Network Connectivity


Cisco Firewall


Network Connectivity

To understand network connectivity, we will break networking down into layers. Then we can fit the different networking and security components that make up a network into each layer. This is the starting point for understanding how networks work and carrying out the advanced stages of troubleshooting. Networking does not just magically happen; we need to follow protocols and rules so that two endpoints can communicate and share information. These rules and protocols don’t just exist on the endpoint, such as your laptop; they also need to exist on the network and security components in the path between the two endpoints. 

We have networking models to help you understand what rules and protocols we need on all components, such as the TCP/IP Suite and the OSI model. These networking models are like a blueprint for building a house. They allow you to follow specific patterns and have certain types of people, which are protocols in networking. For example, to find the MAC address, when you know the IP address of the destination, we use Address Resolution Protocol (ARP). So we have rules and standards that we need to follow. By learning these rules, you can install, configure and troubleshoot the main networking components of routers, switches, and security devices.


Preliminary Information: Useful Links to Relevant Content

A key point: Useful links to pre-information

  1. Network Security Components
  2. IP Forwarding
  3. Cisco Secure Firewall
  4. Distributed Firewalls
  5. Virtual Firewalls


A Key Point: Knowledge Check 

  • A key point: Back to basics: Source and Destination

Networking, or computer networking, transports and exchanges data between nodes over a shared medium in an information system. It’s about moving information from your application across and within your network. Generally speaking, the essence of network connectivity exists as a source and a destination where we can communicate. There are different modes of communication, such as unicast, broadcast, and multicast. But for now, consider a network and the infrastructure used within a network to support communication between a single source and destination.

The source can be the application you use on your computer, such as your web browsers that use HTTP protocol. So, there are rules that your web browser software needs to follow, and the HTTP protocol specifies these. The destination could be elsewhere, such as an application hosted in the cloud or another network from your on-premise Local Area Network (LAN). In this case, we are moving from an on-premise network to a cloud network.


Network Connectivity with Edges of Control

So in the world of computer networking and network connectivity, there are different types of edges of control. In this case, if you are sitting in your home network. The edge of control is our home router provided by a service provider in your area, along with a firewall device positioned at each of these perimeters marking the points between internal and external networks.

In your home network, this parameter is static. However, the perimeter is more dissolved, especially in more extensive networks. You would need multiple firewalls and firewall types positioned in the local area network, creating a defense-in-depth approach to security.

Network connectivity
Diagram: Sample network for network connectivity.


Network Connectivity with Network Models

So, as I said, computer networks enable connected hosts—computers—to share and access resources. So when you think of a network, think of an area, and this area exists for sharing. The first purpose of network connectivity was to share printers, and it has not been expanded to many other devices to share, but in reality, the use case of sharing is still its primary use case.

And you need to know how all the connections happen and all the hardware and software that enables that exchange of resources. We do this using a networking model. So we can use network models to conceptualize the many parts of a network, relying primarily on the Open Systems Interconnection (OSI) seven-layer model to help you understand networking. 

Remember that we don’t implement the OSI; we implement the TCP/IP suite. But the OSI is a great place to start learning as everything is divided into individual layers. You can place the network and security components at each layer to help you understand how networks work. Let us start with the OSI model before we move to the TCP/IP suite.


Why use the OSI Model?

The open systems interconnection (OSI) model is based on splitting a communication system into seven abstract layers, each stacked upon the last. What can you use the OSI model for? Understanding OSI enables a tech to determine quickly at what layer a problem can occur. Second, the OSI model provides a common language techs use to describe specific network functions.

Understanding the functions of each OSI layer is very important when troubleshooting network components and network communication. Once you understand these functions and the troubleshooting tools available to you at the various layers of the model, troubleshooting network-related problems and understanding will be much easier.

Highlighting the OSI layers

  • Layer 7 Application

The application layer provides the user interface. We have software applications like web browsers and email clients, to name a few, that rely on the application layer to initiate communications. Application layer protocols include HTTP and SMTP (Simple Mail Transfer Protocol is one of the protocols enabling email communications).

  • Layer 6 Presentation

The presentation layer determines how data is represented to the user. This layer is primarily responsible for preparing data so the application layer can use it; in other words, layer 6 makes the data presentable for applications to consume. Encryption and compression work at this layer.

  • Layer 5 Session

This layer is responsible for opening and closing communication between the two devices. The time between open and closed communication is known as the session. 

  • Layer 4 Transport

Layer 4, the transport layer, is responsible for end-to-end communication between the two devices. These activities include taking data from the session layer and breaking it into segments before sending it to layer 3. Layer 4 is also responsible for flow control and error control. 

  • Layer 3 Network

The network layer is responsible for facilitating data transfer between two different networks. The network layer is unnecessary if the two devices communicating are on the same network. 

  • Layer 2 Data Link

The data link layer is very similar to the network layer, except the data link layer facilitates data transfer between two devices on the same network. The data link layer takes packets from the network layer and breaks them into smaller pieces called frames. 

  • Layer 1 Physical

The physical layer defines physical properties for connections and communication: repeaters and hubs operate here. Wireless solutions are defined at the physical layer. 


Highlighting the TCP/IP Suite: Protocols

TCP/IP is a protocol suite—meaning multiple protocols exist to provide network connectivity. Each protocol in the suite has a specific purpose and function, and protocols work at different layers. TCP/IP is a suite of protocols, the most popular of which are Transmission Control Protocol (TCP), User Data Protocol (UDP), Internet Protocol (IP), and Address Resolution Protocol (ARP).

IP performs logical addressing so your computer can be found and reached across different networks. ARP converts these logical addresses to a physical MAC address to be transmitted on the wire. We can use the ICMP protocol for troubleshooting and diagnostics, which is the status- and error-reporting protocol.  

The IP is the Internet’s address system and delivers packets of information from a source device to a target device. IP is the primary way network connections are made, and it establishes the basis of the Internet. IP does not handle packet ordering or error checking. Such functionality requires another protocol, often the TCP.

For example, when an email is sent over TCP, a connection is established, and a 3-way handshake is made. First, the source sends an SYN “initial request” packet to the target server to start the dialogue. Then the target server sends an SYN-ACK packet to agree to the process. Lastly, the source sends an ACK packet to the target to confirm the process, after which the message contents can be sent.

  • TCP/IP: Networking Model: 4-layer model vs. 7-layer OSI

The TCP/IP model is a four-layer model similar in concept to the seven-layer OSI Reference Model. To simplify life, the four layers of the TCP/IP model map to the seven layers of the OSI version. The TCP/IP model combines multiple layers of the OSI model, so when starting with networking. It’s good to start with the OSI, as none of the layers are combined.


Moving through Layers: Enabling Network Connectivity

Each OSI model layer is responsible for communicating with the layers directly above and below, receiving data from or passing it to its neighboring layers. For example, the presentation layer will receive information from the application layer, format it appropriately, which could be encryption, as we mentioned, or compression, and then pass it to the session layer. The presentation layer will never deal directly with the transport, network, data link, or physical layers. The same idea is valid for all layers regarding their communication with other layers.


OSI Layer Example: Computers communicate with a server.

Let’s look at the layers from the point of view of two computers sending data to each other. The data is called different things at each layer. This is due to the encapsulation process, but we will call it data for now. So we have Host A and Host B that want to send files to each other and, therefore, will exchange data on the network. Or host B has a local web server, and host A in their browser types in the IP address of host B. So for network connectivity, we need a source and a destination.

So, host A is the sending computer, the source, and Host B is the receiving computer, the destination. The data exchange starts with Host A sending a request to Host B in the application layer. So we have Host A, that is initiating the request. At the receiving end, the destination, on host B, the data moves back up through the layers to the application layer, which passes the data to the appropriate application or service on the system. Port numbers will identify the proper service.


  • Starting to move through the layers

Network connectivity starts at the application layer of the OSI model, which will be on the sending system, which in our case is Host A, and works its way down through the layers to the physical layer. The information then passes the communication medium, physical cablings such as Copper or Fiber, or wireless, until it receives the far-end system, which operates back up the layers, starting at the physical layer until the application layer.  


  • Action at one layer undone at another layer

When you think of two devices communicating, such as two computers, it is crucial to understand that whatever action is done at one layer of a sending computer is undone at the same layer on the receiving computer. For example, if the presentation layer compresses or encrypts traffic the information on the sending computer, the data is uncompressed or decrypted on the receiving computer.

Network Connectivity and Network Security

So we have just looked at generic connectivity. But there will be two main functions carried out by these networking and security devices. First, there is the network connectivity side of things. 

  • Network Connectivity

So we will have network devices that will need to forward your traffic so it can reach its destination. Traffic is forwarded based on IP. Keep in mind there is not any guarantee with IP. Enabling reliable network connectivity is handled further up the stack. The primary version of IP used on the Internet today is Internet Protocol Version 4 (IPv4). Due to size constraints with the total number of possible addresses in IPv4, a newer protocol was developed. The latest protocol is called IPv6. It makes many more addresses available and is increasing in adoption.


  • Network Security

Secondly, we will need to have network security devices. These devices allow traffic to pass through their interfaces if they deem it safe, and policy permits the traffic to pass through that zone in the network. The threat landscape is dynamic and bad actors have many tools to disguise their intentions. Therefore we have many different types of network security devices to consider.


Components for network connectivity

In general, we have routers forwarding the traffic based on IP, and they usually work with switches that help connect all the devices. Switches work with MAC addresses and not IP addresses. Then we have the security devices such as firewalls that help with the security side of things. Generally, a firewall device will allow all traffic to leave the network, but only traffic you permit can enter the network.


Starting with the Layer 3 Router

Routers, the magic boxes that act as the interconnection points, have all the built-in smarts to inspect incoming packets and forward them toward their eventual LAN destination.  Routers are, for the most part, automatic. A router is any hardware or software that forwards packets based on their destination IP address. Routers work at the OSI model’s Network layer (Layer 3). Classically, routers are dedicated boxes with at least two connections, although many routers contain many more connections and offer various network connectivity options.

The router inspects each packet’s destination IP address and then sends the IP packet out to the correct port. To perform this inspection, every router has a routing table that tells the router exactly where to send the packets. This table is the key to understanding and controlling forwarding packets to their proper destination.

Starting with Switches

Then we have switches, which can control and only send frames to the proper destination and reduce the number of devices receiving the frame, reducing the chance of collisions. So when we have switches, we have a star topology but consider the links between the end host and the switch port to be point-to-point. This allows full duplex communication that effectively disables the CSMA/CD process between the switch port and the attached device. Now the ability to transmit and receive simultaneously only occurs between the switch port and the end station. So consider full-duplex to be a 10x speed improvement over half-duplex. The switch port also acts as a boundary for collisions.


Building a small network: Network and Security Components

Information on Hub 

With the information you learned from the OSI, let’s look at some networking components in more detail. Networking started with hubs. A hub is an older network device you hopefully do not encounter on your networks because more effective and secure switches have replaced them. A network hub has three pitfalls: 


  • No filtering 

When a system was to send data to another system, the hub would receive the data and then send the data to all other ports on the hub. A switch operating at Layer 2 will understand MAC addresses to make better forwarding decisions. 

  • Collisions 

Because any data was sent to all other ports, and any system could send its data at any time, this resulted in many collisions on the network. A collision occurs when two data pieces collide, must be retransmitted, and will degrade application performance.

  • Security For Hubs 

Because the data was sent to all ports on the hub, all systems receive all data. Systems look at the destination address in the frame to decide whether to process or discard the data. 


Packet Sniffer

But if someone were running a packet sniffer such as Wireshark or tcpdump on a system that used a hub, they would receive all packets and be able to read them.  Sniffers examine streams of data packets that flow between computers on a network, between networked computers, and the more extensive Internet.  This created a huge security concern. The solution to the hub problem was to replace network hubs with switches with better filtering capabilities and the capability to carve a switch into multiple switches using VLANs. This improves both security and performance.


Cisco Firewall

Network connectivity: Start with switches 

At layer 2 we can have switches that reduce collisions, optimize traffic, and are better from a security point of view. LAN Switch Switches are one of the most common devices used on networks today. All other devices connect to the switch to gain access to the network.  For example, you will connect workstations, servers, printers, and routers to a switch so that each device can send and receive data to and from other devices. The switch acts as the central network connectivity point for all devices on the network. 


  • Layer 2 Switch: How switches work

The switch tracks every device’s MAC address (the physical address burned into the network card) and then associates that device’s MAC address with the port on the switch to which the device is connected. The switch stores this information in a MAC address table in memory on the switch. The switch then acts as a filtering device by sending data only to the port that the data is destined for.


Collision Domains and Broadcast Domains 

  • Collision Domain: Hub – Single Collision Domain 

In a collision domain, data transmission collisions can occur. For example, suppose you are using a hub to connect 10 systems to a network. Because traffic is sent to all ports on the hub, the data could collide on the network if several systems send data simultaneously. For this reason, all network ports on a hub (and any devices connected to those ports) are considered parts of a single collision domain. This also means that when you cascade a hub of another, all hubs are part of the same collision domain. Do you connect 100 hubs, and even though they are different physical devices, it is still one collision domain?


  • Switches: Break down Collision Domains

If you were using a switch to connect the ten systems, each port on the switch would create its network segment. When data is sent by a system connected to the switch, the switch sends the data only to the port on which the destination system resides. For this reason, if another system were to send data simultaneously, the data would not collide. As a result, each port on the switch creates a separate collision domain.


Cisco Firewall


Controlling Broadcast Domain

A broadcast domain is a group of systems that can receive one another’s broadcast messages. When using a hub to connect five systems in a network environment, if one system sends a broadcast message, the message is received by all other systems connected to the hub. For this reason, all ports on the hub create a single broadcast domain. Likewise, if all five systems were connected to a switch and one sent a broadcast message, all other systems on the network would receive the broadcast message. 

Therefore, all ports are part of the same broadcast domain when using a switch. If you wanted to control which systems received broadcast messages, you would have to use a router that does not forward broadcast messages to other networks. You could also use virtual LANs (VLANs) on a switch, with each VLAN being a different broadcast domain.


Network Connectivity: Starting with Routers

A switch connects all systems in a LAN setup, but what if you want to send data from your network to another network or across the Internet? That is the job of a router. Routers work at Layer 3 of the OSI model. A router sends or routes data from one network to another until the data reaches its final destination. Note that although switches look at the MAC address to decide where to forward a frame, routers use the IP address to determine what network to send the data to. 


Network Connectivity with Network Routing

Network routing is selecting a path across one or more networks. Routing principles can apply to any network, from telephone to public transportation. In packet-switching networks, such as the Internet, routing selects the paths for Internet Protocol (IP) packets to travel from origin to destination. These Internet routing decisions are made by specialized network hardware called routers.  


Routing Tables

Routers refer to internal routing tables to decide how to route packets along network paths. A routing table records the paths packets should take to reach every destination the router is responsible for. The router has a routing table listing all the networks it can reach. Routing protocols populate routing tables. Routing protocols can be dynamic or static.

Routing tables can either be static or dynamic. Static routing tables do not change. A network administrator manually sets up static routing tables. This sets in stone the routes data packets take across the network unless the administrator manually updates the tables. Dynamic routing tables update automatically. 

Dynamic routers use various routing protocols (see below) to determine the shortest and fastest paths. They also make this determination based on how long it takes packets to reach their destination. Dynamic routing requires more computing power so smaller networks may rely on static routing. But for medium-sized and large networks, dynamic routing is much more efficient.


Network Connectivity: Starting with Firewalls 

A firewall is a security system that monitors and controls the network traffic based on security rules. Firewalls usually sit between trusted and untrusted networks, often the Internet. For example, office networks often use a firewall to protect their network from online threats—Firewalls control which traffic is allowed to enter a network or system and which traffic should be blocked.

When configuring a firewall, you create the rules for allowing and denying traffic based on the traffic protocol, port number, and direction. Firewalls work at Layer 3 and Layer 4 of the OSI model. We know now that Layer 3 is the Network Layer where IP works. Then we have Layer 4, the Transport Layer, where TCP and UDP work. 

Stateful Inspection Firewall


  • Packet filtering firewall 

A packet-filtering firewall can filter traffic based on the source and destination IP addresses, the source and destination port numbers, and the protocol used. The downfall of a simple packet-filtering firewall is that it needs to understand the context of the conversation, making it easy for a bad actor to craft a packet to pass through the firewall.   


  • Stateful packet inspection

Stateful packet inspection firewalls. Like a packet filtering firewall, a stateful packet inspection firewall filters traffic based on source and destination IP addresses, the source and destination port numbers, and the protocol in use. Still, it also understands the context of a conversation. Stateful firewalls rely on a lot of contexts when making decisions.

For example, if the firewall records outgoing packets on one connection requesting a certain kind of response, it will only allow incoming packets on that connection if they provide the requested type of response. Stateful firewalls can also protect ports* by keeping them all closed unless incoming packets request access to a specific port. This can mitigate an attack known as port scanning.


  • Next-generation firewall 

Next-generation firewall A next-generation firewall (NGFW) is a layer seven firewall that can inspect the application data and detect malicious packets. A regular firewall filters traffic based on it being HTTP or FTP traffic (using port numbers), but it cannot determine if there is malicious data inside the HTTP or FTP packet. An application-layer NGFW can inspect the application data in the packet and determine whether there is questionable content inside. NGFWs are firewalls with the capabilities of traditional firewalls but also employ a host of added features to address threats on other OSI model layers. Some NGFW-specific features include: 


  1. Deep packet inspection (DPI) – NGFWs perform much more in-depth inspection of packets than traditional firewalls. This deep inspection can examine packet payloads and which application the packet access. This allows the firewall to enforce more granular filtering rules. 
  2. Application awareness – Enabling this feature makes the firewall aware of which applications are running and which ports those applications use. This can protect against certain types of malware that aim to terminate a running process and then take over its port. 
  3. Identity awareness lets a firewall enforce rules based on identity, such as which computer is being used, which user is logged in, etc. 
  4. Sandboxing – Firewalls can isolate pieces of code associated with incoming packets and execute them in a “sandbox” environment to ensure they are not behaving maliciously. The results of this sandbox test can then be used as criteria when deciding whether or not to let the packets enter the network.


Web Application Firewalls (WAF)

While traditional firewalls help protect private networks from malicious web applications, WAFs help protect web applications from malicious users. A WAF helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It protects web applications from attacks like cross-site forgery, cross-site scripting (XSS), file inclusion, and SQL injection.


Intrusion Prevention System 

An intrusion prevention system (IPS) is a security device that monitors activity, logs any suspicious activity, and then takes corrective action. For example, if someone is doing a port scan on the network, the IPS would discover this suspicious activity, log the action, and then disconnect the system performing the port scan from the network.


Cisco Firewall


Matt Conran: The Visual Age
Latest posts by Matt Conran: The Visual Age (see all)
Tags: No tags

Comments are closed.