Page 37 - ITGC_Audit Guides
P. 37
Routers and Switches
A router is a Layer 3 (Network Layer) device that transmits data among networks. The data is
sent in the form of packets (data packaged to be transferred within a network). Services such as
virtual LAN (vLAN), packet filtering firewalls, and other network services can be built into routers.
A switch is a Layer 2 (Data Link) network device that connects nodes within a network with
physical media such as copper wires. A switch receives, processes, and transmits data to specific
destination devices through frames, which are groups of data similar to packets used in
transmission control protocol/internet protocol (TCP/IP) at higher layers. Switches only send
messages to the intended nodes. Switch functionality can be included in routers, so the device
can be called a switch or router depending on what function is being discussed. Although
confusing to some, it is actually helpful because independent switches and routers can have
overlapping functions.
Layer 3 switches, or “multi-layer switches," create virtual circuits for transmitting data between
nodes. Using a Layer 3 switch reduces network latency because the packet flows through the
switch versus having the additional step of going through a router. IT will normally deploy a Layer
3 switch for the corporate internet or to establish a vLAN whereas they would use a router if they
need traffic to traverse the WAN. Layer 7 switches integrate routing and switching capabilities,
typically used for load balancing among a group of servers. These switches are also referred to
as content, web, or application switches.
Firewalls
A firewall is a network security system that monitors and controls incoming and outgoing traffic
based on predetermined security rules and configuration, and is designed to prevent
unauthorized access to and from a private network. Organizations should ensure that firewall
access is restricted, and rule sets and configuration of firewalls should be reviewed periodically.
Each rule set should have proper documentation for its purpose and identification of its
owner/requester.
There are many types of firewalls, each having a specific purpose, and organizations may have
several types based on their unique needs. Basic firewalls inspect header information from the
network layer (Layer 3) and the transport layer (Layer 4). They are sometimes called packet filters
as they remove data coming from forbidden IP addresses (network layer) or destined for
forbidden ports (transport layer). If the packet is not blocked, it passes to its destination within the
network protected by the firewall.
Stateful firewalls inspect packets and can block potentially malicious ones that are not part of an
established connection or fail to fit the rules for initiating a legitimate connection. Application layer
firewalls, or next generation (NG) firewalls, intercept packet traffic and decode data all the way up
the stack to the application layer (Layer 7).
Mobile firewalls provide secure communications when network access is initiated via a mobile
device. Web application firewalls (WAF) analyze traffic moving in and out of an application, and
can be placed between web servers and the internet to detect and protect web applications from
known web application attacks, as shown in Figure 14.
29 — theiia.org
