Primary areas of concern on this topic are the following:
A DMZ is an area where you place public servers for people you wouldn’t necessarily trust. They can then access everything within the DMZ but not you local network. But you on the other hand can access the DMZ from your network. You can create a DMZ with firewalls like this one.
A typical example for a server in a DMZ is a webserver.
This is the art of dividing a network into small subnetworks by using the subnet mask value. It gives you more networks, but fewer hosts on each.
The main reasons to use subnetting are:
If you use subnetting, the traffic is directed onto the subnets it has to go and reducing overall network traffic. Also it creates more broadcasts domains, which reduces the range of a single broadcast.
You wont need to be an expert at subnetting to pass the test, however you should know the basics. I recommend this tutorial to learn them.
It’s kinda similar to subnetting since it’s used to segmentate networks. But with virtualization instead of subnetting and hardware:
Remote access has grown since many want to work from home. Solutions like Ultra VNC or PC Anywhere offer the oportunity to take full control of a remote machine. As if you were sitting in front of it. Which creates a little issue… You’re leaving a door wide open that anyone may stumble upon.
It is highly recommended that you configure the services carefully and only launch it when needed.
NAT translates each private IP Address of your network as the same one to the public. An intruder will only know one IP and not be able to see behind the curtains of your network.
Imagine if you’re using the range 192.168.2.0 – 192.168.2.30 for the clients in your network. The outside world will only see the public IP of your whole network, no matter which client accesses a website for example.
If you were to open whatsmyip.org behind a NAT you wont see the address you get when you check with
ipconfig/ ifconfig on your local machine.
One of my readers (Jackie H) recommended an other tool for ip lookups.
Telephony is the name of telephone technology mixed with IT. Basically it’s VoIP.
As part of the network you should treat VoIP just like any other part and not think to go easy on it because it’s just phones. It can easily be sniffed by tools like Cain & Abel.
Best practices on securing IP telephony can be found here. But it’s basically involving this steps (quoted from the article):
NAC is basically a set of standards defined by the network. These standards are for clients attempting to access the network. They have to meet the required standards in otder to enter the network. Like beeing virus free for example.