## CompTIA Security+ SYO-401

Certification Training
9954 Learners
33 Chapters +

# Network Design Elements and Components Tutorial

## 1 Network Design Elements and Components

In the field of Network Security, we can’t let anyone steal or hack our data. So, it is very important to design a highly secured network. In this lesson, though we may not completely learn to design a secure network, but surely will learn about its key components. Before we get into the details of this topic, let’s see the following screen that describes the objectives covered in this lesson. After completing this lesson, you will be able to: • Comprehend Network Design and Components, • Describe Virtualization, and • Define Cloud Service Security. In this topic, you will learn about Network Design and Components.Network design refers to planning a computer network infrastructure, and implementing security configuration parameters on network devices. Creating a network design requires a System Administrator to cover two key aspects: 1. Thorough analysis to understand the components and protocols of the physical network, and 2. Troubleshoot security issues related to wireless networking. So, before understanding these sub-objectives, we will review some network design concepts. Network design starts with the help of network topologies. In layman terms, network topologies provide information on how to place nodes, devices, and other security objects in a network to ease their access. Topologies enable you not only to design a network, but also secure a network. They are further classified into Logical topology and Physical topology. The Logical topology does not determine the physical placement of devices, but rather how the devices send data, and how they are related to one another. Whereas, Physical topology maps the physical location of the nodes, and determines how they interact with one another.Now, let's see the different topologies and their functions. We begin with the basic and simplest form of network topologies, Point-to-Point topology. This is where two end points create an unimpeded connection between each another. For example, telephone lines use switched point-to-point topology to send data between two phone connections. Next is the Bus topology. The backbone of this topology is a single cable with many connectors that feeds off into nodes. The information travels down the backbone and to all connections. This is similar to a bus traveling down the road and halts at all stops. Bus topologies are often created using hubs. Third on the list is Star topology. This is a common topology implemented in a network that is created using switches, and all their nodes travel back to a single device that broadcasts the actual data. Sometimes hubs are used to create star topologies, and repeaters can be used to create extended star topologies. Next is the Ring topology. Here, data travels in a circular motion, and is found on a bus type connection. The common ring topology is known as Token Rings. The device with a token broadcasts data across the bus, and the token then moves to the next device in the ring. Last on this list is Mesh topology. In this type, devices create redundant connections with all other devices in the network. It is hard to interrupt communication in this topology as they use mathematical equations to determine the best possible route to move data between devices. There is one more topology, Advanced topology. We will discuss this later in the lesson. Now, let’s learn how to secure network designs.

## 2 Network Design and Components

We have learnt the primary functions of key network topologies. Now, let's see how topologies and design elements work together with devices and securities. Since we are discussing security, let's begin with ‘Demilitarized Zones’ or ‘DMZ’. This term is metaphorically inspired from Military, and it means "an area between Nations in which military operations are not permitted". However, in computer security, DMZ is a mediator between public Internet and internal network. In other words, DMZ is the area between two firewalls. Firewalls placed on the edge of a network are called External Firewalls, and they intercept the public data attempting to get into the systems through the space between two firewalls. In a typical scenario, publically accessed devices will be placed on a DMZ. But how does DMZ work? After the data is allowed by the external firewall, it is able to access the machines within the DMZ. There is another firewall known as Internal Firewall that is placed behind DMZ systems. This avoids unwanted public activity in the private LANs. DMZs allow servers to access the public network or get accessed by other public networks. They ensure there is no compromise done to the private internal networks with sensitive data. You can use DMZs to hide or isolate internal servers from other private and public networks. Servers like DNS, Web servers, FTP servers, SMTP servers, and other mail type servers are the most common types of devices for DMZ.

## 4 Tunneling

Now, let’s look at SSH Tunneling. SSH Tunneling is a method to securely access a remote network. It involves creating a Virtual Private Network or VPN, or a tunnel that creates a pipe to allow you or a machine to access remote resources, as if they are directly on the network. It takes two end points, which could be two routers, or a VPN concentrator and a client, or a client and a router. Then, it creates a point to point connection with the device. Before sending information to the targeted device, it creates a pipe or tunnel across the Internet, protecting it with encryption and authentication while in transit. Following this, payload or data to be sent is pushed through the protected tunnel, to and from the end points. SSH Tunneling allows a computer to access network resources, as if the devices were connected directly to the LAN. Windows uses a Remote Access Server or RAS to create these remote access and tunneling connections. All of these and other Virtual Network Computing or VNC methods are vulnerable to intruders on the Internet.Telephony is the combination of Telephones and IT. It is commonly referred as Voice Over IP systems. The companies that still use landlines are most likely to migrate to digital VoIP data. The problem with Telephony is, it is not very secure, and securing information and data is often a hassle, or is generally left to the vendor. VoIP traffic can easily be sniffed with packet sniffers, and other networking tools. They can be easily exploited, if not treated like other parts of your network with sensitive data or information. In addition to using normal networking security standards, it is good to utilize third party vendor tools and measures. There are possibilities that NAC may request for listed MAC addresses of the client computers. NAC may require a machine to have Windows or certain Operating System patches before connecting to a network. It is a very strict measure, although it protects the network from several types of threats and vulnerabilities. It is important to note that 802.1X is a type of NAC or Network Access Control for wireless Access Points, and for connecting physical ports. We will now learn about Virtualization. Today, organizations prefer implementing virtualization in almost all environments. In simple words, virtualization allows you to have a single machine that lines several virtual machines within a physical machine. Use of virtualization cuts down on the cost of equipment, and size of the environmental footprint your systems will leave. Virtualization has its own share of risks. If the single physical device crashes or is inaccessible, then all the machines housed on the host will go down or become inaccessible. It becomes a single point of failure. Virtual machines are separated from their physical host machine by a technology known as a hypervisor. If a hypervisor is secured, and separates virtual machine from the rest of the machine, then your network should be safe even if the host machine is compromised with viral information. Virtualization is cost effective, but there is a problem when security measures for hypervisor are compromised. Virtualization is the heart of cloud computing. There are two types of hypervisor structures, Type 1 and Type 2. In the Type 1 or bare metal, the hypervisor is directly on the host hardware. Whereas, Type 2 hypervisor runs an application on the host Operating System.

## 8 Summary

Let’s summarize the topics covered in this lesson: • Network Designs deal with the design and infrastructure fundamentals. • Network Topologies mean nodes, devices, and security objects that are placed for accessing the network resources. • Remote Access allows a network administrator to access routers across the Internet or across the network to make necessary changes. • Virtual Private Network tunnel creates a pipe that allows you or a machine to access remote resources as if they are directly on the network. • Virtualization allows you to have a single machine that lines several virtual machines within that physical machine. • Cloud Computing is a form of virtualized outsourcing. With this, we conclude the lesson, ‘Network Design Elements and Components.’ The next lesson is ‘Implement Common Protocols and Services.’

• Disclaimer
• PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

Name*
Email*
Phone Number*