Distribution routers aggregate traffic from multiple access routers, either in the same place, or obtaining the data streams from multiple sites to the location of a major company. Distribution routers often are responsible for implementing quality of service across a WAN, so it must have considerable memory, multiple WAN interfaces, and substantial processing intelligence.
They can also provide connectivity to groups of servers or networks. The router operating system must be careful as part of the global security architecture. Separated from the router may be a firewall or VPN concentrator, or the router may include these and other functions security. When a business is based primarily on a campus, there may be no clear division level, which is perhaps not access outside campus. In such cases, access routers, connected to a local area network (LAN), are interconnected through the Core routers.
In business, the core router can provide a “backbone” interconnecting the distribution of levels of the routers in multiple buildings on a campus, or large companies locales. When a company is widely distributed with no central location, the role of the Core router can be assumed by the WAN service to which the company subscribes, and the distribution of routers becomes the highest level.
The edge routers link autonomous systems with Internet backbone or other autonomous systems, and they must be prepared to handle a protocol bgp and if they want to receive bgp routes should poser much memory.
Although traditionally used to deal with routers fixed networks (Ethernet, ADSL, ISDN, etc.), in recent years have routers have begun to appear that allow an interface between fixed and mobile networks (such as Wi-Fi, GPRS, Edge , UMTS, Fritz! Box, WiMAX, etc.). A wireless router shares the same principle as a traditional router. The difference is that it allows wireless devices to networks to which the router is connected via cable connections. The difference between this type of router is given by the power reach, frequencies and protocols in which they work.
A switch is a device used in computer networks to relay modules (frames) between the various nodes. They have doors, as well as the concentrators (hubs) and the main difference between a switch and a hub, is that the switch segments the network internally, and each port represents a separate collision domain, which means no collisions between packages of different segments – unlike hubs, whose doors share the same collision domain. Another important difference is related to network management, with a manageable switch, we can create VLANs, so the managed network is further divided into smaller segments.
A firewall is a part of a system or network that is designed to block unauthorized access while allowing authorized communications. This is a device or group of devices configured to permit, restrict, encrypt, decrypt, traffic between different areas on the basis of a set of standards and other criteria.
Firewalls can be implemented in hardware or software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet specified security criteria. It is also common to connect the firewall to a third network, called the Demilitarized Zone, or DMZ, where servers are located in the organization that should be accessible from the outside network. A properly configured firewall adds a necessary protection to the network, but in no case should be considered sufficient. Computer security covers more areas and more jobs and levels of protection.
Limitations of a firewall
The limitations stem from the very definition of firewall: filter traffic. Any type of computer attack that uses traffic accepted by the firewall (for open TCP ports used specifically, for example) or simply not use the network, will remain a threat. The following list shows some of these risks:
- A firewall can not protect against those attacks that traffic does not pass through it.
- The firewall can not protect against threats that are subject to internal attacks or careless users. The firewall can not prevent corporate spies copying sensitive data in physical storage media (disks, memories, etc.) And withdraw from the building.
- The firewall can not protect against social engineering attacks.
- The firewall can not protect against possible attacks to the internal network to viruses through files and software. The real solution is that the organization should be aware of installing anti-virus software on each machine to protect against viruses that arrive via any storage medium or other source.
- The firewall does not protect against breaches of security services and protocols which traffic is allowed. Must be configured properly and ensure the safety of the services that are published on the internet.
Application Layer Gateway
It applies security mechanisms to specific applications such as FTP and Telnet servers. This is very effective, but can impose performance degradation.
Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further control. It allows the establishment of a session that originates from an area of greater security to a lower security area.
Network layer firewall or packet filtering
Works at the network level (OSI Layer 3, Layer 2 protocol stack TCP / IP) and IP packet filter. At this level you can make filters for different IP packet fields: source IP address, destination IP address. Often in this type of firewall to filter fields as transport layer (layer 3 TCP / IP, OSI model layer 4) as the source and destination port, or data link layer (no TCP / IP, OSI Model Layer 2) as the MAC address.
Application Layer Firewalls
They work on the application level (level 7), so that the filter can be adapted to characteristics of the protocols at this level. For example, in the case of HTTP traffic, filtering can be performed according to the URL you are trying to access. A firewall at 7, often referred to proxy HTTP traffic, allowing the computers in an organization come to the Internet in a controlled manner. A proxy effectively hides the true network addresses.
A special case of firewalls that are installed as software on a computer, filtering communications between that computer and the rest of the network. It is used for both a personal level.
- Cloud Computing: The Concept and Examples of its Virtual Services | Part 1 - July 23, 2012
- Why Rapidly Growing Companies Need Cloud Computing | Part 1 - July 22, 2012
- Web Designing Process | Strategic Planning | Part 1 - August 7, 2011