Understanding Network Representation For Networks

June 26, 2022 crmnigeria COMPUTER SECURITY 0

Understanding Network Representation For Networks

Understanding Network Representation For Networks

 

Network architects and administrators must be able to show what their networks will look like. They need to be able to easily see which components connect to other components, where they will be located, and how they will be connected. Diagrams of networks often use symbols, like those shown in the figure, to represent the different devices and connections that make up a network.
A diagram provides an easy way to understand how devices connect in a large network. This type of “picture” of a network is known as a topology diagram.
The ability to recognize the logical representations of the physical networking components is critical to being able to visualize the organization and operation of a network.

In addition to these representations, specialized terminology is used to describe how each of these devices and media connects to each other:

  • Network Interface Card (NIC) – A NIC physically connects the end device to the network.
  • Physical Port – A connector or outlet on a networking device where the media connects to an end device or another networking device.
  • Interface – Specialized ports on a networking device that connect to individual networks. Because routers connect networks, the ports on a router are referred to as network interfaces.

Note: The terms port and interface are often used interchangeably.

Topology Diagrams

Topology diagrams are mandatory documentation for anyone working with a network. They provide a visual map of how the network is connected. There are two types of topology diagrams: physical and logical.

 

Physical Topology Diagrams
Physical topology diagrams illustrate the physical location of intermediary devices and cable installation, as shown in the figure. You can see that the rooms in which these devices are located are labelled in this physical topology.

 

Logical Topology Diagrams

Logical topology diagrams illustrate devices, ports, and the addressing scheme of the network, as shown in the figure. You can see which end devices are connected to which intermediary devices and what media is being used.

 

The topologies shown in the physical and logical diagrams are appropriate for your level of understanding at this point in the course. Search the internet for “network topology diagrams” to see some more complex examples. If you add the word “Cisco” to your search phrase, you will find many topologies using icons that are similar to what you have seen in these figures.

Networks of Many Sizes

Now that you are familiar with the components that make up networks and there representations in physical and logical topologies, you are ready to learn about the many different types of networks.
Networks come in all sizes. They range from simple networks consisting of two computers to networks connecting millions of devices.
Simple home networks let you share resources, such as printers, documents, pictures, and music, among a few local end devices.
Small office and home office (SOHO) networks allow people to work from home or a remote office. Many self-employed workers use these types of networks to advertise and sell products, order supplies and communicate with customers.
Businesses and large organizations use networks to provide consolidation, storage, and access to information on network servers. Networks provide email, instant messaging, and collaboration among employees. Many organizations use there network’s connection to the internet to provide products and services to customers.

 

The internet is the largest network in existence. In fact, the term internet means a “network of networks”. It is a collection of interconnected private and public networks.
In small businesses and homes, many computers function as both the servers and clients on the network. This type of network is called a peer-to-peer network.
Small Home Networks
Small home networks connect a few computers to each other and to the internet.
small home network consisting of a monitor, computer tower, keyboard, mouse, speakers, and printer located in a cabinet

LANs and WANs

Network infrastructures vary greatly in terms of:

  • Size of the area covered
  • Number of users connected
  • Number and types of services available
  • Area of responsibility

The two most common types of network infrastructures are Local Area Networks (LANs), and Wide Area Networks (WANs). A LAN is a network infrastructure that provides access to users and end devices in a small geographical area. A LAN is typically used in a department within an enterprise, a home, or a small business network.

A WAN is a network infrastructure that provides access to other networks over a wide geographical area, which is typically owned and managed by a larger corporation or a telecommunications service provider. The figure shows LANs connected to a WAN.
 

LANs

A LAN is a network infrastructure that spans a small geographical area. LANs have specific characteristics:

  • LANs interconnect end devices in a limited area such as a home, school, office building, or campus.
  • A LAN is usually administered by a single organization or individual. Administrative control is enforced at the network level and governs the security and access control policies.
  • LANs provide high-speed bandwidth to internal end devices and intermediary devices, as shown in the figure.
WANs
The figure shows a WAN which interconnects two LANs. A WAN is a network infrastructure that spans a wide geographical area. WANs are typically managed by service providers (SPs) or Internet Service Providers (ISPs).
WANs have specific characteristics:
  • WANs interconnect LANs over wide geographical areas such as between cities, states, provinces, countries, or continents.
  • WANs are usually administered by multiple service providers.
  • WANs typically provide slower speed links between LANs.

The Three-Layer Network Design Model

The campus wired LAN uses a hierarchical design model to separate the network topology into modular groups or layers. Separating the design into layers allows each layer to implement specific functions, which simplifies the network design. This also simplifies the deployment and management of the network.
The campus wired LAN enables communications between devices in a building or group of buildings, as well as interconnection to the WAN and Internet edge at the network core.A hierarchical LAN design includes the access, distribution, and core layers as shown in the figure.

 

Hierarchical Design Model

Each layer is designed to meet specific functions.
The access layer provides endpoints and users direct access to the network. The distribution layer aggregates access layers and provides connectivity to services. Finally, the core layer provides connectivity between distribution layers for large LAN environments.
User traffic is initiated at the access layer and passes through the other layers if the functionality of those layers is required.
Even though the hierarchical model has three layers, some smaller enterprise networks may implement a two-tier hierarchical design. In a two-tier hierarchical design, the core and distribution layers are collapsed into one layer, reducing cost and complexity.

 

In flat or meshed network architectures, changes tend to affect a large number of systems. Hierarchical design helps constrain operational changes to a subset of the network, which makes it easy to manage as well as improve resiliency. Modular structuring of the network into small, easy-to-understand elements also facilitates resiliency through improved fault isolation.

Firewalls

Typically, a firewall with two interfaces is configured as follows:

  • Traffic originating from the private network is permitted and inspected as it travels toward the public network. Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.
  • Traffic originating from the public network and traveling to the private network is generally blocked. 

 

Demilitarized zone

A demilitarized zone (DMZ) is a firewall design where there is typically one inside interface connected to the private network, one outside interface connected to the public network, and one DMZ interface, as shown in the figure.

  • Traffic originating from the private network is inspected as it travels toward the public or DMZ network. This traffic is permitted with little or no restriction. Inspected traffic returning from the DMZ or public network to the private network is permitted.
  • Traffic originating from the DMZ network and traveling to the private network is usually blocked.
  • Traffic originating from the DMZ network and traveling to the public network is selectively permitted based on service requirements.
  • Traffic originating from the public network and traveling toward the DMZ is selectively permitted and inspected. This type of traffic is typically email, DNS, HTTP, or HTTPS traffic. Return traffic from the DMZ to the public network is dynamically permitted.
  • Traffic originating from the public network and traveling to the private network is blocked.

Zone-Based Policy Firewall

Zone-based policy firewalls (ZPFs) use the concept of zones to provide additional flexibility. A zone is a group of one or more interfaces that have similar functions or features. Zones help you specify where a Cisco IOS firewall rule or policy should be applied.
In the figure, security policies for LAN 1 and LAN 2 are similar and can be grouped into a zone for firewall configurations. By default, the traffic between interfaces in the same zone is not subject to any policy and passes freely. However, all zone-to-zone traffic is blocked. In order to permit traffic between zones, a policy allowing or inspecting traffic must be configured.
The only exception to this default deny any policy is the router self zone. The self zone is the router itself and includes all the router interface IP addresses. Policy configurations that include the self zone would apply to traffic destined to and sourced from the router. By default, there is no policy for this type of traffic. Traffic that should be considered when designing a policy for the self zone includes management plane and control plane traffic, such as SSH, SNMP, and routing protocols.

Common Security Architectures

Firewall design is primarily about device interfaces permitting or denying traffic based on the source, the destination, and the type of traffic. Some designs are as simple as designating an outside network and inside network, which are determined by two interfaces on a firewall.
Here are three common firewall designs.
Private and Public
Demilitarized Zone
Zone-Based Policy Firewalls
As shown in the figure, the public network (or outside network) is untrusted, and the private network (or inside network) is trusted.
Typically, a firewall with two interfaces is configured as follows:

  • Traffic originating from the private network is permitted and inspected as it travels toward the public network. Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.
  • Traffic originating from the public network and travelling to the private network is generally blocked.
Action Point
PS: If you would like to have an online course on any of the courses that you found on this blog, I will be glad to do that on individual and corporate level, I will be very glad to do that I have trained several individuals and groups and they are doing well in their various fields of endeavour. Some of those that I have trained includes staffs of Dangote Refinery, FCMB, Zenith Bank, New Horizons Nigeria among others. Please come on Whatsapp and let’s talk about your training. You can reach me on Whatsapp HERE. Please note that I will be using Microsoft Team to facilitate the training. 

I know you might agree with some of the points that I have raised in this article. You might not agree with some of the issues raised. Let me know your views about the topic discussed. We will appreciate it if you can drop your comment. Thanks in anticipation.

 

Fact Check Policy

CEHNIGERIA BLOG  is committed to fact-checking in a fair, transparent and non-partisan manner. Therefore, if you’ve found an error in any of our reports, be it factual, editorial, or an outdated post, please contact us to tell us about it.

 

     

Fact Check Policy
Contact Us

 

Be the first to comment

Leave a Reply

Your email address will not be published.


*