Local Area Networks: What You Never Knew (+Examples)

Key Facts About Local Area Networks

A Local Area Network is a network infrastructure that spans a small geographical area. LANs have specific characteristics:

  • LANs interconnect end devices in a limited area such as a home, school, office building, or campus.
  • A LAN is usually administered by a single organization or individual. Administrative control is enforced at the network level and governs the security and access control policies.
  • LANs provide high-speed bandwidth to internal end devices and intermediary devices, as shown in the figure.
The diagram is an illustration of a LAN. At the centre of the diagram is a switch. There are four Ethernet connections on the switch. At the top left is a connection to a PC. Below that is a connection to the computer at the desk of a worker.
Below that is another connection to the computer at the desk of a worker. At the bottom left is a connection to an IP phone. To the right of the switch is a connection to a server. The text under the figure reads: a network serving a home, small building, or a small campus is considered a LAN.
WANs
The figure shows a WAN which interconnects two LANs. A WAN is a network infrastructure that spans a wide geographical area. WANs are typically managed by service providers (SPs) or Internet Service Providers (ISPs).
WANs have specific characteristics:
  • WANs interconnect LANs over wide geographical areas such as between cities, states, provinces, countries, or continents.
  • WANs are usually administered by multiple service providers.
  • WANs typically provide slower speed links between LANs.
The figure shows two branch LANs connected via a WAN link. Both LANs are highlighted in a light yellow box and consist of a central switch connected to three PCs, an IP phone, a server, and a router. The two routers are connected via a red WAN link. On the left is the branch 1 LAN and on the right is branch 2 LAN.

Zone-Based Policy Firewall

Zone-based policy firewalls (ZPFs) use the concept of zones to provide additional flexibility. A zone is a group of one or more interfaces that have similar functions or features. Zones help you specify where a Cisco IOS firewall rule or policy should be applied.
In the figure, security policies for LAN 1 and LAN 2 are similar and can be grouped into a zone for firewall configurations. By default, the traffic between interfaces in the same zone is not subject to any policy and passes freely. However, all zone-to-zone traffic is blocked. In order to permit traffic between zones, a policy allowing or inspecting traffic must be configured.
The only exception to this default deny any policy is the router self zone. The self zone is the router itself and includes all the router interface IP addresses. Policy configurations that include the self zone would apply to traffic destined to and sourced from the router. By default, there is no policy for this type of traffic. Traffic that should be considered when designing a policy for the self zone includes management plane and control plane traffic, such as SSH, SNMP, and routing protocols.

Common Security Architectures

Firewall design is primarily about device interfaces permitting or denying traffic based on the source, the destination, and the type of traffic. Some designs are as simple as designating an outside network and inside network, which are determined by two interfaces on a firewall.
Here are three common firewall designs.
Private and Public
Demilitarized Zone
Zone-Based Policy Firewalls
As shown in the figure, the public network (or outside network) is untrusted, and the private network (or inside network) is trusted.
Typically, a firewall with two interfaces is configured as follows:

  • Traffic originating from the private network is permitted and inspected as it travels toward the public network. Inspected traffic returning from the public network and associated with traffic that originated from the private network is permitted.
  • Traffic originating from the public network and travelling to the private network is generally blocked.
The private and public figure shows a cloud within a circle labelled public (untrusted). The cloud connects to a firewall via s 0 / 0 / 0. The g 0 / 0 firewall port connects to a circled labelled VLAN 1 private (trusted) that has a server and two pc’s on it. There is an arrow going from the private circle to the public circle with h t t p, SMTP, and d n s on it. There is another arrow going from the public circle to the private circle with the words no access.

To Get Email Updates when we post new contents, Click Here.

Loading

Related Posts

ITIL 4ITIL 4
Good Service Management Data: Highlighting The Qualities
Good Service Management Data: Highlighting The Qualities     In my previous...
Read more
Instructions For Christian Disciples. AG Sunday School TeachersInstructions For Christian Disciples. AG Sunday School Teachers
Instructions For Christian Disciples. AG Sunday School...
    Memory Verse: Matthew 10:7-8 As ye go, preach, saying, The kingdom...
Read more
purgatorypurgatory
There Is No Purgatory. RCCG Sunday School....
Memory Verse: “And as it is appointed unto men once...
Read more
Linkedin: The Ultimate Guide to LinkedIn Marketing StrategiesLinkedin: The Ultimate Guide to LinkedIn Marketing Strategies
Ultimate Guide to LinkedIn Marketing Strategies (+Examples)
  LinkedIn is a social media platform for professionals that allows...
Read more
Sexual Intimacy In Marriage (2). RCCG Sunday School TeachersSexual Intimacy In Marriage (2). RCCG Sunday School Teachers
Divorce And Remarriage. RCCG Teachers Manual 2/05/2021
  OPENING PRAYER: Father, help all your children who are married to keep...
Read more
4 Major Importance Of Web Content To Websites4 Major Importance Of Web Content To Websites
4 Major Importance Of Web Content To...
  When I first started out as a Blogger, one of...
Read more
Basic Concept Of EntrepreneurshipBasic Concept Of Entrepreneurship
Understanding The Basic Concept Of Entrepreneurship
The word "entrepreneurship" is used to describe the creative, innovative,...
Read more
Link Building CampaignLink Building Campaign
Starting A Link Building Campaign: A Practical...
Like any other campaign, it all starts with determining the...
Read more
CRMNuggets Whatsapp Channel
truehost
About Adeniyi Salau 1659 Articles
Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Be the first to comment

Leave a Reply

Your email address will not be published.


*