Understanding Local Area Networks and VPNs

Local Area Networks (LANs)

  • A Local Area Network (LAN) is defined as a group of devices connected together into a single broadcast domain.
      - Broadcast Domain Definition: A communication range where if a broadcast is sent from one device, all other devices within the same domain will receive the broadcast.

  • Example scenario: If a device on a red network sends a broadcast, devices on a blue network (connected via a separate switch) will not receive that broadcast due to separate broadcast domains.

Broadcast Domains

  • When broadcasting:
      - Devices connected to the same broadcast domain will see each other's broadcasts.
      - Devices on different broadcast domains will not see each other's broadcasts.

  • Security and organizational perspective:
      - Separating devices into different broadcast domains (e.g., red and blue networks) aids in management and security.

Switch Utilization and Efficiency

  • **Inefficient Usage of Switches: **
      - Despite having multiple devices, switch ports can remain underutilized.
      - Example: A switch with 24 ports may only have 2 devices connected, which is not space-efficient.

  • Potential Solution: Combining physical switches into a single physical switch, configured with Virtual Local Area Networks (VLANs).

Virtual Local Area Networks (VLANs)

  • VLAN Definition: A VLAN allows for the logical segmentation of different devices on the same physical switch into different broadcast domains.
      - This enables the grouping of interfaces based on VLAN configuration.

  • Benefits of VLANs:
      - They allow a single physical switch to support multiple logical networks, enhancing efficiency.
      - Example: A switch with three VLANs could support:
        - VLAN 1: Gate Room
        - VLAN 2: Dining Room
        - VLAN 3: Infirmary

  • Communication Restrictions:
      - Devices within one VLAN cannot communicate with devices in other VLANs unless routed.

Inter-VLAN Communication

  • For devices in different VLANs to communicate:
      - A router is needed to route information between VLANs.
      - Some modern switches may include integrated routing functionality.
      - Alternatively, an external router can facilitate inter-VLAN communication.

Virtual Private Networks (VPNs)

  • VPN Definition: A VPN enables secure communication between devices across a network by encrypting all transmitted data.
      - This prevents unauthorized individuals from understanding captured data in a packet capture program or similar tools.

  • VPN Concentrator:
      - A specialized device that encrypts and decrypts data in real time.
      - Typically integrated into firewalls or implemented as purpose-built appliances.

Client-to-Site VPN

  • Description: A client connects from a remote location to a central location, usually secured by a concentrator at the edge of a corporate network.

  • Security Measures:
      - All communications from the remote user to the concentrator are encrypted, ensuring data protection.
      - The concentrator decrypts incoming data and forwards it to resources on the corporate network.

  • Always-On Configuration:
      - Automatically establishes a connection to the concentrator upon logging in, ensuring consistent encryption without manual intervention.

Site-to-Site VPN

  • Purpose: Connects multiple physical sites securely over existing internet links.

  • Configuration:
      - Implemented between firewalls that connect to both the corporate network and remote sites.

  • Functionality:
      - Ensures that communications from remote sites to the corporate network are encrypted over the internet, protecting sensitive data.