Spiceworks IT Boot Camp - Pt. 1
spiceworks
403 views
31 slides
Sep 25, 2008
Slide 1 of 31
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
About This Presentation
This presentation about IT Networking Basics was given by Spiceworks IT guy, Kris as part of an IT Boot Camp series.
Slide Content
Bandwidth is Expensive.
Are you getting the most out of your money?
Cymphonix makes it easy to automate your Internet security
∙ Filter web content and applications ∙ Stop spyware and malware
∙ Monitor user activity in real-time ∙ Control applications for faster
performance
∙Prioritize bandwidth for websites and applications you want to go fast
www.cymphonix.com
IT Boot Camp: Pt1 - Networking
Are you getting the most out of your money?
Cymphonix makes it easy to automate your Internet security
∙ Filter web content and applications ∙ Stop spyware and malware
∙ Monitor user activity in real-time ∙ Control applications for faster
performance
∙Prioritize bandwidth for websites and applications you want to go fast
www.cymphonix.com
IT Boot Camp: Pt1 - Networking
IT Bootcamp Part 1
Designing an SMB Network
Network Design Principles
Layering and Hierarchical Design Patterns
VLANs
IP Addressing
Wireless
Network Access Control
NAC methods
Physical Security
Switch security
Designing an SMB Network
Network Design Principles
Layering and Hierarchical Design Patterns
VLANs
IP Addressing
Wireless
Network Access Control
NAC methods
Physical Security
Switch security
Part 1: Setting Up Your Network
Network Design
Hierarchical design
Design your network in layers
Modular in nature
Design elements can be replicated
Transition points can be identified easily
Simple to understand
Provide for network growth
Fault tolerance
Network Design
Hierarchical design
Design your network in layers
Modular in nature
Design elements can be replicated
Transition points can be identified easily
Simple to understand
Provide for network growth
Fault tolerance
Part 1: Setting Up Your Network
Network Design
Three layers
Core
Distribution
Access
* Image Credit: http://www.ciscopress.com/content/images/sam_bruno_ccda/elementLinks/da270401.gif
Network Design
Three layers
Core
Distribution
Access
* Image Credit: http://www.ciscopress.com/content/images/sam_bruno_ccda/elementLinks/da270401.gif
Part 1: Setting Up Your Network
Network Design
Core layer
High-speed backbone
of the network
High reliability
Redundancy
Limited diameter
(when using routers at
the core layer)
Network Design
Core layer
High-speed backbone
of the network
High reliability
Redundancy
Limited diameter
(when using routers at
the core layer)
Part 1: Setting Up Your Network
Network Design
Distribution layer
Demarcation between
core and access
layers
Policy, security, and
VLAN routing occurs
here
Filtering (by
source/destination
and input/output)
Static Routing
QOS
Network Design
Distribution layer
Demarcation between
core and access
layers
Policy, security, and
VLAN routing occurs
here
Filtering (by
source/destination
and input/output)
Static Routing
QOS
Part 1: Setting Up Your Network
Network Design
Access layer
Provides user access
to network segments
Wireless Access
Points
Network Design
Access layer
Provides user access
to network segments
Wireless Access
Points
Part 1: Setting Up Your Network
Network Design
The layers do not
necessarily need to
be implemented as
distinct physical
devices
Each layer can be
implemented in
routers and switches,
or in single devices
(layer 3 switches
capable of routing
switched packets)
Network Design
The layers do not
necessarily need to
be implemented as
distinct physical
devices
Each layer can be
implemented in
routers and switches,
or in single devices
(layer 3 switches
capable of routing
switched packets)
Part 1: Setting Up Your Network
Network Design
Less fault-tolerant
and does not take
advantage of all of
the features of a fully
hierarchical network
design
Less expensive and
less complex
Appropriate for very
small networks
Network Design
Less fault-tolerant
and does not take
advantage of all of
the features of a fully
hierarchical network
design
Less expensive and
less complex
Appropriate for very
small networks
Part 1: Setting Up Your Network
Network Design - VLANs
VLANs allow for network nodes to be assigned
to a particular network segment even when not
located on the same switch
Implemented in order to segment networks
logically rather than physically (using routers)
Allows for reassignment via software rather
than by physically moving a device
Network Design - VLANs
VLANs allow for network nodes to be assigned
to a particular network segment even when not
located on the same switch
Implemented in order to segment networks
logically rather than physically (using routers)
Allows for reassignment via software rather
than by physically moving a device
Part 1: Setting Up Your Network
Network Design - VLANs
Types of VLANs
Static
AKA port-based VLANs
Individual ports mapped to VLAN
Must be manually maintained
Dynamic
Switch ports assigned to VLANs dynamically
Assignments based on characteristics such as MAC
address or username
Achieved via software such as VQP and VMPS
Network Design - VLANs
Types of VLANs
Static
AKA port-based VLANs
Individual ports mapped to VLAN
Must be manually maintained
Dynamic
Switch ports assigned to VLANs dynamically
Assignments based on characteristics such as MAC
address or username
Achieved via software such as VQP and VMPS
Part 1: Setting Up Your Network
Network Design
When designing a hierarchical network, design
from the inside out
When starting with the access layer, you can
more accurately gauge capacity needs
Optimization at the distribution and core layers
becomes easier when access needs are known
Network Design
When designing a hierarchical network, design
from the inside out
When starting with the access layer, you can
more accurately gauge capacity needs
Optimization at the distribution and core layers
becomes easier when access needs are known
Part 1: Setting Up Your Network
Network Design
Design in layers
KISS – but try to take
advantage of as
many features of a
hierarchical design as
feasible
Network Design
Design in layers
KISS – but try to take
advantage of as
many features of a
hierarchical design as
feasible
Part 1: Setting Up Your Network
Network Design
Now that you have your network designed, time
to move on to IP addressing....
Network Design
Now that you have your network designed, time
to move on to IP addressing....
Part 1: Setting Up Your Network
Network Design
IP addressing
Determine your scheme early, as this is difficult to
change later on
Design should be scalable so as to meet current
and future needs
Typical SMB LANs will use either the 172.16.0.0/12
or the 192.168.0.0/16 private subnets.
Obviously, the 10.0.0.0/8 subnet is available, but
not too many SMB networks will require such a
large address space, remember KISS
Network Design
IP addressing
Determine your scheme early, as this is difficult to
change later on
Design should be scalable so as to meet current
and future needs
Typical SMB LANs will use either the 172.16.0.0/12
or the 192.168.0.0/16 private subnets.
Obviously, the 10.0.0.0/8 subnet is available, but
not too many SMB networks will require such a
large address space, remember KISS
Part 1: Setting Up Your Network
Network Design
IP addressing
Learn to subnet!
Many resources available, including web-based
subnet calculators, but the benefits of being able to
quickly calculate subnet values are many
http://www.subnet-calculator.com/
http://www.subnetmask.info/
http://www.learntosubnet.com/
Network Design
IP addressing
Learn to subnet!
Many resources available, including web-based
subnet calculators, but the benefits of being able to
quickly calculate subnet values are many
http://www.subnet-calculator.com/
http://www.subnetmask.info/
http://www.learntosubnet.com/
Part 1: Setting Up Your Network
Network Design
IP addressing
DHCP and static assignments
Know where you will be placing your DHCP
server(s) – this goes back to your layered network
design
Based on this, determine DHCP relay needs
(switch/router capabilities, agents, etc)
Keep a manifest of statically assigned addresses, it
will help keep things organized
Network Design
IP addressing
DHCP and static assignments
Know where you will be placing your DHCP
server(s) – this goes back to your layered network
design
Based on this, determine DHCP relay needs
(switch/router capabilities, agents, etc)
Keep a manifest of statically assigned addresses, it
will help keep things organized
Part 1: Setting Up Your Network
Network Design
Now, onto wireless....
Network Design
Now, onto wireless....
Part 1: Setting Up Your Network
Wireless
Wireless LAN
How to fit wireless into your design so as to provide
a high level of secure service
Multiple approaches available
Must always be aware of security issues
Wireless
Wireless LAN
How to fit wireless into your design so as to provide
a high level of secure service
Multiple approaches available
Must always be aware of security issues
Part 1: Setting Up Your Network
Wireless
Spiceworks
Community suggests
multiple methods of
securing wireless
Wireless
Spiceworks
Community suggests
multiple methods of
securing wireless
Part 1: Setting Up Your Network
Wireless
Simple design with
single wireless AP
Connected directly to
LAN
WPA2 for security
Wireless
Simple design with
single wireless AP
Connected directly to
LAN
WPA2 for security
Part 1: Setting Up Your Network
Wireless
Simple design with
single wireless AP
Connected directly to
LAN
EAP/RADIUS for
authentication
Wireless
Simple design with
single wireless AP
Connected directly to
LAN
EAP/RADIUS for
authentication
Part 1: Setting Up Your Network
Wireless
More complex design
using VLANs
Wireless AP
connected to an
isolated VLAN
WPA2 for access to
wireless, VPN for
access to LAN
Wireless
More complex design
using VLANs
Wireless AP
connected to an
isolated VLAN
WPA2 for access to
wireless, VPN for
access to LAN
Part 1: Setting Up Your Network
Wireless
Other security methods
MAC filtering
Dynamic VLANs hosted by the AP
WEP (don't use)
Proprietary systems
Wireless
Other security methods
MAC filtering
Dynamic VLANs hosted by the AP
WEP (don't use)
Proprietary systems
Part 1: Setting Up Your Network
Access Control
Network Access Control
Access Control
Network Access Control
Part 1: Setting Up Your Network
Access Control
Network Admissions/Access Control
Policy enforcement
Role management
End-point compliance
User Access Management
Enforce policy based on authenticated user ID
Attack vector mitigation
By enforcing end-point compliance, networks can be
protected from systems that may be harboring malicious
software or be in a vulnerable state
Access Control
Network Admissions/Access Control
Policy enforcement
Role management
End-point compliance
User Access Management
Enforce policy based on authenticated user ID
Attack vector mitigation
By enforcing end-point compliance, networks can be
protected from systems that may be harboring malicious
software or be in a vulnerable state
Part 1: Setting Up Your Network
Access Control
Network Admissions/Access Control
Pre-admission control
Clients are inspected prior to being granted access to the
network
Criteria such as up-to-date AV, service packs, etc
Post-admission control
Enforcement based on user actions
Access Control
Network Admissions/Access Control
Pre-admission control
Clients are inspected prior to being granted access to the
network
Criteria such as up-to-date AV, service packs, etc
Post-admission control
Enforcement based on user actions
Part 1: Setting Up Your Network
Access Control
Network Admissions/Access Control
Can be managed by devices devoted specifically to
either out-of-band or in-band management
In-band systems act like firewalls, enforcing policy
prior to accessing the switch
Out-of-band systems control switches directly and
enforce policy based upon information received
from clients – often via the use of remote agents
Access Control
Network Admissions/Access Control
Can be managed by devices devoted specifically to
either out-of-band or in-band management
In-band systems act like firewalls, enforcing policy
prior to accessing the switch
Out-of-band systems control switches directly and
enforce policy based upon information received
from clients – often via the use of remote agents
Part 1: Setting Up Your Network
Access Control
Physical Security
Secure all cable plants, IDF closets, and server
rooms
Disable unused ports, or place them into a specific
VLAN designed for unused ports (no layer 3
access)
Secure wireless access points so they cannot be
tampered with or have their network access cables
disconnected
Access Control
Physical Security
Secure all cable plants, IDF closets, and server
rooms
Disable unused ports, or place them into a specific
VLAN designed for unused ports (no layer 3
access)
Secure wireless access points so they cannot be
tampered with or have their network access cables
disconnected
Part 1: Setting Up Your Network
Access Control
Switch security
Disable any and all unused protocols (SSH, telnet,
HTTP(s), etc)
When using VLANs, ensure that trunking is
disabled for all ports that do not require it, and
ensure that all VLAN ID's used for trunks are
distinct from any port numbers
Use MAC address filtering where appropriate
Access Control
Switch security
Disable any and all unused protocols (SSH, telnet,
HTTP(s), etc)
When using VLANs, ensure that trunking is
disabled for all ports that do not require it, and
ensure that all VLAN ID's used for trunks are
distinct from any port numbers
Use MAC address filtering where appropriate
Bandwidth is Expensive.
Are you getting the most out of your money?
Cymphonix makes it easy to automate your Internet security
∙ Filter web content and applications ∙ Stop spyware and malware
∙ Monitor user activity in real-time ∙ Control applications for faster
performance
∙Prioritize bandwidth for websites and applications you want to go fast
www.cymphonix.com
IT Boot Camp: Pt1 - Networking
Are you getting the most out of your money?
Cymphonix makes it easy to automate your Internet security
∙ Filter web content and applications ∙ Stop spyware and malware
∙ Monitor user activity in real-time ∙ Control applications for faster
performance
∙Prioritize bandwidth for websites and applications you want to go fast
www.cymphonix.com
IT Boot Camp: Pt1 - Networking
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 403
- Slides 31
- Favorites 1
- Age 6277 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
29 views