- IT Organizational Structure
- Evaluating Hardware Acquisition, Installation, and Maintenance
- Evaluating Systems Software Development, Acquisition, Implementation, and Maintenance
- Evaluating Network Infrastructure Acquisition, Installation, and Maintenance
- The TCP/IP Protocol Suite
- Internet, Intranet, and Extranet
- Evaluating IS Operational Practices
- Evaluating the Use of System Performance and Monitoring Processes, Tools, and Techniques
- Exam Prep Questions
Routers are used to direct or route traffic on the network and work at the network layer (Layer 3) of the OSI model. Routers link two or more physically separate network segments. Although they are linked via router, they can function as independent networks. As in the discussion on firewalls, routers look at the headers in networking packets to determine source addresses (logical addresses). Routers can be used as packet-filtering firewalls by comparing header information in packets only against their rules. As stated earlier, the creation of rules in packet filtering involves both permit (or allow) and deny (or block) statements.
In determining the network design, the IT organization must consider where to place routers and leverage the speed and efficiencies of switches (discussed later in this chapter), where possible. When working at the different layers of the OSI model, the higher up you go, the more intelligent decision making is being accomplished. Routers can be standalone devices or software running within or on top of an operating system. They use routing protocols to communicate the available routes on the network. The routing protocols (RIP, BGP, and OSPF) relay information on routers that have gone down on the network, congested routes, or routes that are more economical than others. The information that is passed between routers via the routing protocols are route updates and are stored in a routing table. As packets enter the router, their destination addresses are compared to the routing table, and the packet is forwarded on the most economical route available at the time. As stated earlier in the discussion on firewalls, the fact that routers can look at header information in the packet enables the router to perform filtering capabilities via access lists, which can restrict traffic between networks. The criteria within access control lists can be IP addresses (source and destination), specific ports (such as TCP port 80 for HTTP), or protocols (UDP, TCP, and IP).
Routers are not as fast as hubs or switches for simply forwarding frames, since they need to look at the OSI layer 3 header information in all packets to determine the correct route to the destination address. This creates the possibility for bottlenecks on the network.
Modem is short for modulator-demodulator. A modem is a device that converts data from digital format to analog format for transmission. Computer information is stored digitally and, when transmitted via the phone line, needs to be converted to analog waves to enable communication. Generally, modems are used for remote access to networks and devices. As a part of the IT infrastructure, modems can be used to access servers or routers to enable routine maintenance or troubleshooting. Users of the organization also can use modems for remote access to data and applications through dial-in virtual private networks (VPN) or to provide terminal services (access to console functions).
In reviewing the IT infrastructure, the IS auditor might find that modems fall outside the security procedures and, in fact, might bypass existing security controls. Modems are susceptible to "war dialing," in which malicious hackers set software to dial a series of telephone numbers, looking for the carrier tone provided by a modem on connection. This technique might allow hackers to enter the network by bypassing existing security controls.
A bridge works at the data link layer (Layer 2) of the OSI model and connects two separate networks to form a logical network (for example, joining an Ethernet and token network). They can store and forward frames. Bridges examine the media access control (MAC) header of a data packet to determine where to forward the packet; they are transparent to end users. A MAC address is the physical address of the device on the network (it resides on the network card [NIC] on the device). As packets pass through it, the bridge determines whether the MAC address resides on its local network; if not, the bridge forwards the packet to the appropriate network segment. Bridges can reduce collisions that result from segment congestion, but they do forward broadcast frames. Bridges are good network devices if used for the right purpose.
Hubs and Switches
A hub operates at the physical layer (Layer 1) of the OSI model and can serve as the center of a star topology. Hubs can be considered concentrators because they concentrate all network communications for the devices attached to them. A hub contains several ports to which clients are directly connected. The hub connects to the network backbone and can be active (repeats signals that are sent through them) or passive (splits signals but does not repeat them).
A switch combines the functionality of a multi-port bridge and the signal amplification of a repeater.