A working network is a stack of boxes, each doing one thing well. This page walks through the boxes you will see in real environments, from the dumbest hub on the wall to the SIEM watching everything.
The wire and the things that handle the wire. These devices move electrical signals or photons. They do not understand frames, packets, or addresses.
Layer 1 is where your network begins. A bad cable or a saturated hub will kill performance for everything above it, and no amount of firewall tuning fixes that.
The simplest possible multi-port repeater. Whatever signal arrives on one port gets blasted out every other port, no matter who it was meant for. Hubs create one giant collision domain, leak traffic to every connected device, and have been obsolete for decades. They still appear in legacy environments and study material because understanding why they failed is half the story of how switches won.
Read moreA passive rack-mounted board with rows of RJ45 jacks on the front and structured cable terminations on the back. Patch panels do nothing electronic. Their job is to give every cable in the wall a labeled, accessible endpoint so you can patch any wall jack to any switch port with a short cable. Without them, an enterprise network turns into a tangle of long cables that no one can trace.
Read moreThe translator between your local network and the service provider's medium. A cable modem turns coaxial RF signals into Ethernet. A DSL modem does the same for telephone wire. Fiber ONTs do it for light. The modem itself is dumb about IP addresses or security. It just bridges two physical mediums. In most home setups the modem and router are combined into one box, but they remain two distinct functions.
Read moreThese devices read MAC addresses and make per-frame forwarding decisions. They build the local network out of the wire that layer 1 provides.
The vast majority of traffic on any LAN never reaches a router. Layer 2 is where your computer talks to the printer down the hall and where attackers do ARP poisoning, MAC flooding, and VLAN hopping.
A bridge connects two network segments and only forwards traffic between them when the destination MAC actually lives on the other side. It is the conceptual ancestor of the switch. Modern dedicated bridge appliances are rare, but the term lives on in wireless bridging, software bridges on virtualization hosts, and the spanning tree algorithm that prevents loops between switches.
Read moreThe workhorse of every modern LAN. A switch learns which MAC address sits on which physical port and forwards each frame only to the port where its destination lives. Managed switches add VLANs, port security, quality of service, link aggregation, and remote configuration. Layer 3 switches can also route between VLANs at line rate, blurring the line with routers.
Read moreThe bridge between your wireless devices and the wired network. An AP advertises one or more SSIDs, authenticates clients (open, WPA2, WPA3, 802.1X), and converts radio frames into wired Ethernet on the back end. Enterprise APs are typically ceiling-mounted, powered over Ethernet, and centrally managed by a wireless controller or cloud service. Consumer routers usually have an AP built in.
Read moreWhen traffic needs to leave the local subnet, it goes through a layer 3 device. These speak IP, maintain routing tables, and make decisions packet by packet.
The device that connects networks together. Routers read the destination IP of every packet, look it up in a routing table, and forward the packet out the matching interface toward the next hop. They speak routing protocols like OSPF, BGP, and EIGRP to learn paths automatically. The router at the edge of your network is also the place where most NAT, basic ACLs, and quality-of-service policies live.
Read moreConnectivity devices move traffic. These devices decide which traffic gets to move at all, and which traffic deserves a closer look on the way through.
Defense-in-depth means stacking these in layers. No single appliance catches every attack. A firewall at the perimeter plus IDS sensors inside plus a proxy for outbound traffic plus a SIEM watching all of them is the real model.
The traffic cop at every network boundary. A firewall enforces a set of rules that say which connections are allowed and which are blocked, based on source and destination IP, ports, protocols, and in the case of next-generation firewalls, the actual application and user identity. Default-deny is the doctrine: anything not explicitly allowed is dropped. Most firewall failures are policy failures, not technology failures.
Read moreAn intrusion detection system inspects traffic, compares it against signatures of known attacks plus behavioral baselines, and raises alerts when something looks wrong. An intrusion prevention system goes further and actively drops the suspicious traffic in line. Both rely on quality signature feeds and tuning. A noisy, untuned IDS is the most ignored device in any SOC, which is exactly the failure mode attackers depend on.
Read moreA proxy sits between clients and the resources they want to reach, making requests on their behalf. A forward proxy lets the organization inspect, filter, and log outbound web traffic, often enforcing acceptable-use policies. A reverse proxy sits in front of internal servers, terminating TLS, caching, load-balancing, and hiding the backend topology. Both add a control point where you can see and shape application traffic without touching the endpoints.
Read moreThe devices in this group do not move traffic so much as observe it, balance it, or store the data it touches. They are what turns a network into something you can actually run a business on.
Security Information and Event Management is the central nervous system of a security program. A SIEM ingests logs and events from every other device on this page (firewalls, IDS, switches, servers, endpoints), normalizes them into a common schema, correlates patterns across sources, and raises alerts when something matches a detection rule. Splunk, Microsoft Sentinel, IBM QRadar, Elastic Security, and Wazuh are common implementations. The hard part is not deploying one. The hard part is writing detections that fire on real attacks without drowning analysts in noise.
Read moreA load balancer distributes incoming traffic across a pool of backend servers so no single server gets overwhelmed. Layer 4 load balancers split traffic by IP and port. Layer 7 load balancers can route by HTTP path, host header, or cookie. Beyond distribution, they perform health checks on the backends and quietly remove dead nodes from the pool, which is what makes web services appear to never go down even when individual servers crash.
Read moreNetwork Attached Storage is a self-contained file server appliance with multiple drive bays, redundancy via RAID, and one job: serve files over the network using protocols like SMB, NFS, AFP, or iSCSI. NAS appliances run a stripped-down operating system (Synology DSM, TrueNAS, QNAP QTS) and present storage to clients as if it were a local drive. They are the standard place to put shared documents, backups, and ZFS-snapshot ransomware insurance.
Read more