The way networks are created, maintained and secured is constantly evolving. To manage a network responsibly and effectively, security professionals and web engineers must stay abreast of what different types of devices exist, what their functionality is and how they interact.
Below, we’ll dive into the various network devices, loosely grouped by the ISO layer at which they function and when they were first introduced. Reviewing these network device examples can help you understand what’s available so you can fashion the most modern, protected and reliable network.
Network devices: Definition and significance in networking
A network device is a piece of hardware or software integral to communication between a computer and an internet network. Network devices play two roles. The first is establishing a network connection, as a router or a modem does. The second one is maintaining, protecting and enhancing that connection, as with a hub, repeater, switch or gateway.
Functions of network devices
Networking devices serve the following general purposes:
- Facilitate data transmission and communication between devices
- Enable efficient and secure network connectivity
- Enhance network performance and optimize traffic flow
- Provide network security by enforcing access control and threat prevention
- Simplify network management and configuration
- Extend network coverage and overcome signal limitations
Types of network devices
Many types of network devices go into creating a network. Some are necessary for connections, while others are enhancers. Below is a list of network devices that can play a role in enabling your organization to transfer information as securely as possible:
Bridges, hubs, NICs, modems (used for analog phone lines) and repeaters are the earliest types of network devices; they were ubiquitous in the 1990s. DSL modems, leased line routers, WAPs and firewalls became common in the early years of the third millennium, with IDS and IPS as standalone functionality and VPN appliances becoming a standard around 2010.
Switches
A switch is a multiport device that improves network efficiency. Switches maintain limited routing information about nodes in the internal network, allowing connections to systems like hubs or routers. Strands of LANs are usually connected using switches. Generally, switches read the hardware addresses of incoming packets to transmit them to the appropriate destination.
There are two major types of switches:
- Modular switches allow systems to expand as needed or if network requirements change.
- Fixed configuration switches have a set number of ports and cannot be expanded. They are cheaper but less flexible.
Switches can be managed or unmanaged. Managed switches let users tweak settings like LAN traffic and channel prioritization. Unmanaged switches are for basic connection and do not allow users to control settings.
Switches improve network efficiency better than hubs or routers due to their virtual circuit capability. Because virtual circuits are challenging to examine with network monitors, switches also boost network security. Think of a switch as a device combining the best capabilities of routers and hubs. A switch can work at the data link or the OSI model’s network layer. A multilayer switch operates at both layers, meaning it can operate as a switch and a router. A multilayer switch is a high-performance device that supports the same routing protocols as routers.
Switches can be subject to distributed denial of service (DDoS) attacks; flood guards prevent malicious traffic from halting the switch. Because of this, switch port security is critical, meaning you must secure all switches. To do this, disable all unused ports and use dynamic host configuration protocol (DHCP) snooping, address resolution protocol (ARP), and Media Access Control (MAC) address filtering. These methods prevent unauthorized servers and IP addresses from entering networks and help guarantee that only trusted ports send and receive information.
Bridges
Bridges connect two or more hosts or network segments by storing or hosting frames between them. Bridges use hardware MAC addresses for transferring frames. They can forward or block data with the MAC address of the devices connected to each segment. They can also connect two physical LANs into a larger logical LAN.
Bridges can be set up using two models:
- Local bridging establishes LAN connections with local cables.
- Remote bridging brings two connections together via a wide area network (WAN).
Bridges are like hubs in many respects, including connecting LAN components with identical protocols. However, bridges filter incoming data packets, known as frames, for addresses before being forwarded. As it filters frames, the bridge makes no modifications to the formatting or content of the incoming data. Instead, the bridge filters and forwards frames on the network with the help of a dynamic bridge table. The bridge table, which is initially empty, maintains the LAN addresses for each computer in the LAN and the addresses of each bridge interface that connects the LAN to other LANs. Bridges, like hubs, are either simple or multiple-port.
Bridges have mostly fallen out of favor in recent years, replaced by more functional switches. In fact, switches are sometimes referred to as “multiport bridges” because of how they operate.
Routers
The main job of a router is to direct traffic. Routers transfer packets to their destinations by charting a path through interconnected networking devices using different network topologies. Routers are intelligent devices that store information about their connected networks. Most routers also operate as packet-filtering firewalls and use access control lists (ACLs).
In conjunction with a channel service unit/data service unit (CSU/DSU), routers also translate from LAN framing to WAN framing. This is needed because LANs and WANs use different network protocols. Such routers are known as border routers; they serve as the outside connection of a LAN to a WAN and operate at the border of your network.
Routers also divide internal networks into two or more subnetworks and can be connected internally to other routers, creating zones that operate independently. Routers establish communication by maintaining tables about destinations and local connections. A router contains information about the systems connected to it and where to send requests if the destination isn’t known. Routers usually communicate routing and other information using one of three standard protocols: Routing Information Protocol (RIP), Border Gateway Protocol (BGP) or Open Shortest Path First (OSPF).
Routers act as your first line of defense. You must configure them to pass only traffic authorized by network administrators. The routers themselves are configured as static or dynamic:
- Static routers can only be configured manually and stay that way until changed.
- Dynamic routers use information about nearby routers to build their routing tables.
Firewalls
A firewall restricts the internet traffic of a private network, controlling what goes in and out. They analyze and restrict data packets based on programmed parameters, either whitelists or blacklists. Whitelists only allow information that falls within a certain set of parameters, while blacklists deny all information that falls inside the parameters.
Firewalls are essential for private networks, especially those operating with sensitive information. They are also used within internal networks to block access between subgroups, such as a sales department being denied access to files pertaining to IT or HR.
Several types of firewalls exist, and which one is right for you depends on your operation. Some of the most common firewall types include:
- Packet filtering: Acts as a network layer checkpoint, analyzing data packets by IP address, packet type, port number or network protocols
- Stateful inspection: Analyzes data at network and transport layers, inspecting source IP, destination IP, source port and destination port
- Next-generation: Analyzes actual packet content and all TCP handshake checks, checking for malware, and detects advanced threats (see the section on IDS and IPS below)
Any type of firewall is helpful, but packet filtering is the most basic. A stateful inspection takes defenses to the next level. Next-generation firewall methods are the most thorough and secure, often used in highly regulated industries like finance and healthcare.
Repeaters
A repeater is an electronic device that works at the physical layer of the OSI model to amplify a received signal. It receives a signal and retransmits it at a higher level or higher power. As a result, the signal covers longer distances, sometimes more than 100 meters for standard LAN cables.
Repeaters are useful for anyone working in a large facility where the Wi-Fi might be spotty in the outer reaches of the space. Large office buildings, warehouses, laboratories and campuses are all locations that can benefit from repeaters.
Gateways
Gateways connect networks operating on different protocols so data can transfer between destinations. These devices normally work at the Transport and Session layers of the OSI model. At the Transport layer and above, there are numerous protocols and standards from different vendors, and gateways help deal with them.
Gateways translate between networking technologies such as Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP). Because of this, gateways connect two or more autonomous networks, each with its own routing algorithms, protocols, topology, domain name service, and network administration procedures and policies. They perform all of the functions of routers and more. In fact, a router with added translation functionality is a gateway.
Hubs
Hubs connect multiple computer networking devices, working only on the Physical layer of the OSI. Hubs do not perform packet filtering or addressing functions. Instead, they send data packets to all connected devices. A hub also acts as a repeater, amplifying signals that deteriorate after traveling long distances over connecting cables. A hub is the most straightforward network connecting device because it connects LAN components with identical protocols.
A hub can be used with digital and analog data, provided its settings are configured to prepare for the formatting of the incoming data. For example, if the incoming data is in digital format, the hub must pass it on as packets. But if the incoming data is analog, it passes it on in signal form.
There are two types of hubs:
- A simple hub has only one port for connecting a device to other networks.
- Multiple-port hubs allow users to connect many devices, and some expand modularly.
There are also active and passive hubs. Active hubs boost the signal, as a repeater would, while passive hubs have no boosting capabilities.
Modems
A modem (modulator-demodulator) converts digital signals into analog signals of different frequencies and transmits them to a modem at the receiving location. The receiving modem performs the reverse transformation and provides a digital output to a device connected to a modem, usually a computer. The digital data is usually transferred to or from the modem over a serial line through an industry-standard interface, RS-232.
There are three main types of modems:
- A DSL modem uses telephone cables and is considered the slowest connection.
- A cable modem transmits information over TV lines and is faster than DSL.
- A wireless modem transfers information between the local network and an internet service provider; it is the fastest transmitter.
Network interface cards (NICs)
A network interface card is an internal hardware chip that connects a device to the internet. At the TCP/IP layer, the NIC connects a device to a network. At the physical layer, the NIC transmits a signal that sends information to the network layer. Then all data passes through the NIC to the server and back to the device.
There are two main types of NICs:
- An Ethernet NIC comes with an 8P8C socket for connecting an ethernet cable.
- A Wi-Fi NIC connects to a wireless network.
Mobile devices have only a wireless NIC, but most computers still incorporate an Ethernet chip. Ethernet ports are more reliable but limit a user’s mobility while handling the device.
Wireless access points (WAPs)
A wireless access point consists of a transceiver (transmitter and receiver) device used to create a wireless LAN (WLAN). WAPs are separate network devices with a built-in antenna, transmitter and adapter. WAPs use the wireless infrastructure network mode to provide a connection point between WLANs and a wired ethernet LAN. They also have several ports, allowing you to expand the network to support additional clients.
Depending on the size of the network, one or more WAPs might be required to provide full coverage. Additional WAPs allow access to more wireless clients and expand the wireless network range. Each WAP is limited by its transmission range — the distance a client can be from an WAP and still obtain a reasonable signal and data process speed. The distance depends on the wireless standard, the obstructions and the environmental conditions between the client and the WAP. Higher-end WAPs have high-powered antennas, enabling them to extend how far the wireless signal can travel.
WAPs might also provide many ports for increasing a network’s size, firewall capabilities and Dynamic Host Configuration Protocol (DHCP) service. Therefore, an WAPs can be a switch, DHCP server, router and firewall.
A service set identifier (SSID) name is necessary to connect to a wireless network. The SID is used to identify all systems belonging to the same network, and client stations must be configured with the SSID to be authenticated to the WAP. The WAP might broadcast the SSID, allowing all wireless clients in the area to see the WAP’s SSID. However, for security reasons, APs can be configured not to broadcast the SSID, meaning an administrator needs to give client systems the SSID instead of allowing it to be discovered automatically. Wireless devices ship with default SSIDs, security settings, channels, passwords and usernames. For security reasons, changing these default settings as soon as possible is strongly recommended because many internet sites list the default settings used by manufacturers.
WAPs can be fat or thin. Fat APs, sometimes called autonomous FAPs, must be manually configured with network and security settings. They are left alone to serve clients until they can no longer function. Thin APs allow remote configuration using a controller. Since thin clients are not manually configured, they can be easily reconfigured and monitored.
IDS and IPS
Intrusion detection and intrusion prevention systems monitor the network for signs of intrusion. They do so by applying signatures to the monitored network traffic or identifying traffic anomalies compared to normal network activity. Intrusion prevention systems are one of the earliest implementations of machine learning concepts in information security.
An IDS will send alerts to an administrator and/or another security system (such as a SIEM) but will not directly interfere with the network traffic. In contrast, an IPS will use a defined set of actions to block a suspected intrusion from progressing further into the network and onward to connected devices, typically by resetting the network connection at the TCP/IP layer.
There also host-based implementations of IDS and IPS systems, which aim to protect the device they are running on.
VPN
A virtual private network is used to securely connect endpoints, usually a computer and a company’s network, over an insecure medium such as the public internet. In order to establish such a secure point-to-point connection, VPN uses tunneling protocols. (That term refers to the human interpretation of how data packets are encrypted and encapsulated when transmitted over the insecure connection.)
Several types of VPNs exist; remote access is the most common one. Indeed, widespread work-from-home (WFH) adoption has led to broad use of VPN. Since attackers often try to misuse these “gates to the kingdom,” knowing the basic concepts of virtual private networking is vital for security engineers .
Best practices for managing network device security
Understanding the types of network devices available is the first step in building a reliable network. However, it is also essential to ensure your network is safe, runs efficiently and doesn’t become vulnerable over time. Below are some best practices that will help you avoid connection and security issues.
Perform regular firmware and software updates.
All devices require regular updates to purge bugs and continue operating properly. Network devices require frequent updates because hackers are always coming up with new ways to infiltrate networks to steal information. Checking for firmware and software updates is an essential part of maintaining a working infrastructure that stays at full capacity.
Harden all network devices.
Often, the default configurations of network devices are overly permissive, which increases the risk of malicious actors breaking into the network. Always ensure that the settings of each device are hardened according to your protocols and industry standards.
Implement strong user management and access control.
Ensure that only authorized users have access to sensitive data and networks. Keep access lists and implement controls to ensure no one is entering places they aren’t supposed to be. Ideally, replace standing privileged accounts with just-in-time access to heighten security.
Use network segmentation and VLANs.
Network segmentation is the practice of creating subnetworks within a larger network to help keep unwanted visitors out of sensitive files. For further protection, implement a VLAN to ensure that only specific devices can access segmented networks.
Monitor for anomalous activity.
Organizations must keep scrupulous logs of all users and devices with network access. Set up strict guidelines and entry points for network devices, and monitor for abnormal activity.
Perform periodic security assessments.
Never assume your bases are covered simply because you have security network devices in place. Instead, have either internal security teams or an outside service perform regular audits to check for vulnerabilities and promptly mitigate them.
Conclusion
With the right combination of network devices, you can design and build a secure network to protect your organization. To safeguard your network’s security and availability, carefully monitor network device activity so you can spot attacks and other issues right away.
Frequently asked questions
What are network devices?
A network device is hardware or software that establishes and maintains a secure and effective internet connection. These devices link computers, phones, printers and other internet-compatible devices with various networks. They also block potentially dangerous data or users from entering secure networks.
What is the purpose of a network device?
Network devices establish connections between networks. They also improve efficiency, range and security.
What are the most common types of network devices?
Routers, modems and network interface cards are all common network devices. Repeaters, gateways, switches and firewalls are examples of network devices that amplify and secure existing connections.
