Networks

Defense in depth

environment built around multiple controls design to ensure that a failure in a single Control - or even multiple controls is unlikely to cause a security breach

The OSI model

the Open Systems Interconnection model is used to conceptually describe how devices and software operator together through networks. the OSi model Has 7 layers

Network segmentation

divides a network up into logical or physical groupings that are frequently based on trust boundaries, functional requirenents, or other reasons that help an organization apply controls or assist with functionality.

VLAN

Virtual Local Ares Network one of the most knkwn technologu or concept for network segmentation. A VLAN seta up a broadcast domain that is segmented at the Data Link Layer

broadcast domain

a broadcast domain is a segment of a network in which all devices or Systems can reach one another via packets sent as a broadcast at the Data Link layer

East west

east west traffic is used to describe the traffic flow in data center (the same security żonę)

NAC

network Access Control z determines whether a device should be allowed to connect to a network

Port security

capability that allows to limit the number of MAC addresses that can be used on a single port. this prevents a number of possible problems including MAC (hardware) address spoofing, CAM table overflows, plugging in additional network devices in somecase

CAM table

The CAM (Content Addressable Memory) table in a network switch is like a phonebook for devices in a network. It keeps track of which device (identified by its MAC address) is connected to which port on the switch.

CAM table overflow

CAM table overflow occurs when a network switch's Content Addressable Memory (CAM) table reaches its maximum capacity and cannot store any more MAC address/port mappings.

Network loop

In networking, a "loop" refers to a situation where there are multiple paths between two points in a network, causing packets to continuously circulate without reaching their intended destination.

port mirror

Sends a copy of all traffic sent to one switch port to another switch port for monitoring

SPAN

Switch Port Analyzer do the same thing as port mirror but also can combines traffic from multiple ports to a single port for analysis

VPN

Virtual Private Network is a way to create a virtual network linę across a public network that allows endpoints to act as though they are on the same network

MAC filtering

allow the WAP the ability to accept or deny connections based on the clients device hardware (to MAC address)

LDAP

Lightweight Directory Access Protocol- is a protocol that allows user or serivce to acces and modify directory information over a network