6-3: Network Devices

3. Identify and explain the functions of key network devices. DOK2
a. Describe the purpose and function of essential network devices such as routers,
switches, and hubs.
b. Understand the roles of these devices in a network setup.

---

Networks and devices

1. A network is any connection of two or more computers that allows for the exchange of data. Many types of physical networking devices exist.
2. Network devices are the components used to connect devices together to share files or resources. A local area network or LAN is the simplest form of networking in which computers or nodes are interconnected in a small physical area.
3. A node is a connection point within a network—often computer stations or routers. A LAN may use a repeater hub to create a connection between computers.

LAN network devices

1. A repeater is a network communication device that receives and repairs digital or analog signals that have been distorted or degraded by transmission; it replicates and relays those signals along the next leg. An analog repeater is limited to amplifying the signal, whereas a digital repeater can reconstruct the signal close to its original quality. A repeater has two ports. Anything that enters into one port is sent out the other.

2. A hub is a network device that connects computers together by copying data it receives to all of its multiple ports. It is commonly used for LANs and could be described as a multiport repeater.

3. A bridge is a network device that connects two networks together, has only one port, and does not transfer data until the MAC address has been confirmed. Each networked device has its own media access control or MAC address. An address is a unique hardware identification number for a machine or network card. The manufacturer assigns MAC addresses. Bridges
are unconcerned with IP addresses and are unable to distinguish networks. IP is Internet protocol. An IP address is an identifier assigned to devices accessing the Internet; it is changed often and is not a physical number.

4. A switch is a network device with multiple ports that, by interpreting the MAC address, knows exactly which computer should receive sent data: a multiport bridge. 

5. A router is a network device—completely different from a hub or switch—that sends data via the fastest route possible through a network based on IP addresses. A router is able to transfer data from computers to the modem.

a. Using a house as an example: A router finds the fastest way to move from
one room to another. The router finds the fastest path between a user
computer and a server.

b. A wireless access point or WAP is a device that allows a Wi-Fi-enabled
device to connect wirelessly to a network. A WAP is a router and an access
point combined. 

c. A gateway is a network device that sends data across networks, but it
does so across dissimilar networks. A gateway defines the boundaries of a
network. If information is to go from one network to another, it must pass
through the gateway. [NOTE: The gateway of a house is the front door.] The
gateway is a crucial part of most routers.

6. A server is a computer program that provides a specific service and/or functionality for a network. The computer in which the server program runs is frequently referred to as “the server” as well. However, it is probably a computer dedicated to server  functions (as no one is sitting behind it). Most servers perform a dedicated task and only that task. There are too many types of servers to list. For example:

a. A file server stores files that everyone on the network can access.

b. A print server manages printers that everyone can access, and a network
server manages the network traffic. 

7. A modem is a network device that converts digital data into analog sounds that can be sent over telephone lines, allowing a computer to communicate over a network. A modem plugs into a computer on one end and a phone on the other. Modems are not used much anymore. (NOTE: Today, what is commonly known as a cable modem is actually a type of network bridge.)

8. A network interface card (NIC) is hardware (a circuit board) that installs on a computer to send and receive data over a network. Now the network interface is often part of the motherboard rather than a separate card. 

9. A firewall is hardware or software designed to block unauthorized access. It controls and monitors incoming and outgoing network data based on preset  security guidelines. A firewall is designed to protect a network from a cyber attack.

10. Voice over Internet Protocol (VoIP) is a telephone service that uses the Internet as a phone network. It is a way to have voice conversations over the Internet without using telephone lines.

 

Security risks to network devices

Security and attacks

1. Security is denial of access to assets for malicious intent. It defends against

intrusions and protects assets from access and disclosure, change, or destruc-
tion. Well-constructed network security blocks viruses, malware, and hackers

from accessing or altering information. Privacy is a current security issue.

2. Privacy is the security of sensitive material, such as information about a per-
son, business, or government. Human error is a vulnerability in wired and in

wireless networks. Training as well as defined and rigorous networking policies
are answers to human security error, according to CompTIA.
A. A spoofing attack is a malicious party impersonating another device or user on a network for the purpose of launching an assault against a network host, stealing data, spreading malware, and bypassing access controls. Common tools and practices to reduce spoofing are using packet filtering, avoiding trust relationships, using spoofing detection software, and using cryptographic net-
work protocols. MAC spoofing is difficult to defend against.

 

B. Switch attacks

1. A MAC flooding is a network assault in which an attacker—connected to a switch port—overwhelms the switch with bad MAC addresses, causing incoming data to flood out of all ports. This action could cause sensitive data to go to all ports instead of to the specific computer for which it was intended.

2. MAC spoofing is an attack technique that fools an operating system into thinking that its MAC address is different—changing the computer’s identity. Although MAC addresses are assigned at the factory, it is relatively easy to fool
the computer using drivers.

3. An ARP is an address resolution protocol. An ARP attack is the act of linking a user’s IP address to the MAC address. ARP spoofing is an assault technique in which the attacker sends a fake ARP message over a LAN network, resulting in linking the attacker’s MAC address to a legitimate IP address on the network. As a result, the attacker will receive messages meant for the real IP address. ARP spoofing is used to steal information, modify data in-transit, and stop LAN traffic. Common tools and practices to reduce spoofing are using packet filtering, spoofing detection software, and cryptographic network protocols as well as avoiding trust relationships.

C. Router attacks

1. Typically, routers are secured using passwords. Passwords must be strong. Most importantly, however, passwords must be changed from the factory presets.

 

2. Rarely is router firmware updated. It is embedded software that carries out some network protocols, security mechanisms, and administrative capabilities of the device. To avoid known (and easy) hacking exploits, router firmware should be updated frequently.

3. Many routers are vulnerable because they use old protocols (security rules). Router protocols must be updated, and the strongest security protocols available should be maintained.

4. A rogue access point is an unauthorized wireless application protocol (WAP). It is usually an inexpensive wireless router installed by employees without permission for wireless access to their business network. This opens an extremely vulnerable wireless signal, giving hackers access to the entire wired network. This is often referred to as a rogue DHCP (Dynamic Host Configuration Proto-
col) because the access point in question is offering IP addresses to employees who do not realize they are accessing a rogue access point. Unauthorized wireless access should be avoided.

5. Other attacks

a. DoS attacks occur in wireless routers when static noise interferes with the wireless broadcast. This is not always intentional and can be due to interference from cordless phones, microwaves, etc.

b. Passive capturing, eavesdropping, and sniffing are all terms for being near a wireless network and capturing data over the radio waves used in wireless communication.

D. Server attacks

1. Servers and routers have some attacks in common. The router determines the path of information, and the server provides the information. These functions are closely related, so several of the following attacks may affect the router. In small home networks, it is common for the router to provide some server functions.

2. Computer ports allow data to be sent and received. Port scanning is the surveillance of computer ports, usually by hackers for malicious purposes. Hackers look for “holes” in ports to gain access to networks. Ports that are always open are vulnerable to remote attacks or opportunities to gain access. Firewalls respond to port scans, and some firewalls now use “adaptive behavior” that blocks previously open and closed ports if a suspect IP address is probing them.

3. Domain name system (DNS) is the website name (e.g., Google.com) tied to a particular IP address. In acts of DNS spoofing, non-secure data is sent in response to a DNS query and can be used to capture (steal) queries and redirect them to a rogue DNS server. The DNS is corrupted, causing the server to give an incorrect IP address for the website name. This will divert users to a false website. It is important to configure the server to be as secure as possible against cache poisoning (e.g., using a random source port or randomizing the case of the letters of the domain names sent out to be resolved).

4. Dynamic host configuration protocol (DHCP) is the system responsible for automatically handing out IP addresses to network computers as they are needed. A scope exhaustion attack is an assault that fools the DHCP into thinking it needs to assign IP addresses to many false MAC addresses, and it runs out of IP addresses to assign. This is a type of DoS attack against a router. DHCP server attacks can be defended against with “DHCP snooping” programs that block untrusted DHCP server traffic at the switch. Some of these programs also scan MAC addresses, IP addresses, and corresponding ports to ensure that only genuine addresses can communicate on the network.

E. VoIP attacks

1. VoIP is popular with businesses because it saves money on phone fees. As a network device, however, VoIP has a lot of vulnerabilities. The following are some basic examples, but there are too many to list.

2. Availability attacks

a. Call flooding is a type of DoS attack in which many false call requests are made that overwhelm the system.

b. Caller ID spoofing is an attack that allows someone to use fake credentials, making it seem as though calls and texts are coming from a legitimate source when they are not.

c. Call hijacking is an attack in which a call never reaches its intended target. It is rerouted to the attacker. In general, hijacking is a network security attack in which the attacker takes control of a call, a message, etc. between two entities and impersonates one of them.

d. A call teardown is a false message sent through the system that causes the call to terminate.

3. Confidentiality attacks

a. Eavesdropping on a traditional landline requires a physical connection to the phone line. With VoIP, eavesdroppers just need to be on the same network. Attackers can use a sniffer (software or a device that monitors network traffic) to passively capture all the data being sent.

b. Call pattern tracking is recording the length and identity of callers. c. Hackers can rebuild encrypted conversations using reconstruction algorithms.

Physical and virtual options: Network components

A. Many network components can be software or hardware. It is possible to have virtual machines, which are operating systems running inside another operating system. For example, a user might be running Windows and have a virtual Linux machine running inside Windows. Virtualization has extended to networks and servers, making it feasible for many network devices to be physical or virtual (software-based). The following network devices are considered hardware. However, with the rise of virtualization, almost any network component can be software-based.

B. A repeater can be a small physical box, or it can be a virtual device. Any computer can be set up to repeat a signal, thereby making a repeater physical or virtual, depending on the project.

C. A bridge is a small box with a couple ports. However, a bridge is considered “virtual” when it runs a virtual network.

D. A switch is a box with multiple ports, but it can be a virtual program implemented on a server.

 

E. A server can be a physical computer dedicated to providing only one service, or it can be a virtual device within a computer. For example, a large server system might provide all the files and data needed to run a large website. Conversely, a user could have a virtual-server within a personal computer.

F. A router is usually a small box, often with antennae. However, software is available that turns any computer into a virtual router. The gateway is considered networking hardware, but it is usually part of a router. Gateways can be a program running on a server.

G. The modem is usually a piece of outdated hardware. However, it is possible to have a virtual modem that connects using virtual ports.

H. The NIC is a physical card. However, it is possible to have a virtual NIC inside a virtual machine.

I. A firewall can by physical or virtual, depending on what is needed. A physical firewall is a specialized network box that monitors all traffic and provides a barrier. A software firewall is part of the user’s OS or server.

J. VoIP handles phone calls and can include much phone-related hardware. However, with a microphone and audio jack, a normal computer can handle VoIP with software.