
• Example Software: VMware ESXi, Microsoft Hyper-V, KVM, Proxmox.
• Usage: Reduces hardware costs, improves scalability, and supports cloud
computing.

Enterprise Network Defenses

Enterprise networks require strong security defenses to protect against cyber threats.
Three key components in enterprise network security are Firewalls, Web Application
Firewalls (WAF), and Monitoring & Detection systems. Let’s break them down:

1. Role of Firewalls 🔥
A firewall acts as a barrier between a trusted network (enterprise) and an untrusted
network (internet). It monitors and controls incoming and outgoing traffic based on
security rules.

Types of Firewalls:

✅ Network Firewalls – Protects entire networks by filtering traffic at the network level.
✅ Host-Based Firewalls – Installed on individual devices for added security.
✅ Next-Generation Firewalls (NGFWs) – Combines traditional firewall functions with
deep packet inspection, intrusion prevention, and application control.

Firewall Functions:

🔹 Blocks unauthorized access (e.g., hackers, malware, DDoS attacks).

🔹 Enforces security policies using Access Control Lists (ACLs).
🔹 Filters network traffic based on IP, ports, and protocols.
🔹 Prevents external threats from compromising internal networks.

🔹 Example Firewalls: Cisco ASA, Palo Alto, Fortinet, pfSense, Check Point.
2. Role of Web Application Firewalls (WAF) 🌐🔥
A Web Application Firewall (WAF) is designed to protect web applications from attacks
like SQL injection, Cross-Site Scripting (XSS), and API abuse.

WAF Features & Functions:

✅ Inspects HTTP/HTTPS traffic to block malicious requests.

✅ Protects against OWASP Top 10 vulnerabilities (like SQL injection and XSS).
✅ Blocks bot attacks that try to scrape or brute-force login credentials.
✅ Works with Content Delivery Networks (CDNs) to secure traffic globally.

🔹 Example WAFs: Cloudflare WAF, AWS WAF, F5, Imperva, ModSecurity.

3. Monitoring & Detection Systems 👀🔍

To detect and respond to threats in real time, enterprises use security monitoring and
detection tools.

Key Security Monitoring Technologies:

✅ Intrusion Detection System (IDS) & Intrusion Prevention System (IPS)

• IDS: Detects suspicious activity but doesn’t block it.

• IPS: Detects and actively blocks threats.
• Example: Snort, Suricata, Cisco Firepower.

✅ Security Information and Event Management (SIEM)

• Collects, analyzes, and correlates security logs from firewalls, servers, and
endpoints.
• Helps detect advanced threats and suspicious behavior.
• Example: Splunk, IBM QRadar, Microsoft Sentinel, ELK Stack.

✅ Endpoint Detection and Response (EDR)

• Monitors endpoint activity to detect malware, ransomware, and insider threats.

• Example: CrowdStrike, SentinelOne, Microsoft Defender.

✅ Network Traffic Analysis (NTA)

• Detects unusual network behavior and potential data exfiltration.

• Example: Darktrace, Corelight, Vectra AI.
How Enterprise Data is Stored: Understanding Storage
Technologies
Enterprises use various storage solutions to store, manage, and access data efficiently.
Below are the main storage methods used in enterprises:

1. Direct Attached Storage (DAS) 📂

DAS is physically connected to a single server or computer and does not require a
network.

Features & Uses:

✅ High-speed access since data is directly attached.

✅ Simple and cost-effective for small businesses.
✅ Used in local file storage, backups, and boot drives.
✅ Examples: Internal SSDs/HDDs, USB drives, External Hard Drives.

Limitations:

❌ Not easily shareable across multiple devices.

❌ Limited scalability.

2. Network Attached Storage (NAS) 🌐📁

NAS is a dedicated storage device connected to a network, allowing multiple users to
access files.

Features & Uses:

✅ Centralized storage, accessible over the network.

✅ Supports multiple users and devices (great for file sharing).
✅ Provides RAID (Redundant Array of Independent Disks) for data redundancy.
✅ Used for enterprise file sharing, backups, and media storage.
✅ Examples: Synology NAS, QNAP, Dell PowerScale, NetApp NAS.

Limitations:
❌ Can become slow under heavy traffic.
❌ Less efficient for large-scale databases.

3. Storage Area Network (SAN) 🖧💾

SAN is a high-speed network dedicated to storage devices and servers, providing block-
level access.

Features & Uses:

✅ Fast and reliable, ideal for enterprise databases and applications.

✅ Used in data centers, cloud storage, and virtualization.
✅ Supports Fiber Channel (FC), iSCSI (Internet Small Computer Systems Interface),
and NVMe-over-Fabric for high-speed access.
✅ Examples: Dell EMC SAN, HPE 3PAR, IBM Storage Systems.

Limitations:

❌ Expensive to set up and maintain.

❌ Requires specialized management.

4. Storage Virtualization 🖥️☁️

Storage virtualization creates a single virtual storage pool by combining multiple physical
storage devices.

Features & Uses:

✅ Allows efficient resource management and scalability.

✅ Reduces hardware dependency.
✅ Used in cloud computing, virtualized servers, and enterprise IT infrastructure.
✅ Examples: VMware vSAN, Nutanix, IBM Spectrum Virtualize.

Limitations:

❌ Requires advanced configuration.

❌ Performance depends on network and hardware.

5. Cloud Storage ☁️💾

Cloud storage stores data in remote data centers, accessible via the internet.

Features & Uses:

✅ Scalable and cost-effective, with pay-as-you-go pricing.

✅ Provides data redundancy and disaster recovery.
✅ Used for backup, collaboration, enterprise applications, and AI/ML workloads.
✅ Examples: AWS S3, Google Cloud Storage, Microsoft Azure Blob Storage.

Limitations:

❌ Dependent on internet connectivity.

❌ Security and compliance concerns for sensitive data.

Comparison Table 🏆
Storage Type Access Best for Pros Cons

Small businesses, Not shareable,

DAS Local Fast, simple
personal use limited scalability

Centralized, easy to Slower than SAN,

NAS Network File sharing, backups
use network-dependent

Fast, scalable,
High-speed Enterprise databases, Expensive, complex
SAN supports large
network cloud setup
applications

Storage Cloud computing, Requires expertise,

Network Efficient, flexible
Virtualization virtual environments network-dependent

Scalable enterprise Redundant, pay-per- Internet-dependent,

Cloud Storage Internet
storage use, remote access security concerns