Subnetting and CIDR 子網劃分和 CIDR
Earlier in this course, you learned about network segmentation, a security technique that divides networks into sections. A private network can be segmented to protect portions of the network from the internet, which is an unsecured global network.
在本課程的早期階段,你學習了網路分段,一種將網路劃分為多個部分的安全技術。私人網路可以被分段以保護網路的部分區域免受互聯網這個不安全的全球網路的影響。
For example, you learned about the uncontrolled zone, the controlled zone, the demilitarized zone, and the restricted zone. Feel free to review the video about security zones for a refresher on how network segmentation can be used to add a layer of security to your organization’s network operations. Creating security zones is one example of a networking strategy called subnetting.
例如,你學習了非控制區、控制區、非軍事區和限制區。可以隨時回顧有關安全區域的影片,以重新了解如何使用網路分段為組織的網路運營增加一層安全性。創建安全區域是稱為子網劃分的網路策略的一個例子。
Overview of subnetting 子網劃分概述
Subnetting is the subdivision of a network into logical groups called subnets. It works like a network inside a network. Subnetting divides up a network address range into smaller subnets within the network. These smaller subnets form based on the IP addresses and network mask of the devices on the network. Subnetting creates a network of devices to function as their own network. This makes the network more efficient and can also be used to create security zones. If devices on the same subnet communicate with each other, the switch changes the transmissions to stay on the same subnet, improving speed and efficiency of the communications.
子網劃分是將一個網路細分為稱為子網的邏輯群組。它的運作方式就像是在網路內部建立一個網路。子網劃分將一個網路位址範圍劃分為網路內的較小子網。這些較小的子網是根據網路上設備的 IP 位址和網路遮罩形成的。子網劃分創建了一個設備網路,使其能夠作為自己的網路運作。這使得網路更有效率,也可以用來創建安全區域。如果同一子網的設備彼此通信,交換機會將傳輸保持在同一子網上,從而提高通信的速度和效率。
Classless Inter-Domain Routing notation for subnetting
無類別域間路由表示法用於子網劃分
Classless Inter-Domain Routing (CIDR) is a method of assigning subnet masks to IP addresses to create a subnet. Classless addressing replaces classful addressing. Classful addressing was used in the 1980s as a system of grouping IP addresses into classes (Class A to Class E). Each class included a limited number of IP addresses, which were depleted as the number of devices connecting to the internet outgrew the classful range in the 1990s. Classless CIDR addressing expanded the number of available IPv4 addresses.
無類別域間路由(CIDR)是一種將子網掩碼分配給 IP 地址以創建子網的方法。無類別地址取代了有類別地址。有類別地址在 1980 年代被用作將 IP 地址分組為類別(從 A 類到 E 類)的系統。每個類別包含有限數量的 IP 地址,隨著 1990 年代連接到互聯網的設備數量超過有類別範圍,這些地址被耗盡。無類別 CIDR 地址擴展了可用的 IPv4 地址數量。
CIDR allows cybersecurity professionals to segment classful networks into smaller chunks. CIDR IP addresses are formatted like IPv4 addresses, but they include a slash (“/’”) followed by a number at the end of the address, This extra number is called the IP network prefix. For example, a regular IPv4 address uses the 198.51.100.0 format, whereas a CIDR IP address would include the IP network prefix at the end of the address, 198.51.100.0/24. This CIDR address encompasses all IP addresses between 198.51.100.0 and 198.51.100.255. The system of CIDR addressing reduces the number of entries in routing tables and provides more available IP addresses within networks. You can try converting CIDR to IPv4 addresses and vice versa through an online conversion tool, like IPAddressGuide, for practice and to better understand this concept.
CIDR 允許網路安全專業人員將類別式網路分割成更小的部分。CIDR IP 地址的格式類似於 IPv4 地址,但在地址末尾包含一個斜線(“/”)後接一個數字,這個額外的數字稱為 IP 網路前綴。例如,一個常規的 IPv4 地址使用 198.51.100.0 的格式,而 CIDR IP 地址會在地址末尾包含 IP 網路前綴,198.51.100.0/24。這個 CIDR 地址涵蓋了 198.51.100.0 到 198.51.100.255 之間的所有 IP 地址。CIDR 地址系統減少了路由表中的條目數量,並在網路中提供了更多可用的 IP 地址。你可以通過在線轉換工具,如 IPAddressGuide,嘗試將 CIDR 轉換為 IPv4 地址,反之亦然,以進行練習並更好地理解這個概念。
Note: You may learn more about CIDR during your career, but it won't be covered in any additional depth in this certificate program. For now, you only need a basic understanding of this concept.
注意:在您的職業生涯中,您可能會更深入地了解 CIDR,但在這個證書課程中不會進一步深入探討。目前,您只需要對這個概念有基本的了解即可。
Security benefits of subnetting
子網劃分的安全效益
Subnetting allows network professionals and analysts to create a network within their own network without requesting another network IP address from their internet service provider. This process uses network bandwidth more efficiently and improves network performance. Subnetting is one component of creating isolated subnetworks through physical isolation, routing configuration, and firewalls.
子網劃分允許網路專業人士和分析師在他們自己的網路內創建一個網路,而無需向他們的網路服務提供商申請另一個網路 IP 位址。這個過程能更有效地使用網路頻寬並改善網路效能。子網劃分是通過物理隔離、路由配置和防火牆創建隔離子網路的一個組成部分。
Key takeaways 關鍵要點
Subnetting is a common security strategy used by organizations. Subnetting allows organizations to create smaller networks within their private network. This improves the efficiency of the network and can be used to create security zones.
子網劃分是組織常用的一種安全策略。子網劃分允許組織在其私有網路內創建較小的網路。這提高了網路的效率,並可用於創建安全區域。