Describe the enterprise requirements for providing teleworker services Describe the teleworker requirements and recommended architecture for

Size: px
Start display at page:

Download "Describe the enterprise requirements for providing teleworker services Describe the teleworker requirements and recommended architecture for"

Transcription

1 Accessing the WAN Chapter 6

2 Objectives Describe the enterprise requirements for providing teleworker services Describe the teleworker requirements and recommended architecture for providing teleworking services. Explain how broadband services extend Enterprise Networks including DSL, cable, and wireless Describe the importance of VPN technology, including its role and benefits for enterprises and teleworkers. Describe how VPN technology provides secure teleworker services in an Enterprise setting 2

3

4 4 Business Requirements for Teleworker Services More and more companies are finding it beneficial to have teleworkers. The benefits of telecommuting extend well beyond the ability for businesses to make profits. Telecommuting affects the social structure of societies, and can have positive effects on the environment. Teleworker Benefits: Organizational benefits: Continuity of operations Increased responsiveness Secure, reliable, and manageable access to information Cost-effective integration of data, voice, video, and applications Increased employee productivity, satisfaction,, and retention Social benefits: Increased employment opportunities for marginalized groups Less travel and commuter related stress Environmental benefits: Reduced carbon footprints, both for individual workers and organizations

5 Teleworker Solution Organizations need secure, reliable, and cost-effective networks to connect corporate headquarters, branch offices, and suppliers. With the growing number of teleworkers, enterprises have an increasing need for secure, reliable, and cost-effective ways to connect to people working in SOHOs. In some cases, the remote locations only connect to the headquarters location, while in other cases, remote locations connect to multiple sites 5

6 Teleworker Solution A VPN is a private data network that uses the public telecommunication infrastructure. VPN security maintains privacy using a tunneling protocol and security procedures. 6

7

8 Connecting Teleworkers to the WAN Teleworkers typically use diverse applications ( , web-based apps, mission-critical apps, real-time collaboration, voice, video, and videoconf) that require a high-bandwidth connection. The choice of access network technology and the need to ensure suitable bandwidth are the first considerations when connecting teleworkers. The main connection methods used by home and small business users are: 8

9 Cable Popular option used by teleworkers to access their enterprise network. Coaxial cable is the primary medium used to build cable TV systems. Cable television first began in Pennsylvania in John Walson, needed to solve poor over-the-air reception problems. Most cable operators use satellite dishes to gather TV signals. Early systems were one-way, with cascading amplifiers placed in series along the network to compensate for signal loss. Modern cable systems provide two-way communication between subscribers and the cable operator. Cable operators now offer customers advanced telecommunications services, including high-speed Internet access, digital cable television, 9 and residential telephone service. Cable operators typically deploy hybrid fiber-coaxial (HFC) networks to enable high-speed transmission of data to cable modems located in a SOHO.

10 10 Cable

11 Cable The electromagnetic spectrum encompasses a broad range of frequencies. Radio waves, (called RF), constitute a portion of the electromagnetic spectrum between approximately 1 kilohertz (khz) through 1 terahertz. The cable TV industry uses a portion of the RF electromagnetic spectrum. Within the cable, different frequencies carry TV channels and data. A cable network is capable of transmitting signals on the cable in either direction at the same time. The following frequency scope is used: Downstream - The direction of an RF signal transmission i (TV channels and data) from the source (headend) to the destination (subscribers). Transmission from source to destination is called the forward path. 11 Downstream frequencies: range of 50 to 860 megahertz (MHz). Upstream - The direction of the RF signal transmission from subscribers to the headend, or the return or reverse path. Upstream frequencies are in the range of 5 to 42 MHz.

12 12 Cable

13 Cable 13 The Data-over-Cable Service Interface Specification (DOCSIS) is an international standard developed by CableLabs. DOCSIS defines the communications and operation support interface requirements for a data-over-cable system, and Permits the addition of high-speed data transfer to an existing CATV system. Cable operators employ DOCSIS to provide Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure. DOCSIS specifies the OSI Layer 1 and Layer 2 requirements: Physical layer - DOCSIS specifies the channel widths (bandwidths of each channel) as 200 khz, 400 khz, 800 khz, 1.6 MHz, 3.2 MHz, and 6.4 MHz. DOCSIS also specifies modulation techniques. MAC layer - Defines a deterministic access method, time-division multiple access (TDMA) or synchronous code division multiple access method (S- CDMA).

14 Cable 14 To understand the MAC layer requirements for DOCSIS, an explanation of how various communication technologies divide channel access is helpful. TDMA divides access by time. Frequency-division multiple access (FDMA) divides access by frequency. Code division multiple access (CDMA) employs spread-spectrum spectrum technology and a special coding scheme in which each transmitter is assigned a specific code. S-CDMA is a proprietary version of CDMA developed by Terayon Corporation for data transmission across coaxial cable networks. S-CDMA scatters digital data up and down a wide frequency band and allows multiple subscribers connected to the network to transmit and receive concurrently. S-CDMA is secure and extremely resistant to noise.

15 Cable Two types of equipment are required to send digital modem signals upstream and downstream on a cable system: Cable modem termination system (CMTS) attheheadend the headend of the cable operator Cable modem (CM) on the subscriber end 15

16 DSL DSL is a means of providing high-speed connections over installed copper wires. A typical voice conversation only required bandwidth of 300 Hz to 3 khz. For many years, the telephone networks did not use the bandwidth above 3 khz. Advances in technology allowed DSL to use the additional bandwidth from 3 khz up to 1 MHz to deliver high-speed data services over ordinary copper lines. 16

17 DSL Asymmetric DSL (ADSL) frequency range: 20 khz to 1 MHz. The two basic types of DSL technologies are asymmetric (ADSL) and symmetric (SDSL), and there are several varieties of each type. ADSL: higher downstream bandwidth than upload bandwidth. SDSL: provides the same capacity in both directions. The transfer rates are dependentd on the actual llength of the local lloop, and the type and condition of its cabling. The different varieties of DSL provide different bandwidths, some with capabilities exceeding those of a T1 or E1 leased line. For satisfactory service, the loop must be less than 5.5 kilometers. 17

18 DSL Facilities Service providers deploy DSL connections in the last step of a local telephone network, called the local loop or last mile. The connection is set up between CPE and the DSL access multiplexer (DSLAM) located at the central office (CO) of the provider DSLAM concentrates connections from multiple DSL subscribers. 18

19 DSL Facilities The two key components are the DSL transceiver and the DSLAM: Transceiver - Connects the computer of the teleworker to the DSL. Usually is a DSL modem connected to the computer. Newer DSL transceivers can be built into small routers with multiple 10/100 switch ports suitable for home office use. DSLAM - Located at the CO of the carrier. Combines individual DSL connections from users into one highcapacity link to an ISP, and thereby, to the Internet. The advantage that DSL has over cable technology is that DSL is not a shared medium. Each user has a separate direct connection to the DSLAM. 19 Adding users does not impede performance, unless the DSLAM Internet connection to the ISP, or the Internet, becomes saturated.

20 Benefits of ADSL The major benefit of ADSL is the ability to provide data services along with POTS voice services. The provider splits the POTS channel from the ADSL modem using filters or splitters. This guarantees uninterrupted phone service even if ADSL fails. When filters or splitters are in place, the phone line and the ADSL work simultaneously without adverse effects on either service. There are two ways to separate ADSL from voice at the customer premises: Microfilter.- Passive low-pass filter with two ends. One end connects to the telephone, and the other end connects to the telephone wall jack. 20 Splitter.- Passive device. In the event of a power failure, the voice traffic still travels to the voice switch in the CO of the carrier Separate the DSL traffic from the POTS traffic. Splitters are located at the CO or at the CPE. Separates the voice traffic, and the data traffic destined for the DSLAM.

21 21 Benefits of ADSL

22 22 Benefits of ADSL

23 Broadband Wireless 23 Using networking standards, data travels on radio waves networking is relatively easy to deploy because it uses the unlicensed radio spectrum to send and receive data. Computer manufacturers building-in wireless network adapters into most laptop computers. As the price of chipsets for Wi-Fi continues to drop, it is becoming a very economical networking option for desktop computers as well. The benefits of Wi-Fi extend beyond nothavingtouseor to or install wired network connections. Wireless networking provides mobility. Wireless connections provide increased flexibility and productivity to the teleworker.

24 Broadband Wireless New developments in broadband wireless technology are increasing wireless availability. These include: Municipal Wi-Fi WiMAX Satellite Internet Municipal i governments have joined the Wi-Fi revolution, often working with service providers, cities are deploying municipal wireless networks. Some of these networks provide high-speed Internet access at no cost or for substantially less than the price of other broadband d services. Other cities reserve their Wi-Fi networks for official use. 24

25 WiMAX WiMAX (Worldwide Interoperability for Microwave Access) is aimed at providing wireless data over long distances in a variety of ways, from pointto-point links to full mobile cellular type access. Operates at higher speeds, over greater distances, and for a greater number of users than Wi-Fi. A WiMAX network consists of two main components: A tower that is similar in concept to a cellular telephone tower. A single WiMAX tower can provide coverage to an area as large as 7,500 square kilometers. A WiMAX receiver that is similar in size and shape to a PCMCIA card, or built into a laptop or other wireless device. 25

26 WiMAX A WiMAX tower station connects directly to the Internet using a highbandwidth connection (for example, a T3 line). Atowercan also connect to other WiMAX towers using line-of-sight microwave links. WiMAX is thus able to provide coverage to rural areas out of reach of "last mile" cable and DSL technologies. 26

27 Satellite Internet Services 27 Used in locations where land-based Internet access is not available, or for temporary/mobile installations. Available worldwide, including for vessels at sea, airplanes in flight, and vehicles moving on land. There are three ways to connect to the Internet using satellites: One-way multicast satellite Internet systems are used for IP multicastbased data, audio, and video distribution. IP protocols require two-way communication. Full interactivity is not possible. One-way terrestrial return satellite Internet systems use traditional dialup access to send outbound data through a modem and receive downloads from the satellite. Two-way satellite Internet sends data from remote sites via satellite to a hub, which then sends the data to the Internet. The satellite dish at each hlocation needs precise positioning i to avoid interference with other satellites.

28 Satellite Internet Services The key installation requirement is for the antenna to have a clear view toward the equator, where most orbiting satellites are stationed. Trees and heavy rains can affect reception of the signals. Two-way satellite Internet uses IP multicasting technology, which allows one satellite to serve up to 5,000 communication channels simultaneously. IP multicast sends data from one point to many points at the same time by sending data in a compressed format. 28

29 Wireless Standards The most common standards are included in the IEEE WLAN standard (5 GHz and 2.4 GHz public unlicensed spectrum bands). The terms and Wi-Fi appear interchangeably, but this is incorrect. Wi-Fi is an industry-driven interoperability certification based on a subset of The Wi-Fi specification came about because market demand. The most popular access approaches to connectivity are those defined by the IEEE b and IEEE g protocols. The latest standard, d n, adds multiple-input l i t multiple-output l t t(mimo) (MIMO). The (or WiMAX) standard allows transmissions up to 70 Mb/s, and has a range of up to 30 miles (50 km). 29 It can operate in licensed or unlicensed bands of the spectrum from 2 to 6 GHz.

30

31 VPN Beneficts The Internet is a worldwide, publicly accessible IP network. It is a public infrastructure poses security risks to enterprises and their internal networks. VPN enables organizations to create private networks over the public Internet infrastructure that maintain confidentiality and security. With VPNs to remain private, the traffic is encrypted. VPN uses virtual connections that are routed through the Internet. An understanding of VPN technology is essential to be able to implement secure teleworker services on enterprise networks. 31

32 VPN Beneficts VPNs increase flexibility and productivity. Remote sites and teleworkers can connect securely to the corporate network. Data on a VPN is encrypted and undecipherable to anyone not entitled to have it. VPNs bring remote hosts inside the firewall, giving them close to the same levels of access to network devices as if they were in a corporate office. Consider these benefits when using VPNs: Cost savings Security 32 Scalability Organizations, big and small, are able to add large amounts of capacity without adding significant infrastructure.

33 Site-to-site VPNs Organizations use site-to-site VPNs to connect dispersed locations in the same way as a leased line or Frame Relay connection is used. Because most organizations now have Internet access, it makes sense to take advantage of the benefits of site-to-site VPNs. Site-to-site VPNs also support company intranets and business partner extranets. In effect, a site-to-site VPN is an extension of classic WAN networking. Site-to-site VPNs connect entire networks to each other. In a site-to-site t VPN, hosts send and receive TCP/IP traffic through h a VPN gateway, which could be a router, PIX firewall appliance, or an Adaptive Security Appliance (ASA). 33

34 Site-to-site VPNs The VPN gateway is responsible for: Encapsulating and encrypting outbound traffic for all of the traffic from a particular site and sending it through a VPN tunnel over the Internet to a peer VPN gateway at the target site. On receipt, the peer VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network. 34

35 Remote-access VPN Mobile users and telecommuters use remote access VPNs extensively. In the past, corporations supported remote users using dialup networks. Most teleworkers now have access to the Internet from their homes and can establish remote VPNs using broadband connections. Remote access VPNs can support the needs of telecommuters, mobile users, as well as extranet consumer-to-business. In a remote-access VPN, each host typically has VPN client software. 35

36 VPN Components A VPN creates a private network over a public network infrastructure while maintaining confidentiality and security. VPNs use cryptographic tunneling protocols to provide protection against packet sniffing, sender authentication, and message integrity. Components required to establish this VPN include: 1. An existing network with servers and workstations 2. A connection to the Internet 3. VPN gateways, that act as endpoints to establish, manage, and control VPN connections 4. Appropriate software to create and manage VPN tunnels The key to VPN effectiveness is security. VPNs secure data by 36 encapsulating or encrypting the data. Most VPNs can do both. Encapsulation or tunneling, transmits data transparently from network to network through a shared network infrastructure. Encryption codes data into a different format using a secret key. Decryption decodes encrypted data

37 Secure VPN Characteristics 37 Data confidentiality A common security concern is protecting data from eavesdroppers. Protecting the contents of messages from interception by unauthenticated or unauthorized sources. VPNs achieve confidentiality using mechanisms of encapsulation and encryption. Data integrity Receivers have no control over the path the data has traveled and therefore do not know if the data has been seen or handled. There is always the possibility that the data has been modified. Data integrity guarantees that no tampering or alterations occur to data. VPNs typically use hashesh to ensure data integrity. i Authentication Authentication ensures that a message comes from an authentic source and goes to an authentic destination. VPNs can use passwords, digital certificates, smart cards, and biometrics to establish the identity of parties at the other end of a network.

38 VPN Tunneling 38 Appropriate data confidentiality capabilities into a VPN ensures that only the sources and destinations can interpret the original message contents. Tunneling allows the use of public networks like the Internet to carry data for users as though the users had access to a private network. Tunneling encapsulates an entire packet within another packet and sends the new, composite packet over a network. Tunneling Protocols Carrier protocol: The protocol over which the information is traveling (Frame Relay, ATM, MPLS). Encapsulating protocol: The protocol that is wrapped around the original data (GRE, IPSec, L2F, PPTP, L2TP). Passenger protocol: The protocol over which h the original i ldata was being carried (IPX, AppleTalk, IPv4, IPv6).

39 VPN Tunneling Consider an message traveling through the Internet over a VPN. PPP carries the message to the VPN device, where the message is encapsulated within a Generic Route Encapsulation (GRE) packet. GRE is a tunneling protocol (Cisco) that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to- point link to Cisco routers at remote points over an IP internetwork. The outer packet source and destination addressing is assigned to "tunnel interfaces" and is made routable across the network. Once a composite packet reaches the destination tunnel interface, the inside packet is extracted. 39

40 VPN Data Integrity To keep the data private, it needs to be encrypted. VPN encryption encrypts the data and renders it unreadable to unauthorized receivers. For encryption to work, both the sender and the receiver must know the rules used to transform the original message into its coded form. VPN encryption rules include an algorithm and a key. An algorithm is a mathematical function that combines a message, text, digits, or all three with a key. The output is an unreadable cipher string. Decryption:extremelydifficult extremely or impossible without the correct key. 40

41 VPN Data Integrity 41 The degree of security provided by any encryption algorithm depends on the length of the key. For any ygiven key length, the time that it takes to process all of the possibilities to decrypt cipher text is a function of the computing power of the computer. Therefore, the shorter the key, the easier it is to break,, but at the same time, the easier it is to pass the message. More common encryption algorithms and the length of keys they use: Data Encryption Standard (DES) algorithm - Developed by IBM, DES uses a 56-bit key, ensuring high-performance encryption. DES is a symmetric key cryptosystem. Triple DES (3DES) algorithm - A newer variant of DES that encrypts with one key, decrypts with another different key, and then encrypts one final time with another key. 3DES provides significantly more strength to the encryption process.

42 VPN Data Integrity More common encryption algorithms and the length of keys they use: Advanced Encryption Standard (AES) - The National Institute of Standards and Technology (NIST) adopted AES to replace the existing DES encryption in cryptographic devices. AES provides stronger security than DES and is computationally more efficient than 3DES. AES offers three different key lengths: 128, 192, and 256-bit keys. Rivest, Shamir, and Adleman (RSA) - An asymmetrical key cryptosystem. The keys use a bit length of 512, 768, 1024, or larger. 42

43 Symmetric Encryption Encryption algorithms such as DES and 3DES require a shared secret key to perform encryption and decryption. Each of the two computers must know the key to decode the information. With symmetric key encryption (secret key encryption), each computer encrypts the information before sending it over the network. Symmetric key encryption requires knowledge of which computers will be talking to each other so that the same key can be configured on each computer. The question is, how do the encrypting and decrypting devices both have the shared secret key? 43

44 Asymmetric Encryption Asymmetric encryption uses different keys for encryption and decryption. One key encrypts the message A second key decrypts the message. It is not possible to encrypt and decrypt with the same key. Public key encryption is a variant of asymmetric encryption that uses a combination of a private key and a public key. The recipient gives a public key to any sender. The sender uses a private key combined with the recipient's public key to encrypt the message. Also, the sender must share their public key with the recipient. To decrypt a message, the recipient will use the public key of the sender 44 with their own private key.

45 Hash: Data Integrity and Authentication 45 Hashes contribute to data integrity and authentication. A hash, also called a message digest, is a number generated from a string of text. The hash is smaller than the text itself. The original sender generates a hash of the message and sends it with the message itself. The recipient decrypts the message and the hash, produces another hash from the received message, and compares the two hashes. If match, it can be sure of the integrity of the message. VPNs use a message authentication i code to verify the integrityi and dthe authenticity of a message, without using any additional mechanisms. A keyed hashed message authentication code (HMAC) is a data integrity algorithm that t guarantees the integrityi of fthe message. A HMAC has two parameters: a message input and a secret key known only to the sender and intended receivers.

46 Hash: Data Integrity and Authentication The message sender uses a HMAC function to produce a value (the message authentication code), formed by condensing the secret key and the message input. The message authentication code is sent along with the message. There are two common HMAC algorithms: Message Digest 5 (MD5) - Uses a 128-bit shared secret key. The variable length message and 128-bit shared secret key are combined and run through the HMAC-MD5 hash algorithm. The output is a 128-bit hash. h The hash is appended to the original message and forwarded to the remote end. 46 Secure Hash Algorithm 1 (SHA-1) - Uses a 160-bit secret key. The variable length message and the 160-bit shared secret key are combined and run through the HMAC-SHA-1 hash algorithm. The output is a 160-bit hash. The hash is appended to the original message and forwarded to the remote end.

47 47 Hash: Data Integrity and Authentication

48 VPN Authentication The device on the other end of the VPN tunnel must be authenticated. There are two peer authentication methods: Pre-shared key (PSK) - A secret key that is shared between the two parties using a secure channel before it needs to be used. PSKs use symmetric key cryptographic algorithms. A PSK is entered into each peer manually. At each end, the PSK is combined with other information to form the authentication key. RSA signature - Uses the exchange of digital certificates to authenticate the peers. The local device derives a hash and encrypts it with its private key. 48 The encrypted hash (digital signature) is attached to the message and forwarded to the remote end. At the remote end,, the encrypted hash is decrypted using the public key of the local end. If the decrypted and recomputed hash match, the signature is genuine.

49 VPN Authentication 49 The device on the other end of the VPN tunnel must be authenticated before the communication path is considered secure.

50 Ipsec Security Protocols IPsec is protocol suite for securing IP communications which provides encryption, integrity, and authentication. IPsec spells out the messaging necessary to secure VPN communications, but relies on existing algorithms. There are two main IPsec framework protocols. Authentication Header (AH) Encapsulating Security Payload (ESP) 50

51 Ipsec Security Protocols Authentication Header (AH) Use when confidentiality is not required or permitted. AH provides data authentication and integrity for IP packets passed between two systems. It verifies that any message passed has not been modified during transit. It also verifies the origin i of the data. AH does not provide data confidentiality (encryption) of packets. Used alone, the AH protocol provides weak protection. Consequently, it is used with the ESP protocol to provide data encryption and tamper-aware security features. 51

52 Ipsec Security Protocols Encapsulating Security Payload (ESP) Provides confidentiality and authentication by encrypting the IP packet. IP packet encryption conceals the data and the identities of the source and destination. ESP authenticates the inner IP packet and ESP header. Authentication i provides data origin i authentication i and data integrity. i Although both encryption and authentication are optional in ESP, at a minimum, one of them must be selected. 52

53 IPsec Framework IPsec relies on existing algorithms to implement encryption, authentication, and key exchange. Some of the standard algorithms that IPsec uses are as follows: DES - Encrypts and decrypts packet data. 3DES - Provides significant encryption strength over 56-bit DES. AES - Provides stronger encryption, and dfaster throughput. h MD5 - Authenticates packet data, using a 128-bit shared secret key. SHA-1 - Authenticates packet data, using a 160-bit shared secret key. DH - Allows two parties to establish a shared secret key used by encryption and hash algorithms, for example, DES and MD5, over an insecure communications channel. 53

54 IPsec Framework When configuring an IPsec gateway to provide security services: Choose an IPsec protocol. The choices are ESP or ESP with AH. Choose an encryption algorithm if IPsec is implemented with ESP. Appropriated for the desired level of security: DES, 3DES, or AES. Choose authentication algorithm to provide data integrity: MD5 or SHA. Choose the Diffie-Hellman (DH) algorithm group. Which establishes the sharing of key information between peers. Choose which group to use, DH1 or DH2. 54

55 Summary Requirements for providing teleworker services are: Maintains continuity of operations Provides for increased services Secure & reliable access to information Cost effective Scalable Components needed for a teleworker to connect to an organization s network are: Home components Corporate components 55

56 Summary 56 Broadband services used Cable transmits signal in either direction simultaneously DSL requires minimal changes to existing telephone infrastructure delivers high bandwidth data rates to customers Wireless increases mobility wireless availability via: Municipal WiFi WiMax Satellite internet

57 Summary Securing teleworker services VPN security achieved through using Advanced encryption techniques Tunneling Characteristics of a secure VPN Data confidentiality Data integrity authentication 57

58 58

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how

More information

Network+ Guide to Networks, Fourth Edition. Chapter 7 WANs, Internet Access, and Remote Connectivity. Objectives

Network+ Guide to Networks, Fourth Edition. Chapter 7 WANs, Internet Access, and Remote Connectivity. Objectives Network+ Guide to Networks, Fourth Edition Chapter 7 WANs, Internet Access, and Remote Connectivity Objectives Identify a variety of uses for WANs Explain different WAN topologies, including their advantages

More information

CCNA Security 1.1 Instructional Resource

CCNA Security 1.1 Instructional Resource CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where

More information

Introduction to Security and PIX Firewall

Introduction to Security and PIX Firewall Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network

More information

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu

VPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining

More information

VPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region

VPN SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region VPN SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without the

More information

Technical papers Virtual private networks

Technical papers Virtual private networks Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What

More information

Appendix A: Basic network architecture

Appendix A: Basic network architecture Appendix A: Basic network architecture TELECOMMUNICATIONS LOCAL ACCESS NETWORKS Traditionally, telecommunications networks are classified as either fixed or mobile, based on the degree of mobility afforded

More information

ADSL part 2, Cable Internet, Cellular

ADSL part 2, Cable Internet, Cellular ADSL part 2, Cable Internet, Cellular 20 June 2016 Lecture 12 20 June 2016 SE 428: Advanced Computer Networks 1 Topics for Today ADSL Cable Internet Cellular Radio Networks 20 June 2016 SE 428: Advanced

More information

Narrowband and Broadband Access Technologies

Narrowband and Broadband Access Technologies Computer Networks and Internets, 5e Chapters 12 and 16 Access and Interconnection Technologies (slidesets abridged/combined) By Douglas Comer Modified from the lecture slides of Lami Kaya (LKaya@ieee.org)

More information

Virtual Private Networks

Virtual Private Networks Outline Virtual Private Networks Cmput 410 Presentations November 25-2004 Introduction Types of VPNs Tunneling Security Encryption Future of VPNs VPN - Definition Introduction a way to provide remote access

More information

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN)

Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices

More information

ADSL or Asymmetric Digital Subscriber Line. Backbone. Bandwidth. Bit. Bits Per Second or bps

ADSL or Asymmetric Digital Subscriber Line. Backbone. Bandwidth. Bit. Bits Per Second or bps ADSL or Asymmetric Digital Subscriber Line Backbone Bandwidth Bit Commonly called DSL. Technology and equipment that allow high-speed communication across standard copper telephone wires. This can include

More information

ITU-T RECOMMENDATION J.122, SECOND-GENERATION TRANSMISSION SYSTEMS FOR INTERACTIVE CABLE TELEVISION SERVICES IP CABLE MODEMS

ITU-T RECOMMENDATION J.122, SECOND-GENERATION TRANSMISSION SYSTEMS FOR INTERACTIVE CABLE TELEVISION SERVICES IP CABLE MODEMS ORGANIZATION OF AMERICAN STATES INTER-AMERICAN TELECOMMUNICATION COMMISSION PERMANENT CONSULTATIVE COMMITTEE I: TELECOMMUNICATION STANDARDIZATION Standards Coordination Document Nr. 10: ITU-T RECOMMENDATION

More information

How Virtual Private Networks Work

How Virtual Private Networks Work How Virtual Private Networks Work by Jeff Tyson This article has been reprinted from http://computer.howstuffworks.com/ Please note that the web site includes two animated diagrams which explain in greater

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security

More information

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0

DATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS

More information

Chapter 9 Using Telephone and Cable Networks for Data Transmission

Chapter 9 Using Telephone and Cable Networks for Data Transmission 9-11 TELEPHONE NETWORK Chapter 9 Using Telephone and Cable Networks for Data Transmission 1 McGraw-Hill Copyright The McGraw-Hill Companies, Inc. Permission required The for reproduction McGraw-Hill or

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

Application Note: Onsight Device VPN Configuration V1.1

Application Note: Onsight Device VPN Configuration V1.1 Application Note: Onsight Device VPN Configuration V1.1 Table of Contents OVERVIEW 2 1 SUPPORTED VPN TYPES 2 1.1 OD VPN CLIENT 2 1.2 SUPPORTED PROTOCOLS AND CONFIGURATION 2 2 OD VPN CONFIGURATION 2 2.1

More information

Broadband Primer. A Guide to High Speed Internet Technologies. Indiana Office of Utility Consumer Counselor

Broadband Primer. A Guide to High Speed Internet Technologies. Indiana Office of Utility Consumer Counselor Broadband Primer A Guide to High Speed Internet Technologies Indiana Office of Utility Consumer Counselor 100 N. Senate Av., Room N501 Indianapolis, IN 46204-2215 www.openlines.in.gov toll-free: 1-888-441-2494

More information

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks Rene Bahena Felipe Flores COEN 150 Project Report Chapter 1: What is a VPN? VPN stands for Virtual Private Network and is a way of making a secure remote connection to a private

More information

Secure Network Design: Designing a DMZ & VPN

Secure Network Design: Designing a DMZ & VPN Secure Network Design: Designing a DMZ & VPN DMZ : VPN : pet.ece.iisc.ernet.in/chetan/.../vpn- PPTfinal.PPT 1 IT352 Network Security Najwa AlGhamdi Introduction DMZ stands for DeMilitarized Zone. A network

More information

Broadband Access Technologies

Broadband Access Technologies Broadband Access Technologies Chris Wong Communications Engineering Sector Analysis & Reporting Branch International Training Program 23 October 2007 Presentation Outline What is broadband? What are the

More information

THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT. October 2009 EXAMINERS' REPORT. Computer Networks

THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT. October 2009 EXAMINERS' REPORT. Computer Networks THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT October 2009 EXAMINERS' REPORT Computer Networks General Comments The responses to questions were of marginally better quality than April 2009

More information

Broadband 101: Installation and Testing

Broadband 101: Installation and Testing Broadband 101: Installation and Testing Fanny Mlinarsky Introduction Today the Internet is an information superhighway with bottlenecks at every exit. These congested exits call for the deployment of broadband

More information

Cable Modems. Definition. Overview. Topics. 1. How Cable Modems Work

Cable Modems. Definition. Overview. Topics. 1. How Cable Modems Work Cable Modems Definition Cable modems are devices that allow high-speed access to the Internet via a cable television network. While similar in some respects to a traditional analog modem, a cable modem

More information

Chapter 9A. Network Definition. The Uses of a Network. Network Basics

Chapter 9A. Network Definition. The Uses of a Network. Network Basics Chapter 9A Network Basics 1 Network Definition Set of technologies that connects computers Allows communication and collaboration between users 2 The Uses of a Network Simultaneous access to data Data

More information

Getting Broadband. FCC Consumer Facts. What Is Broadband?

Getting Broadband. FCC Consumer Facts. What Is Broadband? Getting Broadband FCC Consumer Facts What Is Broadband? Broadband or high-speed Internet access allows users to access the Internet and Internetrelated services at significantly higher speeds than those

More information

Intel System Engineers Documents. DSL General Overview

Intel System Engineers Documents. DSL General Overview Intel System Engineers Documents DSL General Overview Alex Lattanzi SC LAR Whatt IIs Brroadband? Broadband describes a number of different technologies that deliver digital data to homes and businesses

More information

Residential Broadband: Technologies for High-Speed Access To Homes

Residential Broadband: Technologies for High-Speed Access To Homes Residential Broadband: Technologies for High-Speed Access To Homes The Ohio State University Columbus, OH 43210-1277 1277 http://www.cse.ohio-state.edu/~jain/ 1 Overview 56 kbps Modems, ISDN ADSL, VDSL

More information

Cisco Which VPN Solution is Right for You?

Cisco Which VPN Solution is Right for You? Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2

More information

Using Application Layer Technology to Overcome the Impact of Satellite Circuit Latency on VPN Performance

Using Application Layer Technology to Overcome the Impact of Satellite Circuit Latency on VPN Performance Using Application Layer Technology to Overcome the Impact of Satellite Circuit Latency on VPN Performance Ground Control February 2003 Abstract This paper explains the source of severe throughput degradation

More information

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

CTS2134 Introduction to Networking. Module 07: Wide Area Networks CTS2134 Introduction to Networking Module 07: Wide Area Networks WAN cloud Central Office (CO) Local loop WAN components Demarcation point (demarc) Consumer Premises Equipment (CPE) Channel Service Unit/Data

More information

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable

More information

Site to Site Virtual Private Networks (VPNs):

Site to Site Virtual Private Networks (VPNs): Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0

More information

WAN Technologies Based on CCNA 4 v3.1 Slides Compiled & modified by C. Pham

WAN Technologies Based on CCNA 4 v3.1 Slides Compiled & modified by C. Pham WAN Technologies Based on CCNA 4 v3.1 Slides Compiled & modified by C. Pham 1 Wide-area Networks (WANs) 2 Metropolitan-Area Network (MANs) 3 Path Determination 4 Internetworking Any internetwork must include

More information

Economic Research & Analysis. CostQuest Associates (CQA) Bandwidth Assessment Tool Glossary of Terms: Words & Acronyms June 2014

Economic Research & Analysis. CostQuest Associates (CQA) Bandwidth Assessment Tool Glossary of Terms: Words & Acronyms June 2014 CostQuest Associates (CQA) Economic Research & Analysis Bandwidth Assessment Tool Glossary of Terms: Words & Acronyms June 2014 CostQuest Associates (CQA) Economic Research & Analysis For further information

More information

1.264 Lecture 34. Telecom: Connecting wired LAN, WAN. Next class: Green chapter 17. Exercise due before class

1.264 Lecture 34. Telecom: Connecting wired LAN, WAN. Next class: Green chapter 17. Exercise due before class 1.264 Lecture 34 Telecom: Connecting wired LAN, WAN Next class: Green chapter 17. Exercise due before class 1 Exercise Your transportation brokerage company also handles billing for freight shipments,

More information

XDSL and DSLAM Access Technologies

XDSL and DSLAM Access Technologies XDSL and DSLAM Access Technologies Abstract What are the differences between the different forms of xdsl technology, such as ADSL and HDSL? How are they implemented. What are the limitations? What are

More information

Public Network. 1. Relatively long physical distance 2. Requiring a service provider (carrier) Branch Office. Home. Private Network.

Public Network. 1. Relatively long physical distance 2. Requiring a service provider (carrier) Branch Office. Home. Private Network. Introduction to LAN TDC 363 Week 4 Connecting LAN to WAN Book: Chapter 7 1 Outline Wide Area Network (WAN): definition WAN Topologies Choices of WAN technologies Dial-up ISDN T1 Frame Relay DSL Remote

More information

Wireless SDSL for the Business Sector

Wireless SDSL for the Business Sector Wireless SDSL for the Business Sector Broadband Services over BreezeACCESS VL June 2005 Alvarion Ltd. All rights reserved. The material contained herein is proprietary. No part of this publication may

More information

The BANDIT Products in Virtual Private Networks

The BANDIT Products in Virtual Private Networks encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their

More information

Chapter 6 Telecommunications, Networks, and Wireless. Computing

Chapter 6 Telecommunications, Networks, and Wireless. Computing Chapter 6 Telecommunications, Networks, and Wireless Computing Essay Questions: 1. Define a hub, switch, and a router. 2. List the challenges associated with managing contemporary telecommunications and

More information

Cisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X

Cisco 3745. Cisco 3845 X X X X X X X X X X X X X X X X X X Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module

More information

Security & Savings with Virtual Private Networks

Security & Savings with Virtual Private Networks Security & Savings with Virtual Private Networks In today s New Economy, small businesses that might have dealt with just local or regional concerns now have to consider global markets and logistics. Many

More information

Chapter 9. Internet. Copyright 2011 John Wiley & Sons, Inc 10-1

Chapter 9. Internet. Copyright 2011 John Wiley & Sons, Inc 10-1 Chapter 9 Internet Copyright 2011 John Wiley & Sons, Inc 10-1 Outline 9.2 - How the Internet Works - Basic Architecture - Connecting to an ISP - Internet Today 9.3 - Internet Access Technologies - DSL

More information

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring 2011. Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Chapter 5. Data Communication And Internet Technology

Chapter 5. Data Communication And Internet Technology Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN

More information

Monitoring Remote Access VPN Services

Monitoring Remote Access VPN Services CHAPTER 5 A remote access service (RAS) VPN secures connections for remote users, such as mobile users or telecommuters. RAS VPN monitoring provides all of the most important indicators of cluster, concentrator,

More information

A General Glossary of Telecommunications Terminology

A General Glossary of Telecommunications Terminology 1 A General Glossary of Telecommunications Terminology Analog Electronic transmission of voice and data accomplished by adding signals of varying frequency, or amplitude, to carrier waves of a given frequency

More information

Wholesale IP Bitstream on a Cable HFC infrastructure

Wholesale IP Bitstream on a Cable HFC infrastructure Wholesale IP Bitstream on a Cable HFC infrastructure In order to understand the issues related to an ISP reselling Cable Based Internet access it is necessary to look at similarities and dissimilarities

More information

Cable subscribers are connected directly to high speed lines while ADSL subscribers are connected directly to medium speed lines

Cable subscribers are connected directly to high speed lines while ADSL subscribers are connected directly to medium speed lines ADSL vs Cable Cable subscribers are connected directly to high speed lines while ADSL subscribers are connected directly to medium speed lines Cable subscribers share the line connecting them to neighbourhood

More information

Virtual Private Networks Solutions for Secure Remote Access. White Paper

Virtual Private Networks Solutions for Secure Remote Access. White Paper Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information

More information

VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers

VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers Q&A VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers OVERVIEW Q. What is a VPN? A. A VPN, or virtual private network, delivers the benefits of private network security,

More information

Chapter 1 Instructor Version

Chapter 1 Instructor Version Name Date Objectives: Instructor Version Explain how multiple networks are used in everyday life. Explain the topologies and devices used in a small to medium-sized business network. Explain the basic

More information

Integrated Services Router with the "AIM-VPN/SSL" Module

Integrated Services Router with the AIM-VPN/SSL Module Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Discovering Computers 2008. Chapter 9 Communications and Networks

Discovering Computers 2008. Chapter 9 Communications and Networks Discovering Computers 2008 Chapter 9 Communications and Networks Chapter 9 Objectives Discuss the the components required for for successful communications Identify various sending and receiving devices

More information

Network+ Guide to Networks 6 th Edition. Chapter 7 Wide Area Networks

Network+ Guide to Networks 6 th Edition. Chapter 7 Wide Area Networks Network+ Guide to Networks 6 th Edition Chapter 7 Wide Area Networks Objectives Identify a variety of uses for WANs Explain different WAN topologies, including their advantages and disadvantages Compare

More information

Understanding the Cisco VPN Client

Understanding the Cisco VPN Client Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a

More information

High Performance VPN Solutions Over Satellite Networks

High Performance VPN Solutions Over Satellite Networks High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Integrated Services Router with the "AIM-VPN/SSL" Module

Integrated Services Router with the AIM-VPN/SSL Module Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for

More information

Broadband Technology Clinic. Burlington Telecom Advisory Board

Broadband Technology Clinic. Burlington Telecom Advisory Board Broadband Technology Clinic Burlington Telecom Advisory Board 1 What are the Defining Characteristics of a Broadband Service? Speed - Throughput capability both down and upstream Performance - Latency

More information

IP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract

IP-VPN Architecture and Implementation O. Satty Joshua 13 December 2001. Abstract Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private

More information

Local-Area Network -LAN

Local-Area Network -LAN Computer Networks A group of two or more computer systems linked together. There are many [types] of computer networks: Peer To Peer (workgroups) The computers are connected by a network, however, there

More information

How DSL Works. by Curt Franklin

How DSL Works. by Curt Franklin by Curt Franklin How DSL Works When you connect to the Internet, you might connect through a regular modem, through a localarea network connection in your office, through a cable modem or through a digital

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

Computer Networking Networks

Computer Networking Networks Page 1 of 8 Computer Networking Networks 9.1 Local area network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as a home, school, office

More information

Frame Relay vs. IP VPNs

Frame Relay vs. IP VPNs Contents: The Case for Frame Relay The Case for IP VPNs Conclusion Frame Relay vs. IP VPNs 2002 Contents: Table of Contents Introduction 2 Definition of Terms 2 Virtual Privacy and 3 the Value of Shared

More information

1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network

1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network Review questions 1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network B Local area network C Client/server

More information

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0 COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.

More information

Broadband Definitions and Acronyms

Broadband Definitions and Acronyms The New Mexico Broadband Program Broadband Definitions and Acronyms Version 1, April 2013 Prepared for: The New Mexico Broadband Program NM Department of Information Technology http://www.doit.state.nm.us/broadband/

More information

Local Area Networks (LANs) Blueprint (May 2012 Release)

Local Area Networks (LANs) Blueprint (May 2012 Release) Local Area Networks (LANs) The CCNT Local Area Networks (LANs) Course April 2012 release blueprint lists the following information. Courseware Availability Date identifies the availability date for the

More information

Introduction to ADSL. NEXTEP Broadband White Paper. Broadband Networks Group. A primer on Asymmetric Digital Subscriber Line transmission technology.

Introduction to ADSL. NEXTEP Broadband White Paper. Broadband Networks Group. A primer on Asymmetric Digital Subscriber Line transmission technology. NEXTEP Broadband White Paper Introduction to ADSL A primer on Asymmetric Digital Subscriber Line transmission technology. A NEXTEP Broadband White Paper May 2001 Broadband Networks Group Introduction to

More information

The next generation of knowledge and expertise Wireless Security Basics

The next generation of knowledge and expertise Wireless Security Basics The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com

More information

DSL and Cable Modem Networks

DSL and Cable Modem Networks Presented by: C H A P T E R 7 DSL and Cable Modem Networks DSL and cable modem network access are two alternative ways to connect to a network service provider without the use of more expensive dedicated

More information

Branch Office VPN Tunnels and Mobile VPN

Branch Office VPN Tunnels and Mobile VPN WatchGuard Certified Training Branch Office VPN Tunnels and Mobile VPN Fireware XTM and WatchGuard System Manager v11.7 Revised: January 2013 Updated for: Fireware XTM v11.7 Notice to Users Information

More information

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Overview VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls Computer Net Lab/Praktikum Datenverarbeitung 2 1 VPN - Definition VPNs (Virtual Private Networks) allow secure data transmission

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

VPN. VPN For BIPAC 741/743GE

VPN. VPN For BIPAC 741/743GE VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,

More information

1.264 Lecture 21. Telecom network technology: Fiber, satellite, cellular telephony, cable modems, DSL

1.264 Lecture 21. Telecom network technology: Fiber, satellite, cellular telephony, cable modems, DSL 1.264 Lecture 21 Telecom network technology: Fiber, satellite, cellular telephony, cable modems, DSL Network technology We ve just covered the basic components of transmission, switching/ routing and physical

More information

White Paper. D-Link International Tel: (65) 6774 6233, Fax: (65) 6774 6322. E-mail: info@dlink.com.sg; Web: http://www.dlink-intl.

White Paper. D-Link International Tel: (65) 6774 6233, Fax: (65) 6774 6322. E-mail: info@dlink.com.sg; Web: http://www.dlink-intl. Introduction to Voice over Wireless LAN (VoWLAN) White Paper D-Link International Tel: (65) 6774 6233, Fax: (65) 6774 6322. Introduction Voice over Wireless LAN (VoWLAN) is a technology involving the use

More information

11/22/2013 1. komwut@siit

11/22/2013 1. komwut@siit 11/22/2013 1 Week3-4 Point-to-Point, LAN, WAN Review 11/22/2013 2 What will you learn? Representatives for Point-to-Point Network LAN Wired Ethernet Wireless Ethernet WAN ATM (Asynchronous Transfer Mode)

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

R2. The word protocol is often used to describe diplomatic relations. How does Wikipedia describe diplomatic protocol?

R2. The word protocol is often used to describe diplomatic relations. How does Wikipedia describe diplomatic protocol? Chapter 1 Review Questions R1. What is the difference between a host and an end system? List several different types of end systems. Is a Web server an end system? 1. There is no difference. Throughout

More information

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49

IP Security. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 IP Security Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security

More information

November 2013. Defining the Value of MPLS VPNs

November 2013. Defining the Value of MPLS VPNs November 2013 S P E C I A L R E P O R T Defining the Value of MPLS VPNs Table of Contents Introduction... 3 What Are VPNs?... 4 What Are MPLS VPNs?... 5 What Are the Benefits of MPLS VPNs?... 8 How Do

More information

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355 VPN This chapter describes how to configure Virtual Private Networks (VPNs) that allow other sites and remote workers to access your network resources. It includes the following sections: About VPNs, page

More information

Cisco Virtual Office Express

Cisco Virtual Office Express . Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside

More information

INTERNET ACCESS VIA CABLE TELEVISION NETWORK AS BETTER ALTERNATIVE FOR HOME NETWORK DEPLOYMENT

INTERNET ACCESS VIA CABLE TELEVISION NETWORK AS BETTER ALTERNATIVE FOR HOME NETWORK DEPLOYMENT EPRA International Journal of Multidisciplinary Research (IJMR) ISSN (Online): 2455-3662 SJIF Impact Factor: 3.395 (Morocco) Volume: 2 Issue: 1 January 2016 INTERNET ACCESS VIA CABLE TELEVISION NETWORK

More information

Cornerstones of Security

Cornerstones of Security Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to

More information

Appendix 1: Satellite broadband service providers

Appendix 1: Satellite broadband service providers Appendixes Appendix 1: Satellite broadband service providers In 2005 06, satellite broadband services were provided by the following companies: Australian Private Networks (ACTIV8me) Be Communications

More information

Configuring MPLS VPN & Remote Access. 12- ian- 2010

Configuring MPLS VPN & Remote Access. 12- ian- 2010 Configuring MPLS VPN & Remote Access 12- ian- 2010 What this lecture is about: Quick recap of MPLS and MPLS VPN. MPLS VPN configurahon. Cable technologies. DSL technologies. 3 MPLS VPN Reminder First,

More information

Virtual Private Networks

Virtual Private Networks 10 Virtual Private Networks Contents Overview..................................................... 10-4 VPN Tunnels.............................................. 10-4 IP Security (IPSec).........................................

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication

More information

Truffle Broadband Bonding Network Appliance

Truffle Broadband Bonding Network Appliance Truffle Broadband Bonding Network Appliance Reliable high throughput data connections with low-cost & diverse transport technologies PART I Truffle in standalone installation for a single office. Executive

More information

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode

13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode 13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4

More information