Network components, devices, and diagrams
網路元件、設備和圖示
In this reading, you will review network devices and connections and investigate a simple network diagram similar to those used every day by network security professionals.
在這篇閱讀中,您將回顧網路設備和連接,並研究一個簡單的網路圖,這類圖每天都被網路安全專業人士使用。
A foundational understanding of network architecture, sometimes referred to as network design, will help you as you learn about security vulnerabilities inherent in all networks and how malicious actors attempt to exploit them. Let’s get started!
對網路架構的基礎理解,有時也稱為網路設計,將幫助您了解所有網路中固有的安全漏洞以及惡意行為者如何試圖利用它們。讓我們開始吧!
Network devices 網路設備
Network devices maintain information and services for users of a network. These devices connect over wired and wireless connections. After establishing a connection to the network, the devices send data packets. The data packets provide information about the source and the destination of the data. This is how the information is sent and received via different devices on a network.
網路設備為網路使用者維護資訊和服務。這些設備透過有線和無線連接進行連接。建立與網路的連接後,設備會發送數據包。數據包提供有關數據來源和目的地的信息。這就是信息如何通過網路上的不同設備進行發送和接收的方式。
The network is the overall infrastructure that allows devices to communicate with each other. Network devices are specialized vehicles like routers and switches that manage what is being sent and received over the network. Additionally, devices like computers and phones connect to the network via network devices.
網路是允許設備彼此通信的整體基礎設施。網路設備是像路由器和交換機這樣的專用工具,負責管理網路上發送和接收的內容。此外,像電腦和手機這樣的設備透過網路設備連接到網路。
Note: In this diagram, a router connects to the internet through a modem, which is provided by your internet service provider (ISP). The firewall is a security device that monitors incoming and outgoing traffic on your network. The router then directs traffic to the devices on your home network, which can include computers, laptops, smartphones, tablets, printers, and other devices. You can imagine here that the server is a file server. All devices on this network can access the files in this server. This diagram also includes a switch which is an optional device that can be used to connect more devices to your network by providing additional ports and Ethernet connections. Additionally, there are 2 routers connected to the switch here for load balancing purposes which will improve the performance of the network.
注意:在此圖中,路由器通過調製解調器連接到互聯網,該調製解調器由您的網際網路服務提供商(ISP)提供。防火牆是一種安全設備,用於監控您網路上的進出流量。然後,路由器將流量引導到您家庭網路上的設備,這些設備可以包括電腦、筆記型電腦、智慧型手機、平板電腦、印表機和其他設備。您可以想像這裡的伺服器是一個檔案伺服器。此網路上的所有設備都可以訪問此伺服器中的檔案。此圖還包括一個交換器,這是一個可選設備,可以通過提供額外的端口和乙太網連接來連接更多設備到您的網路。此外,這裡有兩個路由器連接到交換器,用於負載平衡,這將提高網路的性能。
Devices and desktop computers
設備和桌上型電腦
Most internet users are familiar with everyday devices, such as personal computers, laptops, mobile phones, and tablets. Each device and desktop computer has a unique MAC address and IP address, which identify it on the network. They also have a network interface that sends and receives data packets. These devices can connect to the network via a hard wire or a wireless connection.
大多數網際網路使用者都熟悉日常設備,如個人電腦、筆記型電腦、手機和平板電腦。每個設備和桌上型電腦都有一個獨特的 MAC 地址和 IP 地址,用於在網路上識別它們。它們還有一個網路介面,用於發送和接收數據包。這些設備可以通過有線或無線連接到網路。
Firewalls 防火牆
A firewall is a network security device that monitors traffic to or from your network. It is like your first line of defense. Firewalls can also restrict specific incoming and outgoing network traffic. The organization configures the security rules of the firewall. Firewalls often reside between the secured and controlled internal network and the untrusted network resources outside the organization, such as the internet. Remember, though, firewalls are just one line of defense in the cybersecurity landscape.
防火牆是一種網路安全設備,用於監控進出您網路的流量。它就像是您的第一道防線。防火牆還可以限制特定的進出網路流量。組織會配置防火牆的安全規則。防火牆通常位於受保護和受控的內部網路與組織外部的不受信任的網路資源(如網際網路)之間。不過請記住,防火牆只是網路安全領域中的一道防線。
Servers 伺服器
Servers provide information and services for devices like computers, smart home devices, and smartphones on the network. The devices that connect to a server are called clients. The following graphic outlines this model, which is called the client-server model. In this model, clients send requests to the server for information and services. The server performs the requests for the clients. Common examples include DNS servers that perform domain name lookups for internet sites, file servers that store and retrieve files from a database, and corporate mail servers that organize mail for a company.
伺服器為網路上的電腦、智慧家庭設備和智慧手機等設備提供資訊和服務。連接到伺服器的設備稱為客戶端。下圖概述了這種模式,稱為客戶端-伺服器模式。在此模式中,客戶端向伺服器發送資訊和服務的請求,伺服器則為客戶端執行這些請求。常見的例子包括為網際網路網站執行域名查詢的 DNS 伺服器、從資料庫儲存和檢索檔案的檔案伺服器,以及為公司組織郵件的企業郵件伺服器。
Hubs and switches 集線器和交換器
Hubs and switches both direct traffic on a local network. A hub is a device that provides a common point of connection for all devices directly connected to it. Hubs additionally repeat all information out to all ports. From a security perspective, this makes hubs vulnerable to eavesdropping. For this reason, hubs are not used as often on modern networks; most organizations use switches instead. Hubs are more commonly used for a limited network setup like a home office.
集線器和交換機都負責在本地網路上引導流量。集線器是一種設備,為所有直接連接到它的設備提供一個共同的連接點。集線器還會將所有信息重複發送到所有端口。從安全的角度來看,這使得集線器容易受到竊聽的威脅。因此,集線器在現代網路中不常使用;大多數組織改用交換機。集線器更常用於有限的網路設置,如家庭辦公室。
Switches are the preferred choice for most networks. A switch forwards packets between devices directly connected to it. They analyze the destination address of each data packet and send it to the intended device. Switches maintain a MAC address table that matches MAC addresses of devices on the network to port numbers on the switch and forwards incoming data packets according to the destination MAC address. Switches are a part of the data link layer in the TCP/IP model. Overall, switches improve performance and security.
交換機是大多數網路的首選。交換機在直接連接到它的設備之間轉發數據包。它們分析每個數據包的目的地地址,並將其發送到預定的設備。交換機維護一個 MAC 地址表,將網路上設備的 MAC 地址與交換機上的端口號匹配,並根據目的地 MAC 地址轉發進入的數據包。交換機是 TCP/IP 模型中數據鏈路層的一部分。總體而言,交換機提高了性能和安全性。
Routers 路由器
Routers connect networks and direct traffic, based on the IP address of the destination network. Routers allow devices on different networks to communicate with each other. In the TCP/IP model, routers are a part of the network layer. The IP address of the destination network is contained in the IP header. The router reads the IP header information and forwards the packet to the next router on the path to the destination. This continues until the packet reaches the destination network. Routers can also include a firewall feature that allows or blocks incoming traffic based on information in the transmission. This stops malicious traffic from entering the private network and damaging the local area network.
路由器根據目標網路的 IP 地址連接網路並引導流量。路由器允許不同網路上的設備彼此通信。在 TCP/IP 模型中,路由器是網路層的一部分。目標網路的 IP 地址包含在 IP 標頭中。路由器讀取 IP 標頭信息,並將數據包轉發到通往目標的下一個路由器。這個過程會持續進行,直到數據包到達目標網路。路由器還可以包含防火牆功能,根據傳輸中的信息允許或阻止進入的流量。這可以防止惡意流量進入私人網路並損害區域網路。
Modems and wireless access points
調製解調器和無線接入點
Modems usually connect your home or office with an internet service provider (ISP). ISPs provide internet connectivity via telephone lines, coaxial cables, or fiber optic cables. Modems receive transmissions or digital signals from the internet and convert them into a digital format compatible with the physical connection provided by your ISP. Usually, modems connect to a router that takes the decoded transmissions and sends them on to the local network.
調製解調器通常將您的家庭或辦公室連接到網際網路服務提供商(ISP)。ISP 通過電話線、同軸電纜或光纖電纜提供網際網路連接。調製解調器接收來自網際網路的傳輸或數位信號,並將其轉換為與您的 ISP 提供的實體連接相容的數位格式。通常,調製解調器連接到路由器,路由器將解碼後的傳輸發送到本地網路。
Note: Enterprise networks used by large organizations to connect their users and devices often use other broadband technologies to handle high-volume traffic, instead of using a modem.
注意:大型組織用於連接其用戶和設備的企業網路通常使用其他寬頻技術來處理高流量,而不是使用調製解調器。
Wireless access point 無線接入點
A wireless access point sends and receives digital signals over radio waves creating a wireless network. Devices with wireless adapters connect to the access point using Wi-Fi. Wi-Fi refers to a set of standards that are used by network devices to communicate wirelessly. Wireless access points and the devices connected to them use Wi-Fi protocols to send data through radio waves where they are sent to routers and switches and directed along the path to their final destination.
無線接取點透過無線電波發送和接收數位信號,從而建立無線網路。具有無線網卡的設備使用 Wi-Fi 連接到接取點。Wi-Fi 指的是一組用於網路設備無線通信的標準。無線接取點和連接到它們的設備使用 Wi-Fi 協議通過無線電波傳送數據,然後數據被發送到路由器和交換機,並沿著路徑被引導到最終目的地。
Using network diagrams as a security analyst
作為安全分析師使用網路圖
Network diagrams allow network administrators and security personnel to imagine the architecture and design of their organization’s private network.
網路圖允許網路管理員和安全人員想像其組織的私人網路架構和設計。
Network diagrams are maps that show the devices on the network and how they connect. Network diagrams use small representative graphics to portray each network device and dotted lines to show how each device connects to the other. By studying network diagrams, security analysts develop and refine their strategies for securing network architectures.
網路圖是顯示網路設備及其連接方式的地圖。網路圖使用小型代表性圖形來描繪每個網路設備,並用虛線顯示每個設備之間的連接方式。通過研究網路圖,安全分析師可以開發和完善其保護網路架構的策略。
Key takeaways 關鍵要點
In the client-server model, the client requests information and services from the server, and the server performs the requests for the clients. Network devices include routers, workstations, servers, hubs, switches, and modems. Security analysts use network diagrams to visualize network architecture.
在客戶端-伺服器模型中,客戶端向伺服器請求資訊和服務,而伺服器為客戶端執行這些請求。網路設備包括路由器、工作站、伺服器、集線器、交換器和數據機。安全分析師使用網路圖來視覺化網路架構。