Author: Valter Popeskic

In short, implementation of VLANs is in a way like breaking switches in more parts. When we take a normal switch, let’s say cisco one, it has all the ports configured in a way that every computer from one port can connect to any other computer connected to any other port on that switch. If we implement two VLANs on the switch, the computers connected to ports that are in the same VLANs will function normally and will be able to communicate without knowing that the VLANs are existing on the switch. But if we connect one computer to the port in VLAN 1 and some other computer to port in VLAN 90 these two computers will act like they are connected to different switches.

The Control of Broadcast

In every network where data is sent over to some node broadcasts take place, there are three things upon which the frequency of broadcast depends:

• Kind of protocol
• Type of the running functions and various applications on the internetwork
• The way these services are utilized.

The design of layer-2 switched network is somewhat like flat network. Each and every device on the newtork can see the transmission of every broadcast packet even if it does not need to receive the data.

The Structure of Flat Network

The routers permit the broadcasting within the originating network only but it does switch forward the broadcasts in each and every compartment or segment. It is called flat network not because of its flat design but due to the reason that it has a single broadcast domain. As shown in the figure the broadcasting by Host A is forwarded to all the ports on all switches leaving the port that received it in the beginning.

In the second figure you can see a switched network sending frame with Host A and Host D as its terminal/destination. You can notice that the frame has forwarded out only the port where the Host D is situated. This is a great advancement if you compare it with old hub networks but if you want one collision domain by default then you may not like it.  

IPSec is basically a way to secure the data transfer between computers. IPSec is making data traffic between two nodes secure by making these things:

• Data Authentication
  • Authentication – The packets can be spoofed and not sent from the place they seem they are sent. Data origin authentication can be provided with configuration of IPSec. IPSec will enable us to ensure that received packet from a trusted party is really originating from that party.
  • Data integrity – IPSec can be configured to secure that the data packet are not changed when they are crossing the network.
  • Anti-replay protection – IPSec is able to check that the packets received are not duplicates of previous data packets.
• Encryption
  • IPSec is a technology that enables you to encrypt network data so that it cannot be captured and used by unauthorized persons.

Circuit-level firewalls are ok but if you want to make your network more secure these firewalls will not be enough for you. Better line of defense is to use new kind of firewall that are making deeper packet analyze, application layer firewalls. Application layer firewalls, also called application gateways or proxy firewalls. These firewalls are filtering traffic at 3, 4, 5, 7 OSI layer.