The things learned from this session:

• Some examples of storage media include ROM, NVRAM, DRAM, CAM, Hard Drive
• The function of switches is to map MAC addresses to switch ports. It can also be utilized to locate physical location of MACs. The switch has a CAM and an ARP table.
  • CAM table: it is used to store MAC addresses available on physical ports along with their corresponding VLAN parameters. It maps mac addresses to physical switch ports and also helps in identifying attackers who are trying to sniff local traffic. Lastly, though it has a fast speed, its memory is volatile.
  • ARP table: stores information of each MAC address and its corresponding IP address.
• Router is used to route network packets, on the basis of their addresses, to other networks or devices. Some examples of router interfaces are configuration interfaces (CLI, web interface, Cisco proprietary, etc.), central management, Cisco ASA series, etc. Router based evidences include access history, DHCP logs, backup configuration, etc. The router  is configurable via syslog, FTP, TFTP, SNMP, etc.
• Firewall is a network security device that monitors traffic flowing in and out of the network. It has the ability to filter the traffic based on a defined set of security rules. Firewall logs contain valuable information such as connection attempts, protocols implemented, applications, etc. Firewall evidence may be volatile (such as command history), persistent (Access logs, DHCP logs, etc.), and remote (usual logs).