Introduction to

Technology
Fundamentals
Introduction to Secure
Network Architecture
 Objectives

1. Discuss secure network architecture

2. Draw a secure network diagram

*Please grab a pencil and a piece of paper. We are going

to draw a network diagram together in this course.
 Knowledge Check

In a network setup, what is the primary function of a gateway router?

A) Providing a connection between a local network and the internet.

B) Managing communication between devices within the same local network.

C) Securing data transmission between wireless devices.

D) Controlling access to specific websites and applications.

Network Architecture: Gateway
We have the internet and a gateway router, but we need IP
addresses for our router.

Which type of IP addresses are used within a local network to identify devices
and facilitate communication but are not accessible directly from the internet?

A) Public IP addresses

B) Dynamic IP addresses

C) Private IP addresses
Public Private
D) Static IP addresses
 Knowledge Check

Which type of IP addresses are used within a local network to identify devices and facilitate communication, but
are not accessible directly from the internet?

A) Public IP addresses

B) Dynamic IP addresses

C) Private IP addresses

D) Static IP addresses
 Network Architecture: Gateway
We have the internet and a gateway router, but we need IP
addresses for our router.

Which IP address range is not commonly used for private

networks?

A) 192.168.0.0 - 192.168.255.255

B) 172.16.0.0 - 172.31.255.255

21.0.1.39 C) 10.0.0.0 - 10.255.255.255

Public Private
D) 21.0.16.0 – 21.0.16.255
Let’s put some IP addresses into our diagram.

What are some public IP addresses we could use?

 Network Architecture: Gateway
Which IP address range is not commonly used for private networks?

A) 192.168.0.0 - 192.168.255.255

B) 172.16.0.0 - 172.31.255.255

C) 10.0.0.0 - 10.255.255.255

D) 169.16.0.0 – 169.16.255.255

21.0.1.39 172.16.10.1
Public Private

What are some private IP addresses we could use?

Network Architecture: Firewall
Based on our IP address, what IP address
can we give to the firewall without requiring
additional protocols or changes for a direct
connection?

21.0.1.39 172.16.10.1
Public Private

A firewall will detect Malware and prevent malware form entering the network.
172.16.10.2
True

False
 Knowledge Check

Which network security technology is designed to detect and respond (either through alert or active measures) to
suspicious or malicious activities on a network in real-time?

A) Firewall

B) VPN

C) IDS/IPS

D) DNS
Network Architecture: IDS/IPS
Our Firewall is going to use an internal
IDS/IPS as part of its hardware.

Does it require an IP address?

21.0.1.39 172.16.10.1 Yes

Public Private

No Because the IPS is physically part of the

172.16.10.2
firewall, it does not require its own IP
address.
Network Architecture: Switch
We need another IP address, thoughts?

What is the primary purpose of a network switch in a

21.0.1.39 172.16.10.1 local area network (LAN) setup?
Public Private

A) Providing wireless connectivity to devices.

172.16.10.2 172.16.10.3
B) Transferring data between different LANs.

C) Connecting LANs to the internet.

D) Managing and forwarding data between devices

within the same LAN.
Network Architecture: Load Balancer
A networking device or software application that distributes incoming network traffic across multiple servers,
ensuring that every server becomes manageable with a manageable amount of demand. The primary purpose of a load
balancer is to optimize resource utilization, enhance the performance of applications, and ensure high availability by
preventing any single server from becoming a bottleneck.

Traffic Distribution: Load balancers evenly distribute incoming traffic among servers. This prevents any one server
from becoming overloaded while others remain underutilized.

Session Persistence: Some load balancers support session persistence, ensuring that requests from a particular client
are consistently directed to the same server. This is important for maintaining user sessions.

SSL Termination: Load balancers can handle the encryption and decryption of SSL/TLS connections, offloading this
resource-intensive task from backend servers.
Network Architecture: Load Balancer
What is the primary purpose of a load balancer in a
network architecture?
21.0.1.39 172.16.10.1
Public Private
A)Ensure data encryption for secure communication.

B)Providing wireless connectivity to devices.

172.16.10.2 172.16.10.3
C)Distributing incoming network traffic across
multiple servers.

172.16.10.4 D)Managing network firewalls and access controls.

 Network Architecture: Servers
Web Server: Web servers host websites and web applications, responding to client requests (typically web browsers)
by delivering web pages, images, videos, and other content.

File Server: File servers store and manage files and data that users can access and share within a network. They
provide centralized file storage and access control.

Database Server: Database servers manage databases, allowing users and applications to store, retrieve, update, and
manipulate structured data efficiently.

Application Server: Application servers host and execute applications, providing services like authentication,
business logic processing, and data manipulation for client applications.

Mail Server: Mail servers handle email communication, routing and storing emails, managing user mailboxes, and
enabling email retrieval and delivery.

Proxy Server: Proxy servers act as intermediaries between clients and the internet, forwarding requests and
responses. They can enhance security, performance, and content filtering.
 Network Architecture: Servers
DNS Server: DNS (Domain Name System) servers translate human-readable domain names into IP addresses, enabling
users to access websites using easy-to-remember names.

Print Server: Print servers manage printing tasks, allowing multiple users to send print jobs to shared printers over a
network.

FTP Server: FTP (File Transfer Protocol) servers enable users to upload and download files to and from a remote server,
often used for file sharing or website content management.

Game Server: Game servers host multiplayer online games, providing a platform for players to connect, interact, and
play together.

Streaming Server: Streaming servers deliver real-time multimedia content, such as audio and video, to clients.

Virtualization Server: Virtualization servers run virtual machines (VMs), allowing multiple operating systems to
coexist on a single physical server.
Network Architecture: Servers
Our company is a web service provider with streaming
services. We are going to add several servers to our
design.
21.0.1.39 172.16.10.1
Public Private
Why do my file and Web servers have a different network
than my load balancer? What technology is the load
172.16.10.2 172.16.10.3 balancer using to accomplish this?

A) IPSec

172.16.10.4 B) TCP

C) NAT
File Servers
172.16.100.0/24
Web Servers D) FTP
172.16.100.0/24
 Knowledge Check

What is the key distinction between a Layer 2 switch and a Layer 3 switch?

A) A Layer 2 switch operate at higher speeds.

B) Layer 3 switches can segment a network into multiple virtual LANs.

C) Layer 2 switches can route traffic between different subnets.

D) Layer 3 switches operate primarily at the Network Layer of the OSI model.
 Network Architecture: DMZ
A demilitarized zone (DMZ), is a network segment that is isolated from both an organization’s internal network and the
public internet. It acts as a buffer zone between the internal network containing sensitive and critical assets and the
external network (internet), where potential threats and attacks can originate. The DMZ is designed to enhance security
by providing controlled access to certain services and resources from the internet while minimizing the exposure of the
internal network.

Security Measures: The DMZ is configured with enhanced security measures, such as firewalls, intrusion
detection/prevention systems, and security policies, to protect both the DMZ and the internal network.

Isolation: The DMZ separates the internal network, where sensitive data and critical systems reside, and the external
network, where untrusted traffic originates.

Public-Facing Services: Services like web servers, email servers, and public application servers that need to be accessed
by external users are typically placed in the DMZ.
Network Architecture: Servers
We need to ramp up our access controls to
separate the intranet from our customer-
21.0.1.39 172.16.10.1 facing devices. To do this we are going to add
Public Private DMZ a second firewall separating our DMZ from our
Intranet.

172.16.10.2 172.16.10.3 172.16.10.5

You will notice that instead of using static IPs
within our servers we chose to utilize dynamic.

172.16.10.4

File Servers
172.16.100.0/24
Web Servers
172.16.100.0/24
 Knowledge Check

What is the main difference between a dynamic IP address and a static IP address?

A) A dynamic IP address can be assigned manually, while a static IP address is automatically assigned by a DHCP
server.

B) A dynamic IP address changes periodically, while a static IP address remains constant.

C) A dynamic IP address is used for internal communication within a network, while a static IP address is used for
external communication.

D) A dynamic IP address is more secure than a static IP address due to its frequent changes.
 Network Architecture: Intranet
An intranet is a private network within an organization that uses internet technologies, such as web browsers and TCP/IP
protocols, to securely share information, resources, and applications among its members. Unlike the public internet,
accessible to anyone, an intranet is limited to authorized users within the organization and facilitates internal
communication, collaboration, and data sharing.

Restricted Access: Only authorized employees, members, or organization partners can access the intranet. Access is
typically controlled through user authentication and security measures.

Secure Communication: Intranets often use encryption and security protocols to ensure that the data transmitted within
the network remains confidential and protected.

Shared Resources: An intranet provides a platform for sharing documents, files, databases, and other resources among
employees. It can serve as a centralized repository of information.
Network Architecture: Intranet
Why does our second switch have 2 IP
addresses?
21.0.1.39 172.16.10.1
172.16.10.6 172.16.13.1
A) It is a router
Public Private DMZ
B) It is performing NAT
172.16.10.2 172.16.10.3 172.16.10.5
C) It is a layer 3 switch

D) It belongs to 2 separate networks

172.16.10.4

Choose the best answer… Security+

File Servers can have multiple right answers but
172.16.100.0/24 the best answer is because it’s a layer
Web Servers
172.16.100.0/24
3 switch.
 Knowledge Check

What is the primary difference between an intranet and the internet?

intranet is accessible to anyone, while the internet is limited to authorized users within an organization.

A) An intranet uses internet technologies, but it is limited to authorized users within an organization, whereas the
internet is a global network accessible to the public.

B) intranet is accessible to anyone, while the internet is limited to authorized users within an organization.

C) An intranet is a public network used for communication between different organizations, while the internet is a
private network for internal communication within a single organization.

D) An intranet and the internet refer to the same concept of a global network of interconnected devices.
Network Architecture
Basic small business network map.
Operations Sales IT
VLAN 100 VLAN 300 VLAN 500
192.168.10.1/24 192.168.30.1/24 192.168.50.1/24
21.0.1.39 172.16.10.1
172.16.10.6 172.16.13.1
Public Private DMZ

172.16.10.2 172.16.10.3 172.16.10.5

Accounting HR Marketing
172.16.10.4 VLAN 200 VLAN 400 VLAN 600
192.168.20.1/24 192.168.40.1/24 192.168.60.1/24

File Servers
172.16.100.0/24
Web Servers
172.16.100.0/24
 Knowledge Check

Which network architecture provides a buffer zone between an organization's internal and external networks (internet),
enhancing security by controlling access to specific services from external sources?
A) VLAN (Virtual Local Area Network)

B) DMZ (Demilitarized Zone)

C) VPN (Virtual Private Network)

D) PAN (Personal Area Network)

 Knowledge Check

Which network architecture allows remote users to securely connect to an organization's internal network over the
internet, often used for remote work or accessing resources from off-site locations?
A) VLAN (Virtual Local Area Network)

B) DMZ (Demilitarized Zone)

C) VPN (Virtual Private Network)

D) PAN (Personal Area Network)

 Protocol of the Day:
Lightweight Directory Access Protocol
Summary:
A protocol used to manage and access directory information
services. It provides a standardized method for clients to
interact with directory servers, which store and organize
information about users, devices, applications, and other
resources within a network.

LDAP Port: 389 insecure

636 Secure

Secure: Sometimes
LDAP supports encryption and secure communication, such as using
LDAP over SSL/TLS (LDAPS), to protect sensitive data during
transmission.
Questions?