Hub ‘An OSI layer 1 device Mult-port repeater Everything is half duplex Becomes less ecient az speeds increace = ‘Sitch ‘An OSI layer 2 device ‘Hardware bridging ASICs very fast!) ‘Forwards trai based on MAC address ‘The core ofan enterprise network ‘High bandwidth - Many simultaneous packets An OS! layer 3 device + Routes trafic between IP subnets “+ Routersinsde of switches are sometimes called “ayer 3 switches” + Layer 2= Switch, Layer 3= Router * Often connects diverse network types - LAN, WAN, copper, ver Firewall +05! layer 4 (TCP/UDP), some firewalls filter through Ost layer 7 Filters traffic by port number + Can encrypt traffic into/out of the network and between sites + Can proxy trafic -A common secuitytechniqu ‘Most firewalls can be layer 3 devices (routers) 4 Content Fiters * Contrl traffic based on network dat ‘Filter email -avoid malicious software, phishing, and viruses ‘Filter URLs Hter by web site category Load balancer * Distributes the load over many physical servers + Adds fault-tolerance * Can cache and prioritize traffic * Very common in large environments Packet shaper, trae shaper * Control by bandwidth usage or datarates * Set important applications tohave higher proves than other apps + Manage the Quality of Service (QoS) VPN concentrator * The connection point for remote users * Traffic is encrypted across the Internet and decrypted on the internal private networkS. + Mosi reals can be layer 3 devices (outers) Wireless Acces Point ‘Ostlayer 2 device “AAP isa bridge -makes forward decisionsbased on MAC address Uses standard phone lines POTS modems now used for + backup and uty functions Intrusion detection/prevention system ‘Protects aginst OS and application ep ‘Detection = alerts but does nt stp the attack ‘Prevention -blocs the attack PPP (Point-to-Point Protocel) ‘ Authentiation, compression, ror detection, mutlak * Uredin many physel networking emcironments ‘Layer 2 protoeal PPTP (Point to Point Tunneling Protec) TP protocol cantrls the tunnel * GRE (Generic Routing Encapsulation) isthe tunnel * Authentiaton -MS-CHAP? (Microsoft Challenge Handshake Authentication Protocol) “Encryption -EAP-TLS (Extensible Authentication Protecel~ Transport Layer Security) SSL VPN (secre Sockets Layer VP 1 Uses common SL protec (ep/443) | No big VPN cents IPsec internet Protocl Security) * Security for OS! ayer 3 * Confidentiitv and inteeriv/antcenlav