This topic will introduce how to use network hardware tools and equipment following Work Health and Safety (WHS) requirements and organisational policies and procedures. We will also discuss and practice using a variety of hardware tools to test network security in a simulated network environment.
In this topic, you will learn about:
- types of hardware tools
- following WHS standards
- testing network security
- documenting test results.
Let us begin.
Hardware tools for testing network security encompass various devices designed to assess and fortify network defences. Examples include, but are not limited to the following:
- Firewalls: Hardware firewalls, such as those from Cisco or Palo Alto Networks, enforce network security policies by filtering incoming and outgoing traffic, blocking unauthorised access and potential threats.
- Intrusion Detection Systems (IDS): Hardware IDS appliances like Snort or Suricata monitor network traffic in real-time, detecting and alerting to suspicious activity or potential security breaches.
- Intrusion Prevention System (IPS): An IPS (can be hardware-based or software-based) is a security solution designed to actively prevent malicious activities and attacks on a network or system. Unlike an IDS, an IPS takes immediate action to block or mitigate identified threats in real-time. It works by analysing network traffic and applying predefined security policies to actively block malicious packets or connections.
- Network Test Access Points (TAPs): These devices passively capture and monitor network traffic for analysis without disrupting network operations, providing a comprehensive view of network activity. For more information on these devices refer to the article What is a Network TAP? | APCON
By employing these hardware tools, organisations can comprehensively assess, strengthen, and protect their network security posture against a wide range of threats and vulnerabilities.
Let us explore some of these hardware tools in more detail.
Firewalls
Firewalls serve as crucial gatekeepers in network security, generating valuable threat data to enhance cyber defence. Leveraging these diverse threat data from firewalls is integral to constructing a comprehensive cybersecurity strategy, enabling organisations to detect, analyse, and respond to potential threats effectively. Continuous monitoring and analysis of firewall-generated data enhance overall network security and resilience.
The following video discusses how firewalls work and the type of data they filter.
IDS and IPS
Intrusion detection systems (IDS) and Intrusion Prevention Systems (IPS) generate alerts and logs that can help in identifying and responding to security threats.
Upon coming across something suspicious, an IDS will only log the suspicious events. However, an IPS can log, alert and take action if it finds a suspicious event.
The following video explains how IDS and IPS work and what threat data they can collect.
Understanding the basic hardware setup
Understanding basic network hardware and peripheral setup in an equipment room is crucial for adhering to Workplace Health and Safety (WHS) standards. Proper setup ensures safe installation, reduces the risk of accidents, and prevents potential hazards such as tripping over cables or overheating equipment. Additionally, familiarity with hardware enables effective troubleshooting, minimising downtime and potential risks to personnel.
Let us now explore the setup of a basic equipment room to understand what devices, equipment and peripherals are typically installed and how they are set up and arranged.
Demo of a basic equipment room and device setup
The following video demonstrates the hardware devices, equipment and peripherals in detail and how it is all set up in an equipment room. Familiarise yourself with the basic components, devices, cabling and equipment within the equipment room (also known as, server room or comms room).
Practice
Complete the following practice tasks using the Cisco Packet Tracer software.
- Open a new Cisco Packet Tracer activity window
- Go to ‘File’ > ‘Open Samples…’ > and select ‘Networking’ > ‘DNS’ > and open the template for ‘Muti-level DNS’.
- Select the ‘Physical’ view tab
- In the physical view, navigate to ‘Home City’ > ‘Corporate Office’ > ‘Main Wiring Closet’
- Examine the equipment setup of in the ‘Main Wiring Closet’ to:
- identify and list the types of devices and their names
- identify peripherals and equipment used to connect and house the devices.
- Install/rack-mount several more devices such as a ‘Switch’ and a ‘Server’.
- Connect the new devices using the appropriate cables.
- ‘Right click’ on each cable, and select the option ‘Manage Cable’. Note the change in cable layout when this option is selected. This change can be undone by selecting the ‘Unmanage Cable’ option.
Following safety procedures
By following WHS standards in network setup, organisations prioritise the safety of employees, mitigate workplace accidents, and maintain a secure and efficient working environment.
Demo of a Network Operations Center device setup
The following video will provide an overview of the tasks performed in a typical network operations centre during an initial setup of network equipment. When watching the video pay close attention to the various Work Health and Safety procedures followed and Personal Protective Equipment (PPE) and other support equipment and tools used by the technicians.
Reflection
What WHS procedures, PPE, equipment and tools were demonstrated in the video?
The video demonstrates:
- the use of personal protective equipment (PPE) such as gloves, boots, ear protection
- safety procedures such as:
- the use of trolley to carry heave objects (e.g. servers, rack rails)
- careful handing of heavy equipment/devices when loading to the trolley
- careful handling of heavy equipment/devices when mounting onto the racks
- use of equipment and tools such as:
- trolley
- screw drivers
- crimp tools
- cable plugs.
Prepare for security tests
The following video discuses the importance of approaching network security tests by identifying and preparing the proper tools for the job.
Hardware device logging
Hardware device logging involves capturing and recording events, errors, and activities generated by hardware components such as routers, switches, and servers. These logs provide valuable insights into device performance, usage patterns, and potential issues, aiding in troubleshooting, maintenance, and security analysis of the network infrastructure.
Router logs
Logging from routers involves recording events and activities occurring on the network, such as connection attempts, routing changes, or security incidents. These logs are crucial for monitoring network health, troubleshooting issues, and identifying potential security threats. Analysing router logs enhances overall network management and security.
Firewall logs
Firewall logging captures and records network traffic data passing through a firewall. These logs include information about allowed or denied connections, source and destination IP addresses, and port numbers. Analysing firewall logs helps detect and respond to unauthorised access, potential threats, and security incidents, contributing to robust network security.
Explore
Refer to information from the device manufacturers (e.g. Cisco) on how to interpret log messages from devices such as routers and firewalls:
Using log servers for collecting data
Log servers centralise and store logs from various network devices, applications, and security tools. They facilitate efficient analysis, correlation, and storage of threat data, aiding in detecting patterns and anomalies. Log servers play a vital role in incident response, compliance, and overall cybersecurity by providing a consolidated view of diverse log sources.
User access logs
The following video outlines how authentication, authorisation and accounting systems work and what information will be captured in logs collected from these systems.
Logging network flows
Logging network flows involves recording data about communication sessions between devices, including source and destination IP addresses, ports, and duration. Analysing flow logs aids in detecting abnormal patterns, identifying potential threats, and enhancing network security. This data is valuable for incident response, forensic analysis, and proactive threat mitigation.
The following video explains how network packet data can be captured and analysed to identify network protocol header information.
Demo of NetFlow Collector and Analyser
NetFlow is a network protocol developed by Cisco Systems for collecting, monitoring, and analyzing network traffic data. It provides valuable insights into network activity by capturing and recording information about IP traffic flows passing through a network device, such as a router, switch, or firewall.
The following video introduces how the NetFlow Analyser and Collector and demonstrates how it can be used in Cisco Packet Tracer to collect and aggregate data from network devices such as routers
Documentation requirements
Documenting test results is essential for maintaining a record of network performance, troubleshooting issues, and ensuring compliance with industry standards. The documentation typically includes details such as:
- the date and time of the test
- the specific tool used
- the parameters measured (e.g., latency, bandwidth)
- the observed results.
Clear and comprehensive documentation facilitates analysis, trend identification, and informed decision-making for network optimisation and maintenance. It also serves as valuable documentation for audits and compliance purposes.
Required formats
Required formats may vary but often include:
- standardised templates
- digital formats such as screenshots of results, spreadsheets, log files
- network monitoring software reports.
How did you go?
Congratulations on completing the topic Test security with hardware tools .
In this topic, you learnt about:
- types of hardware tools
- following WHS standards
- testing network security
- documenting test results.
Challenge activity
In Cisco Packet Tracer, NetFlow is a network monitoring feature that enables the collection and analysis of IP traffic data. It provides insights into network traffic patterns, helping troubleshoot issues, optimise performance, and enhance security by identifying and mitigating anomalies in the flow of data within the simulated network environment.
Task 1: The following video outlines a challenge activity. Complete the activity using the Cisco packet tracer file provided by the video resources.
Task 2: Take screenshots of the NetFlow test results obtained and save them in a folder on your computer. Use these screenshots to prepare a Word document with details of the test performed along with the screenshots taken.
Download the exercise files by accessing this video Challenge: Using NetFlow in Packet Tracer in LinkedIn Learning
Assessments
Now that you have learnt the basic knowledge and skills for this module, you are ready to complete the following assessment event.
Assessment 4 (Portfolio)
