• Choose a category
• All
• Classic-Fiction

By Root 3052 0

provide 24/7 real-time monitoring of all devices in the cellular and computer network they support. The operators in the NOC can literally reach out and touch any device in the network to configure, repair, and troubleshoot it. A single NOC has dozens of people working around the clock to keep on top of the network. When an AT&T Wireless center goes down, it effectively takes down the cell-phone service for an entire region. As you can imagine, this is horrendously expensive, and the company doesn’t let it happen often. There are several NOC facilities in the United States, and one region can support or take over operations for another region if that center becomes inoperable.

Understanding the Different Network Infrastructure Devices

Connecting all these components requires physical devices. Large multinational corporations, as well as small and medium-sized corporations, are building networks of enormous complexity and sophistication. These networks work by utilizing miles of both wiring and wireless technologies. If the network is totally wire and fiber based or totally wireless, the method of transmitting data from one place to another opens vulnerabilities and opportunities for exploitation. Vulnerabilities appear whenever an opportunity exists to intercept information from the media.

The devices briefly described here are the components you’ll typically encounter in a network.

Many network devices contain firmware that you interact with during configuration. For security purposes, you must authenticate in order to make configuration changes and do so initially by using the default account(s). Make sure the default password is changed after the installation on any network device, or you are leaving that device open for anyone recognizing the hardware to access it using the known factory password.

Firewalls

Firewalls are one of the first lines of defense in a network. There are different types of firewalls, and they can be either stand-alone systems or included in other devices such as routers or servers. You can find firewall solutions that are marketed as hardware only and others that are software only. Many firewalls, however, consist of add-in software that is available for servers or workstations.

Although solutions are sold as “hardware only,” the hardware still runs some sort of software. It may be hardened and in ROM to prevent tampering, and it may be customized—but software is present nonetheless.

The basic purpose of a firewall is to isolate one network from another. Firewalls are becoming available as appliances, meaning they’re installed as the primary device separating two networks. Appliances are freestanding devices that operate in a largely self-contained manner, requiring less maintenance and support than a server-based product.

Firewalls function as one or more of the following:

■ Packet filter

■ Proxy firewall

■ Stateful inspection firewall

To understand the concept of a firewall, it helps to know where the term comes from. In days of old, dwellings used to be built so close together that if a fire broke out in one, it could easily destroy a block or more before it could be contained. To decrease the risk of this happening, firewalls were built between buildings. The firewalls were huge brick walls that separated the buildings and kept a fire confined to one side. The same concept of restricting and confining is true in network firewalls. Traffic from the outside world hits the firewall and isn’t allowed to enter the network unless otherwise invited.

The firewall shown in Figure 3.2 effectively limits access from outside networks, while allowing inside network users to access outside resources. The firewall in this illustration is also performing proxy functions, discussed later.

FIGURE 3.2 A proxy firewall blocking network access from external networks

The following sections discuss three of the most common functions that firewalls perform.

Although firewalls are often associated with outside traffic, you can place a firewall anywhere.