Datasheet
Book IV
Chapter 1
Network Security
Terminology
465
Looking at Security Devices
✦ Disable ports: For security reasons, you need to disable any ports on
the switch that you are not using. This prevents someone from connecting
an unknown system to the network without your knowledge.
✦ VLANs: Virtual LANs allow you to create communication boundaries on
the switch. You can create multiple VLANs on the switch and then place
different ports into different VLANs. Systems that are connected to ports
in one VLAN cannot communicate with systems in another VLAN without
the use of a router.
You find out how to configure security features of Cisco switches in the next
chapter.
Virtual Private Networks
The final security technology I want to mention is what is known as a virtual
private network, or VPN. A VPN is responsible for creating an encrypted
tunnel across an unsecure network such as the Internet. Once the tunnel is
created between the client and the VPN server, any data that is sent through
the tunnel is encrypted.
Looking at Figure 1-6, you see that you are in a hotel room in Toronto and
want to access some files that are in your office in New York. Normally, you
would not try to access those files across the Internet because you would
not want the information sent or received in plain text for someone to
intercept.
Figure 1-6:
A VPN
creates an
encrypted
tunnel over
an unsecure
network so
that data
can be
sent and
received
securely.
LAN
New York
Internet
Your laptop in Toronto
(Hotel room)
Firewall
VPN
server
As a solution, you install VPN client software on your laptop, which connects
across the Internet to the VPN server in New York. After the VPN server
authenticates you with your username and password, you are granted
access to the network, and the encrypted tunnel is created. Now any data
sent between the VPN client and the VPN server is secure, as it is encrypted
in transit.
22_647486-bk04ch01.indd 46522_647486-bk04ch01.indd 465 10/15/10 11:27 PM10/15/10 11:27 PM