Category: Networking

The design of layer-2 switched network is somewhat like flat network. Each and every device on the newtork can see the transmission of every broadcast packet even if it does not need to receive the data.

The Structure of Flat Network

The routers permit the broadcasting within the originating network only but it does switch forward the broadcasts in each and every compartment or segment. It is called flat network not because of its flat design but due to the reason that it has a single broadcast domain. As shown in the figure the broadcasting by Host A is forwarded to all the ports on all switches leaving the port that received it in the beginning.

In the second figure you can see a switched network sending frame with Host A and Host D as its terminal/destination. You can notice that the frame has forwarded out only the port where the Host D is situated. This is a great advancement if you compare it with old hub networks but if you want one collision domain by default then you may not like it.  

IPSec is basically a way to secure the data transfer between computers. IPSec is making data traffic between two nodes secure by making these things:

• Data Authentication
  • Authentication – The packets can be spoofed and not sent from the place they seem they are sent. Data origin authentication can be provided with configuration of IPSec. IPSec will enable us to ensure that received packet from a trusted party is really originating from that party.
  • Data integrity – IPSec can be configured to secure that the data packet are not changed when they are crossing the network.
  • Anti-replay protection – IPSec is able to check that the packets received are not duplicates of previous data packets.
• Encryption
  • IPSec is a technology that enables you to encrypt network data so that it cannot be captured and used by unauthorized persons.

Circuit-level firewalls are ok but if you want to make your network more secure these firewalls will not be enough for you. Better line of defense is to use new kind of firewall that are making deeper packet analyze, application layer firewalls. Application layer firewalls, also called application gateways or proxy firewalls. These firewalls are filtering traffic at 3, 4, 5, 7 OSI layer.

This useful troubleshooting command for cmd provides information about network speed and network loss at every node between a source and destination. Pathping sends Echo Requests to every router between a source and destination and then calculates the results based on the packets returned from every device. By displaying the percentage of packet loss at any given node, we can see which router have some network problems. Pathping is making the same thing like tracert command but with more information about every router on the way.

A firewall in terms of traditional network configurations serves as a default gateway for hosts connecting to one of its secured subnets. A transparent firewall acts like a “stealth firewall” and it is actually a Layer 2 firewall. In order to implement this, the connection of the security equipment is made to same network on both the internal and external ports. However, there is a separate VLAN for each interface.

Now let’s discuss the characteristics of transparent firewall mode:

• Transparent firewall mode supports outside interface and an inside interface.
• The best thing about transparent firewall mode is that it can run in both the single and multiple context modes.
• Instead of routing table lookups the MAC lookups are performed.