5: Network Segmentation and Wireless Tech
Network Segmentation
Definition: A strategy that divides a network into multiple segments or sub-networks, each being a network segment.
Benefits:
-
Performance Enhancement: Organize systems such that those that communicate frequently are in the same segment. This boosts network efficiency.
Placing regularly communicating systems in the same segment enhances performance.
-
Reduced Communication Issues: By controlling traffic flow, issues like network congestion and broadcast storms are contained within individual segments rather than spreading across the entire network.
-
Enhanced Security: By isolating specific traffic and restricting user access to only authorized segments, potential security threats can be minimized.
Segmentation restricts unauthorized access to sensitive sections of the network.
Intranet
A private network designed to host internal information services, similar to those on the public internet.
Some modern services, like SharePoint, blur the traditional definition of an intranet. While SharePoint can be accessed from the internet, its private, restricted sections for company use can be considered intranet features. North Korea is considered by some to be the largest Intranet because it's isolated from the global internet.
Extranet
A hybrid between an intranet and the public internet. It's a private network that also provides specific public access.
Common in businesses that need to share information with external stakeholders (e.g., suppliers, partners). An example might be a supplier portal where suppliers can log in to see orders, but it's still part of the company's private network.
Extranets balance between keeping internal data secure and sharing necessary info with external parties.
DMZ (Demilitarized Zone) / Perimeter Network
Definition: A network area (or subnetwork) that sits between an organization's internal network and an external network, typically the public internet. It's like a buffer zone – services that are accessible to the public (like web servers) are placed here.
The main idea is to add an additional layer of security. If a hacker compromises a server in the DMZ, they still don't have direct access to the internal network.
Placing public-facing services directly on the internal network without a DMZ can expose the entire network to threats.
Wireless Technologies
| Wireless Standard | Frequency | Maximum Data Rate | Description |
|---|---|---|---|
| IEEE 802.11 (original) | 2.4 GHz | 2 Mbps | Initial Wi-Fi standard from 1997 |
| IEEE 802.11a | 5 GHz | 54 Mbps | Early high-speed standard |
| IEEE 802.11b | 2.4 GHz | 11 Mbps | Popular early standard, superseded by 802.11g |
| IEEE 802.11g | 2.4 GHz | 54 Mbps | Backwards compatible with 802.11b |
| IEEE 802.11n | 2.4 GHz & 5 GHz | 200+ Mbps | MIMO tech for increased speeds |
| IEEE 802.11ac | 5 GHz | 1 Gbps | Widely adopted for high-speed networks |
| IEEE 802.11ax (Wi-Fi 6) | 2.4 GHz & 5 GHz | 10 Gbps | Next-generation Wi-Fi with improved efficiency |
SSID Broadcast
Definition: The SSID (Service Set Identifier) is the name of a wireless network.
-
Broadcast Mechanism: Wireless networks periodically announce their SSID using a beacon frame.
The beacon frame regularly advertises the network's SSID.
-
Automatic Detection: When the SSID is broadcast, any device with an "automatic detect" setting can discover and potentially connect to the network.
-
Hidden SSID: Concealing the SSID is a technique known as "security through obscurity." While it might deter casual users, the SSID can still be detected via client traffic by those who know how to look.
TKIP (Temporal Key Integrity Protocol)
Definition: TKIP was introduced as a safer alternative to WEP without necessitating hardware replacements.
-
Implementation: Incorporated into the 802.11 standard under the designation "WPA" (Wi-Fi Protected Access).
While TKIP/WPA was an improvement over WEP, it was later surpassed by more secure protocols.
CCMP (Counter Mode with Cipher Block Chaining Message Code Protocol)
Definition: Developed to succeed both WEP and TKIP/WPA, offering a more robust encryption method.
-
Technical Details: Utilizes the AES encryption algorithm with a 128-bit key.
-
WPA2: Introduced CCMP as its encryption scheme, based on AES. Marked a significant improvement over WEP and WPA.
WPA2 with CCMP/AES became the gold standard for Wi-Fi security.