The size of a network drives almost every design choice โ hardware, protocols, who manages it, what security threats matter.
| Name | Scale | Example | Who owns it |
|---|---|---|---|
| PAN (Personal Area Network) | ~10m, one person's devices | Your phone + Bluetooth headphones + smartwatch | You |
| LAN (Local Area Network) | One building or campus | Your home Wi-Fi; your school's network | One organisation |
| WLAN (Wireless LAN) | A LAN but wireless | Your school Wi-Fi (technically a subset of LAN) | One organisation |
| MAN (Metropolitan Area Network) | A city or region | A city's traffic light network; a council's CCTV network | City/utility |
| WAN (Wide Area Network) | Countries or global | The internet; a multinational company's private network | Multiple orgs / ISPs |
Why the distinction matters for security: a LAN is generally trusted internally โ your home devices trust each other, and most home routers don't filter traffic between them. A WAN is generally untrusted โ you assume anyone on the internet could be hostile. The border between the LAN and the WAN is where firewalls live. Chapter 14 covers that.
Topology = the shape of a network. Even though two networks might use the same technology, if they're wired in different shapes, they behave very differently โ in performance, reliability, and security.
Every device connects to a central device (usually a switch). The switch handles all traffic. If any one device fails, the rest of the network keeps working. If the switch fails, everything goes down.
Pros: simple, easy to add/remove devices, one failure doesn't take down the network.
Cons: the central switch is a single point of failure; you need one port per device.
Where you'll see it: Every home Wi-Fi (devices โ router), every office (devices โ switch โ router), every school. This is by far the most common topology today.
Every device connects to every (or many) other devices. Multiple paths exist between any two nodes, so if one connection fails, traffic reroutes.
Pros: fault-tolerant, no single point of failure, great redundancy.
Cons: expensive, lots of cabling, complex to manage.
Where you'll see it: the internet's backbone (multiple paths between major routers), military/critical networks, modern home Wi-Fi mesh systems. Full mesh is rare; partial mesh (many but not all connections) is more common.
All devices share one cable (the "bus"). Everyone sees every message; each device ignores messages not addressed to them.
Pros: simple, cheap, easy to install.
Cons: the shared cable is a single point of failure. Performance degrades as devices are added. Obsolete for modern wired networks, though Wi-Fi behaves logically like a bus since all devices share the radio medium.
Where you'll see it: legacy ethernet (pre-1990s), still conceptually how a hub operates. Mostly historical.
Each device connects to exactly two neighbours, forming a closed loop. Data travels in one direction around the ring. Popular in early token ring networks.
Pros: predictable timing, no collisions.
Cons: a single cable break breaks the whole ring unless you have a dual ring.
Where you'll see it: some industrial control networks, legacy systems, fibre optic backbones using dual-ring FDDI. Rare in general-purpose networks today.
Multiple star networks connected together by a backbone โ a star-of-stars. Each classroom is a star; all classrooms connect up to a main switch; that connects to the router.
Pros: scales well, isolates faults within branches.
Cons: root node failures affect everything below; complex design.
Where you'll see it: Most mid-to-large office networks, schools, campuses. When someone says "star topology" about a large network, they usually mean tree.
Just two devices connected directly. The simplest possible network.
Where you'll see it: your laptop plugged directly into your modem, a direct WAN link between two sites, a serial console cable.
Topology has real security consequences. A network's shape determines:
Topology is about physical shape. Architecture is about roles โ who does what.
Some devices (servers) provide services; others (clients) consume them. The server is always on, stores authoritative data, and enforces rules. Clients connect when they want something.
| Example | Server | Client |
|---|---|---|
| Web browsing | Web server (instagram.com) | Your browser |
| Mail server | Your mail app | |
| School LMS | LMS server | Student and teacher devices |
| Online gaming | Game server | Player's PC/console |
Pros: Centralised control, easy to manage, authoritative data, easier to secure (one server to protect, with known role).
Cons: Single point of failure (server down = everyone offline), scaling is expensive, the server is a juicy target for attackers.
All devices are equal. Each one can request services from others, and each one can provide services. No central authority.
| Example | How it works |
|---|---|
| BitTorrent | Users download parts of a file from many other users, not a central server |
| Early Skype | Voice calls routed peer-to-peer |
| Bitcoin/blockchain | Every node has a copy of the ledger; no central authority |
| Early Napster | Music files shared directly between users (though Napster used a central index) |
Pros: No single point of failure, scales naturally (more users = more capacity), hard to censor.
Cons: Inconsistent data, harder to secure (every peer is an attack surface), hard to hold anyone accountable, trust issues.
Most real systems mix both. WhatsApp looks like client-server (you talk to WhatsApp's servers), but messages are end-to-end encrypted so the server can't read them โ the security model is peer-to-peer even though the routing is client-server. Modern Skype went the other way: abandoned P2P for client-server, prioritising enterprise features over pure decentralisation.
A form of client-server where the server lives in a massive data centre run by a third party (AWS, Azure, Google Cloud) rather than owned by the organisation using it. Practically, every modern web app is "in the cloud."
Implications: cheaper to start (no upfront hardware), scales on demand, but introduces shared responsibility โ the cloud provider secures the platform, you secure your data and configurations. Chapter 16's SaaS startup scenario covers this.
Pushing compute closer to where data is generated, rather than sending everything to a central server. Example: your smart doorbell processes video locally and only sends a summary to the cloud, instead of streaming 24/7.
Implications: lower latency, less bandwidth, but a larger attack surface (many small devices instead of one central one).
| Star | Mesh | Bus | Ring | |
|---|---|---|---|---|
| Reliability if one cable fails | Just that one device affected | Reroutes | Entire network affected | Entire network affected |
| Cost to build | Medium | High | Low | Medium |
| Easy to add devices? | Yes | No | Yes (until performance drops) | Medium |
| Performance under load | Good (switch limits collisions) | Excellent | Poor (shared medium) | Fair |
| Where you see it today | Everywhere | Internet backbone, mesh Wi-Fi | Legacy / logical Wi-Fi | Rare / legacy |