Security+
Another CompTIA certification worth pursuing is Security+. In 2019, 75% of employers in the IT field required certification in Security+ as a certification for new hires. Security+ begins with studies in the devices business’ use when structuring their organizations. The first layer of security any IT professional will have to ensure is the hub device.
A hub is known as a ‘Layer 1’ device. A hub repeats the signal out of all active ports from a network device, similar to how a power strip repeats power across all of its active outlets. A hub is often the first physical layer of the OSI model; OSI stands for ‘Open System Interconnection’. And from that name alone we can tell that a hub is a security risk. Today, hubs are older devices that are no longer commonly used. Reason being, in a world of packet sniffers and protocol analyzers, a hub is a severe security risk. One compromise device on a network, connected by a hub where the signal is repeated, repeats the vulnerability across all connected devices. Most enterprises today instead rely on network switches.
A network switch is a layer 2 or 3 device in the OSI model. A network switch relies on a MAC address table. MAC stands for Media Access Control. It is the Hardware or Network Interfacing card inside a computer. The MAC address table allows traffic to go to one and only one destined device. This is known as running at ‘full duplex’. Full duplex refers to when a device sends and receives at the same time. By comparison, a hub only operates at half duplex, since it repeats a signal across devices, but receives once at a time. More advanced network switches, known as Layer 3 devices, use IP addresses as a more in-depth level of addressing. A network switch will make a network run faster and better since the table has a memory of where each computer is with the destination mac or IP address and the listed ports from each device. With a switch, unlike with a hub, only destined addresses see the signal from the device. This means that every port of a switch is a collision domain. In a collision domain, separate computers can talk to each other at the same time; they have their own domains. Network switches filter traffic and provide port mirroring, as well. Port mirroring means that what goes in/out can be mirrored across two devices. So, even in the case where a malevolent packet sniffer is installed on a compromised device, a secondary device with a mirrored port could simultaneously monitor the primary device and detect the compromise; this is built in security an organization can implement. Switches also allow organizations to disable ports that do not or should not have access to a network.
More on collision domains:
Every port off a switch is known as a segment. So, by definition, every port off a switch is a collision domain. This allows for no overlapping of traffic. Only one device on a segment can talk to the network at once. You can put a hub in line with a switch. But the switch then runs at half duplex as those computers would count as one segment. Putting more switches in line if you need more computers on a network.
Virtual Local Area Networks:
Virtual Local Area Networks run on switches to segment out the network. VLANs use the same hardware on the network but logically break up the network. In this way, we can segment Voice Over Internet Protocol phones, traffic servers, or even other VLANs.
More to come!