2 Objectives Describe the enterprise requirements for providing teleworker services Describe the teleworker requirements and recommended architecture for providing teleworking services. Explain how broadband services extend Enterprise Networks including DSL, cable, and wireless Describe the importance of VPN technology, including its role and benefits for enterprises and teleworkers. Describe how VPN technology provides secure teleworker services in an Enterprise setting 2
4 4 Business Requirements for Teleworker Services More and more companies are finding it beneficial to have teleworkers. The benefits of telecommuting extend well beyond the ability for businesses to make profits. Telecommuting affects the social structure of societies, and can have positive effects on the environment. Teleworker Benefits: Organizational benefits: Continuity of operations Increased responsiveness Secure, reliable, and manageable access to information Cost-effective integration of data, voice, video, and applications Increased employee productivity, satisfaction,, and retention Social benefits: Increased employment opportunities for marginalized groups Less travel and commuter related stress Environmental benefits: Reduced carbon footprints, both for individual workers and organizations
5 Teleworker Solution Organizations need secure, reliable, and cost-effective networks to connect corporate headquarters, branch offices, and suppliers. With the growing number of teleworkers, enterprises have an increasing need for secure, reliable, and cost-effective ways to connect to people working in SOHOs. In some cases, the remote locations only connect to the headquarters location, while in other cases, remote locations connect to multiple sites 5
6 Teleworker Solution A VPN is a private data network that uses the public telecommunication infrastructure. VPN security maintains privacy using a tunneling protocol and security procedures. 6
8 Connecting Teleworkers to the WAN Teleworkers typically use diverse applications ( , web-based apps, mission-critical apps, real-time collaboration, voice, video, and videoconf) that require a high-bandwidth connection. The choice of access network technology and the need to ensure suitable bandwidth are the first considerations when connecting teleworkers. The main connection methods used by home and small business users are: 8
9 Cable Popular option used by teleworkers to access their enterprise network. Coaxial cable is the primary medium used to build cable TV systems. Cable television first began in Pennsylvania in John Walson, needed to solve poor over-the-air reception problems. Most cable operators use satellite dishes to gather TV signals. Early systems were one-way, with cascading amplifiers placed in series along the network to compensate for signal loss. Modern cable systems provide two-way communication between subscribers and the cable operator. Cable operators now offer customers advanced telecommunications services, including high-speed Internet access, digital cable television, 9 and residential telephone service. Cable operators typically deploy hybrid fiber-coaxial (HFC) networks to enable high-speed transmission of data to cable modems located in a SOHO.
10 10 Cable
11 Cable The electromagnetic spectrum encompasses a broad range of frequencies. Radio waves, (called RF), constitute a portion of the electromagnetic spectrum between approximately 1 kilohertz (khz) through 1 terahertz. The cable TV industry uses a portion of the RF electromagnetic spectrum. Within the cable, different frequencies carry TV channels and data. A cable network is capable of transmitting signals on the cable in either direction at the same time. The following frequency scope is used: Downstream - The direction of an RF signal transmission i (TV channels and data) from the source (headend) to the destination (subscribers). Transmission from source to destination is called the forward path. 11 Downstream frequencies: range of 50 to 860 megahertz (MHz). Upstream - The direction of the RF signal transmission from subscribers to the headend, or the return or reverse path. Upstream frequencies are in the range of 5 to 42 MHz.
12 12 Cable
13 Cable 13 The Data-over-Cable Service Interface Specification (DOCSIS) is an international standard developed by CableLabs. DOCSIS defines the communications and operation support interface requirements for a data-over-cable system, and Permits the addition of high-speed data transfer to an existing CATV system. Cable operators employ DOCSIS to provide Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure. DOCSIS specifies the OSI Layer 1 and Layer 2 requirements: Physical layer - DOCSIS specifies the channel widths (bandwidths of each channel) as 200 khz, 400 khz, 800 khz, 1.6 MHz, 3.2 MHz, and 6.4 MHz. DOCSIS also specifies modulation techniques. MAC layer - Defines a deterministic access method, time-division multiple access (TDMA) or synchronous code division multiple access method (S- CDMA).
14 Cable 14 To understand the MAC layer requirements for DOCSIS, an explanation of how various communication technologies divide channel access is helpful. TDMA divides access by time. Frequency-division multiple access (FDMA) divides access by frequency. Code division multiple access (CDMA) employs spread-spectrum spectrum technology and a special coding scheme in which each transmitter is assigned a specific code. S-CDMA is a proprietary version of CDMA developed by Terayon Corporation for data transmission across coaxial cable networks. S-CDMA scatters digital data up and down a wide frequency band and allows multiple subscribers connected to the network to transmit and receive concurrently. S-CDMA is secure and extremely resistant to noise.
15 Cable Two types of equipment are required to send digital modem signals upstream and downstream on a cable system: Cable modem termination system (CMTS) attheheadend the headend of the cable operator Cable modem (CM) on the subscriber end 15
16 DSL DSL is a means of providing high-speed connections over installed copper wires. A typical voice conversation only required bandwidth of 300 Hz to 3 khz. For many years, the telephone networks did not use the bandwidth above 3 khz. Advances in technology allowed DSL to use the additional bandwidth from 3 khz up to 1 MHz to deliver high-speed data services over ordinary copper lines. 16
17 DSL Asymmetric DSL (ADSL) frequency range: 20 khz to 1 MHz. The two basic types of DSL technologies are asymmetric (ADSL) and symmetric (SDSL), and there are several varieties of each type. ADSL: higher downstream bandwidth than upload bandwidth. SDSL: provides the same capacity in both directions. The transfer rates are dependentd on the actual llength of the local lloop, and the type and condition of its cabling. The different varieties of DSL provide different bandwidths, some with capabilities exceeding those of a T1 or E1 leased line. For satisfactory service, the loop must be less than 5.5 kilometers. 17
18 DSL Facilities Service providers deploy DSL connections in the last step of a local telephone network, called the local loop or last mile. The connection is set up between CPE and the DSL access multiplexer (DSLAM) located at the central office (CO) of the provider DSLAM concentrates connections from multiple DSL subscribers. 18
19 DSL Facilities The two key components are the DSL transceiver and the DSLAM: Transceiver - Connects the computer of the teleworker to the DSL. Usually is a DSL modem connected to the computer. Newer DSL transceivers can be built into small routers with multiple 10/100 switch ports suitable for home office use. DSLAM - Located at the CO of the carrier. Combines individual DSL connections from users into one highcapacity link to an ISP, and thereby, to the Internet. The advantage that DSL has over cable technology is that DSL is not a shared medium. Each user has a separate direct connection to the DSLAM. 19 Adding users does not impede performance, unless the DSLAM Internet connection to the ISP, or the Internet, becomes saturated.
20 Benefits of ADSL The major benefit of ADSL is the ability to provide data services along with POTS voice services. The provider splits the POTS channel from the ADSL modem using filters or splitters. This guarantees uninterrupted phone service even if ADSL fails. When filters or splitters are in place, the phone line and the ADSL work simultaneously without adverse effects on either service. There are two ways to separate ADSL from voice at the customer premises: Microfilter.- Passive low-pass filter with two ends. One end connects to the telephone, and the other end connects to the telephone wall jack. 20 Splitter.- Passive device. In the event of a power failure, the voice traffic still travels to the voice switch in the CO of the carrier Separate the DSL traffic from the POTS traffic. Splitters are located at the CO or at the CPE. Separates the voice traffic, and the data traffic destined for the DSLAM.
21 21 Benefits of ADSL
22 22 Benefits of ADSL
23 Broadband Wireless 23 Using networking standards, data travels on radio waves networking is relatively easy to deploy because it uses the unlicensed radio spectrum to send and receive data. Computer manufacturers building-in wireless network adapters into most laptop computers. As the price of chipsets for Wi-Fi continues to drop, it is becoming a very economical networking option for desktop computers as well. The benefits of Wi-Fi extend beyond nothavingtouseor to or install wired network connections. Wireless networking provides mobility. Wireless connections provide increased flexibility and productivity to the teleworker.
24 Broadband Wireless New developments in broadband wireless technology are increasing wireless availability. These include: Municipal Wi-Fi WiMAX Satellite Internet Municipal i governments have joined the Wi-Fi revolution, often working with service providers, cities are deploying municipal wireless networks. Some of these networks provide high-speed Internet access at no cost or for substantially less than the price of other broadband d services. Other cities reserve their Wi-Fi networks for official use. 24
25 WiMAX WiMAX (Worldwide Interoperability for Microwave Access) is aimed at providing wireless data over long distances in a variety of ways, from pointto-point links to full mobile cellular type access. Operates at higher speeds, over greater distances, and for a greater number of users than Wi-Fi. A WiMAX network consists of two main components: A tower that is similar in concept to a cellular telephone tower. A single WiMAX tower can provide coverage to an area as large as 7,500 square kilometers. A WiMAX receiver that is similar in size and shape to a PCMCIA card, or built into a laptop or other wireless device. 25
26 WiMAX A WiMAX tower station connects directly to the Internet using a highbandwidth connection (for example, a T3 line). Atowercan also connect to other WiMAX towers using line-of-sight microwave links. WiMAX is thus able to provide coverage to rural areas out of reach of "last mile" cable and DSL technologies. 26
27 Satellite Internet Services 27 Used in locations where land-based Internet access is not available, or for temporary/mobile installations. Available worldwide, including for vessels at sea, airplanes in flight, and vehicles moving on land. There are three ways to connect to the Internet using satellites: One-way multicast satellite Internet systems are used for IP multicastbased data, audio, and video distribution. IP protocols require two-way communication. Full interactivity is not possible. One-way terrestrial return satellite Internet systems use traditional dialup access to send outbound data through a modem and receive downloads from the satellite. Two-way satellite Internet sends data from remote sites via satellite to a hub, which then sends the data to the Internet. The satellite dish at each hlocation needs precise positioning i to avoid interference with other satellites.
28 Satellite Internet Services The key installation requirement is for the antenna to have a clear view toward the equator, where most orbiting satellites are stationed. Trees and heavy rains can affect reception of the signals. Two-way satellite Internet uses IP multicasting technology, which allows one satellite to serve up to 5,000 communication channels simultaneously. IP multicast sends data from one point to many points at the same time by sending data in a compressed format. 28
29 Wireless Standards The most common standards are included in the IEEE WLAN standard (5 GHz and 2.4 GHz public unlicensed spectrum bands). The terms and Wi-Fi appear interchangeably, but this is incorrect. Wi-Fi is an industry-driven interoperability certification based on a subset of The Wi-Fi specification came about because market demand. The most popular access approaches to connectivity are those defined by the IEEE b and IEEE g protocols. The latest standard, d n, adds multiple-input l i t multiple-output l t t(mimo) (MIMO). The (or WiMAX) standard allows transmissions up to 70 Mb/s, and has a range of up to 30 miles (50 km). 29 It can operate in licensed or unlicensed bands of the spectrum from 2 to 6 GHz.
31 VPN Beneficts The Internet is a worldwide, publicly accessible IP network. It is a public infrastructure poses security risks to enterprises and their internal networks. VPN enables organizations to create private networks over the public Internet infrastructure that maintain confidentiality and security. With VPNs to remain private, the traffic is encrypted. VPN uses virtual connections that are routed through the Internet. An understanding of VPN technology is essential to be able to implement secure teleworker services on enterprise networks. 31
32 VPN Beneficts VPNs increase flexibility and productivity. Remote sites and teleworkers can connect securely to the corporate network. Data on a VPN is encrypted and undecipherable to anyone not entitled to have it. VPNs bring remote hosts inside the firewall, giving them close to the same levels of access to network devices as if they were in a corporate office. Consider these benefits when using VPNs: Cost savings Security 32 Scalability Organizations, big and small, are able to add large amounts of capacity without adding significant infrastructure.
33 Site-to-site VPNs Organizations use site-to-site VPNs to connect dispersed locations in the same way as a leased line or Frame Relay connection is used. Because most organizations now have Internet access, it makes sense to take advantage of the benefits of site-to-site VPNs. Site-to-site VPNs also support company intranets and business partner extranets. In effect, a site-to-site VPN is an extension of classic WAN networking. Site-to-site VPNs connect entire networks to each other. In a site-to-site t VPN, hosts send and receive TCP/IP traffic through h a VPN gateway, which could be a router, PIX firewall appliance, or an Adaptive Security Appliance (ASA). 33
34 Site-to-site VPNs The VPN gateway is responsible for: Encapsulating and encrypting outbound traffic for all of the traffic from a particular site and sending it through a VPN tunnel over the Internet to a peer VPN gateway at the target site. On receipt, the peer VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network. 34
35 Remote-access VPN Mobile users and telecommuters use remote access VPNs extensively. In the past, corporations supported remote users using dialup networks. Most teleworkers now have access to the Internet from their homes and can establish remote VPNs using broadband connections. Remote access VPNs can support the needs of telecommuters, mobile users, as well as extranet consumer-to-business. In a remote-access VPN, each host typically has VPN client software. 35
36 VPN Components A VPN creates a private network over a public network infrastructure while maintaining confidentiality and security. VPNs use cryptographic tunneling protocols to provide protection against packet sniffing, sender authentication, and message integrity. Components required to establish this VPN include: 1. An existing network with servers and workstations 2. A connection to the Internet 3. VPN gateways, that act as endpoints to establish, manage, and control VPN connections 4. Appropriate software to create and manage VPN tunnels The key to VPN effectiveness is security. VPNs secure data by 36 encapsulating or encrypting the data. Most VPNs can do both. Encapsulation or tunneling, transmits data transparently from network to network through a shared network infrastructure. Encryption codes data into a different format using a secret key. Decryption decodes encrypted data
37 Secure VPN Characteristics 37 Data confidentiality A common security concern is protecting data from eavesdroppers. Protecting the contents of messages from interception by unauthenticated or unauthorized sources. VPNs achieve confidentiality using mechanisms of encapsulation and encryption. Data integrity Receivers have no control over the path the data has traveled and therefore do not know if the data has been seen or handled. There is always the possibility that the data has been modified. Data integrity guarantees that no tampering or alterations occur to data. VPNs typically use hashesh to ensure data integrity. i Authentication Authentication ensures that a message comes from an authentic source and goes to an authentic destination. VPNs can use passwords, digital certificates, smart cards, and biometrics to establish the identity of parties at the other end of a network.
38 VPN Tunneling 38 Appropriate data confidentiality capabilities into a VPN ensures that only the sources and destinations can interpret the original message contents. Tunneling allows the use of public networks like the Internet to carry data for users as though the users had access to a private network. Tunneling encapsulates an entire packet within another packet and sends the new, composite packet over a network. Tunneling Protocols Carrier protocol: The protocol over which the information is traveling (Frame Relay, ATM, MPLS). Encapsulating protocol: The protocol that is wrapped around the original data (GRE, IPSec, L2F, PPTP, L2TP). Passenger protocol: The protocol over which h the original i ldata was being carried (IPX, AppleTalk, IPv4, IPv6).
39 VPN Tunneling Consider an message traveling through the Internet over a VPN. PPP carries the message to the VPN device, where the message is encapsulated within a Generic Route Encapsulation (GRE) packet. GRE is a tunneling protocol (Cisco) that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to- point link to Cisco routers at remote points over an IP internetwork. The outer packet source and destination addressing is assigned to "tunnel interfaces" and is made routable across the network. Once a composite packet reaches the destination tunnel interface, the inside packet is extracted. 39
40 VPN Data Integrity To keep the data private, it needs to be encrypted. VPN encryption encrypts the data and renders it unreadable to unauthorized receivers. For encryption to work, both the sender and the receiver must know the rules used to transform the original message into its coded form. VPN encryption rules include an algorithm and a key. An algorithm is a mathematical function that combines a message, text, digits, or all three with a key. The output is an unreadable cipher string. Decryption:extremelydifficult extremely or impossible without the correct key. 40
41 VPN Data Integrity 41 The degree of security provided by any encryption algorithm depends on the length of the key. For any ygiven key length, the time that it takes to process all of the possibilities to decrypt cipher text is a function of the computing power of the computer. Therefore, the shorter the key, the easier it is to break,, but at the same time, the easier it is to pass the message. More common encryption algorithms and the length of keys they use: Data Encryption Standard (DES) algorithm - Developed by IBM, DES uses a 56-bit key, ensuring high-performance encryption. DES is a symmetric key cryptosystem. Triple DES (3DES) algorithm - A newer variant of DES that encrypts with one key, decrypts with another different key, and then encrypts one final time with another key. 3DES provides significantly more strength to the encryption process.
42 VPN Data Integrity More common encryption algorithms and the length of keys they use: Advanced Encryption Standard (AES) - The National Institute of Standards and Technology (NIST) adopted AES to replace the existing DES encryption in cryptographic devices. AES provides stronger security than DES and is computationally more efficient than 3DES. AES offers three different key lengths: 128, 192, and 256-bit keys. Rivest, Shamir, and Adleman (RSA) - An asymmetrical key cryptosystem. The keys use a bit length of 512, 768, 1024, or larger. 42
43 Symmetric Encryption Encryption algorithms such as DES and 3DES require a shared secret key to perform encryption and decryption. Each of the two computers must know the key to decode the information. With symmetric key encryption (secret key encryption), each computer encrypts the information before sending it over the network. Symmetric key encryption requires knowledge of which computers will be talking to each other so that the same key can be configured on each computer. The question is, how do the encrypting and decrypting devices both have the shared secret key? 43
44 Asymmetric Encryption Asymmetric encryption uses different keys for encryption and decryption. One key encrypts the message A second key decrypts the message. It is not possible to encrypt and decrypt with the same key. Public key encryption is a variant of asymmetric encryption that uses a combination of a private key and a public key. The recipient gives a public key to any sender. The sender uses a private key combined with the recipient's public key to encrypt the message. Also, the sender must share their public key with the recipient. To decrypt a message, the recipient will use the public key of the sender 44 with their own private key.
45 Hash: Data Integrity and Authentication 45 Hashes contribute to data integrity and authentication. A hash, also called a message digest, is a number generated from a string of text. The hash is smaller than the text itself. The original sender generates a hash of the message and sends it with the message itself. The recipient decrypts the message and the hash, produces another hash from the received message, and compares the two hashes. If match, it can be sure of the integrity of the message. VPNs use a message authentication i code to verify the integrityi and dthe authenticity of a message, without using any additional mechanisms. A keyed hashed message authentication code (HMAC) is a data integrity algorithm that t guarantees the integrityi of fthe message. A HMAC has two parameters: a message input and a secret key known only to the sender and intended receivers.
46 Hash: Data Integrity and Authentication The message sender uses a HMAC function to produce a value (the message authentication code), formed by condensing the secret key and the message input. The message authentication code is sent along with the message. There are two common HMAC algorithms: Message Digest 5 (MD5) - Uses a 128-bit shared secret key. The variable length message and 128-bit shared secret key are combined and run through the HMAC-MD5 hash algorithm. The output is a 128-bit hash. h The hash is appended to the original message and forwarded to the remote end. 46 Secure Hash Algorithm 1 (SHA-1) - Uses a 160-bit secret key. The variable length message and the 160-bit shared secret key are combined and run through the HMAC-SHA-1 hash algorithm. The output is a 160-bit hash. The hash is appended to the original message and forwarded to the remote end.
47 47 Hash: Data Integrity and Authentication
48 VPN Authentication The device on the other end of the VPN tunnel must be authenticated. There are two peer authentication methods: Pre-shared key (PSK) - A secret key that is shared between the two parties using a secure channel before it needs to be used. PSKs use symmetric key cryptographic algorithms. A PSK is entered into each peer manually. At each end, the PSK is combined with other information to form the authentication key. RSA signature - Uses the exchange of digital certificates to authenticate the peers. The local device derives a hash and encrypts it with its private key. 48 The encrypted hash (digital signature) is attached to the message and forwarded to the remote end. At the remote end,, the encrypted hash is decrypted using the public key of the local end. If the decrypted and recomputed hash match, the signature is genuine.
49 VPN Authentication 49 The device on the other end of the VPN tunnel must be authenticated before the communication path is considered secure.
50 Ipsec Security Protocols IPsec is protocol suite for securing IP communications which provides encryption, integrity, and authentication. IPsec spells out the messaging necessary to secure VPN communications, but relies on existing algorithms. There are two main IPsec framework protocols. Authentication Header (AH) Encapsulating Security Payload (ESP) 50
51 Ipsec Security Protocols Authentication Header (AH) Use when confidentiality is not required or permitted. AH provides data authentication and integrity for IP packets passed between two systems. It verifies that any message passed has not been modified during transit. It also verifies the origin i of the data. AH does not provide data confidentiality (encryption) of packets. Used alone, the AH protocol provides weak protection. Consequently, it is used with the ESP protocol to provide data encryption and tamper-aware security features. 51
52 Ipsec Security Protocols Encapsulating Security Payload (ESP) Provides confidentiality and authentication by encrypting the IP packet. IP packet encryption conceals the data and the identities of the source and destination. ESP authenticates the inner IP packet and ESP header. Authentication i provides data origin i authentication i and data integrity. i Although both encryption and authentication are optional in ESP, at a minimum, one of them must be selected. 52
53 IPsec Framework IPsec relies on existing algorithms to implement encryption, authentication, and key exchange. Some of the standard algorithms that IPsec uses are as follows: DES - Encrypts and decrypts packet data. 3DES - Provides significant encryption strength over 56-bit DES. AES - Provides stronger encryption, and dfaster throughput. h MD5 - Authenticates packet data, using a 128-bit shared secret key. SHA-1 - Authenticates packet data, using a 160-bit shared secret key. DH - Allows two parties to establish a shared secret key used by encryption and hash algorithms, for example, DES and MD5, over an insecure communications channel. 53
54 IPsec Framework When configuring an IPsec gateway to provide security services: Choose an IPsec protocol. The choices are ESP or ESP with AH. Choose an encryption algorithm if IPsec is implemented with ESP. Appropriated for the desired level of security: DES, 3DES, or AES. Choose authentication algorithm to provide data integrity: MD5 or SHA. Choose the Diffie-Hellman (DH) algorithm group. Which establishes the sharing of key information between peers. Choose which group to use, DH1 or DH2. 54
55 Summary Requirements for providing teleworker services are: Maintains continuity of operations Provides for increased services Secure & reliable access to information Cost effective Scalable Components needed for a teleworker to connect to an organization s network are: Home components Corporate components 55
56 Summary 56 Broadband services used Cable transmits signal in either direction simultaneously DSL requires minimal changes to existing telephone infrastructure delivers high bandwidth data rates to customers Wireless increases mobility wireless availability via: Municipal WiFi WiMax Satellite internet
57 Summary Securing teleworker services VPN security achieved through using Advanced encryption techniques Tunneling Characteristics of a secure VPN Data confidentiality Data integrity authentication 57
Network+ Guide to Networks, Fourth Edition Chapter 7 WANs, Internet Access, and Remote Connectivity Objectives Identify a variety of uses for WANs Explain different WAN topologies, including their advantages
Introduction to Security and PIX Firewall Agenda Dag 28 Föreläsning LAB PIX Firewall VPN A Virtual Private Network (VPN) is a service offering secure, reliable connectivity over a shared, public network
CCNA Security 1.1 Instructional Resource Chapter 8 Implementing Virtual Private Networks 2012 Cisco and/or its affiliates. All rights reserved. 1 Describe the purpose and types of VPNs and define where
VPN Date: 4/15/2004 By: Heena Patel Email:email@example.com What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
Outline Virtual Private Networks Cmput 410 Presentations November 25-2004 Introduction Types of VPNs Tunneling Security Encryption Future of VPNs VPN - Definition Introduction a way to provide remote access
Computer Networks and Internets, 5e Chapters 12 and 16 Access and Interconnection Technologies (slidesets abridged/combined) By Douglas Comer Modified from the lecture slides of Lami Kaya (LKaya@ieee.org)
ADSL part 2, Cable Internet, Cellular 20 June 2016 Lecture 12 20 June 2016 SE 428: Advanced Computer Networks 1 Topics for Today ADSL Cable Internet Cellular Radio Networks 20 June 2016 SE 428: Advanced
Lecture 10: Virtual LANs (VLAN) and Virtual Private Networks (VPN) Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 10-1 Virtual LANs Description: Group of devices
Appendix A: Basic network architecture TELECOMMUNICATIONS LOCAL ACCESS NETWORKS Traditionally, telecommunications networks are classified as either fixed or mobile, based on the degree of mobility afforded
APPENDIX B This appendix introduces the concepts of Internet Security Protocol (IPSec), virtual private networks (VPNs), and firewalls, as they apply to monitoring with Performance Monitor: Overview: IPSec
How Virtual Private Networks Work by Jeff Tyson This article has been reprinted from http://computer.howstuffworks.com/ Please note that the web site includes two animated diagrams which explain in greater
ADSL or Asymmetric Digital Subscriber Line Backbone Bandwidth Bit Commonly called DSL. Technology and equipment that allow high-speed communication across standard copper telephone wires. This can include
9-11 TELEPHONE NETWORK Chapter 9 Using Telephone and Cable Networks for Data Transmission 1 McGraw-Hill Copyright The McGraw-Hill Companies, Inc. Permission required The for reproduction McGraw-Hill or
ORGANIZATION OF AMERICAN STATES INTER-AMERICAN TELECOMMUNICATION COMMISSION PERMANENT CONSULTATIVE COMMITTEE I: TELECOMMUNICATION STANDARDIZATION Standards Coordination Document Nr. 10: ITU-T RECOMMENDATION
APNIC elearning: IPSec Basics Contact: firstname.lastname@example.org esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations
VIRTUAL PRIVATE NETWORKS (VPN) Niti gupta Traditional Connectivity [From Gartner Consulting] What is VPN? Virtual Private Network is a type of private network that uses public telecommunication, such as
THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT October 2009 EXAMINERS' REPORT Computer Networks General Comments The responses to questions were of marginally better quality than April 2009
Getting Broadband FCC Consumer Facts What Is Broadband? Broadband or high-speed Internet access allows users to access the Internet and Internetrelated services at significantly higher speeds than those
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
Broadband Primer A Guide to High Speed Internet Technologies Indiana Office of Utility Consumer Counselor 100 N. Senate Av., Room N501 Indianapolis, IN 46204-2215 www.openlines.in.gov toll-free: 1-888-441-2494
Broadband 101: Installation and Testing Fanny Mlinarsky Introduction Today the Internet is an information superhighway with bottlenecks at every exit. These congested exits call for the deployment of broadband
Virtual Private Networks Rene Bahena Felipe Flores COEN 150 Project Report Chapter 1: What is a VPN? VPN stands for Virtual Private Network and is a way of making a secure remote connection to a private
Intel System Engineers Documents DSL General Overview Alex Lattanzi SC LAR Whatt IIs Brroadband? Broadband describes a number of different technologies that deliver digital data to homes and businesses
WAN Technologies Based on CCNA 4 v3.1 Slides Compiled & modified by C. Pham 1 Wide-area Networks (WANs) 2 Metropolitan-Area Network (MANs) 3 Path Determination 4 Internetworking Any internetwork must include
CTS2134 Introduction to Networking Module 07: Wide Area Networks WAN cloud Central Office (CO) Local loop WAN components Demarcation point (demarc) Consumer Premises Equipment (CPE) Channel Service Unit/Data
CostQuest Associates (CQA) Economic Research & Analysis Bandwidth Assessment Tool Glossary of Terms: Words & Acronyms June 2014 CostQuest Associates (CQA) Economic Research & Analysis For further information
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
Broadband Access Technologies Chris Wong Communications Engineering Sector Analysis & Reporting Branch International Training Program 23 October 2007 Presentation Outline What is broadband? What are the
Remote Connectivity for mysap.com Solutions over the Technical Specification June 2009 Remote Connectivity for mysap.com Solutions over the page 2 1 Introduction SAP has embarked on a project to enable
Cable Modems Definition Cable modems are devices that allow high-speed access to the Internet via a cable television network. While similar in some respects to a traditional analog modem, a cable modem
Residential Broadband: Technologies for High-Speed Access To Homes The Ohio State University Columbus, OH 43210-1277 1277 http://www.cse.ohio-state.edu/~jain/ 1 Overview 56 kbps Modems, ISDN ADSL, VDSL
Using Application Layer Technology to Overcome the Impact of Satellite Circuit Latency on VPN Performance Ground Control February 2003 Abstract This paper explains the source of severe throughput degradation
Site to Site Virtual Private Networks Programme NPFIT DOCUMENT RECORD ID KEY Sub-Prog / Project Information Governance NPFIT-FNT-TO-IG-GPG-0002.01 Prog. Director Mark Ferrar Owner Tim Davis Version 1.0
encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their
1 A General Glossary of Telecommunications Terminology Analog Electronic transmission of voice and data accomplished by adding signals of varying frequency, or amplitude, to carrier waves of a given frequency
Security & Savings with Virtual Private Networks In today s New Economy, small businesses that might have dealt with just local or regional concerns now have to consider global markets and logistics. Many
1Introduction to VPN VPN Concepts, Tips, and Techniques There have been many improvements in the Internet including Quality of Service, network performance, and inexpensive technologies, such as DSL. But
CHAPTER 5 A remote access service (RAS) VPN secures connections for remote users, such as mobile users or telecommuters. RAS VPN monitoring provides all of the most important indicators of cluster, concentrator,
Data Sheet Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module
Chapter 6 Telecommunications, Networks, and Wireless Computing Essay Questions: 1. Define a hub, switch, and a router. 2. List the challenges associated with managing contemporary telecommunications and
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
ADSL vs Cable Cable subscribers are connected directly to high speed lines while ADSL subscribers are connected directly to medium speed lines Cable subscribers share the line connecting them to neighbourhood
INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture
Virtual Private Networks Solutions for Secure Remote Access White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information
Discovering Computers 2008 Chapter 9 Communications and Networks Chapter 9 Objectives Discuss the the components required for for successful communications Identify various sending and receiving devices
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
print email Article ID: 4936 Configuring a Site-to-Site VPN Tunnel Between RV Series Routers and ASA 5500 Series Adaptive Security Appliances Objective Security is essential to protect the intellectual
Abstract Virtual Private Networks (VPNs) are today becoming the most universal method for remote access. They enable Service Provider to take advantage of the power of the Internet by providing a private
Wholesale IP Bitstream on a Cable HFC infrastructure In order to understand the issues related to an ISP reselling Cable Based Internet access it is necessary to look at similarities and dissimilarities
WAN Data Link Protocols In addition to Physical layer devices, WANs require Data Link layer protocols to establish the link across the communication line from the sending to the receiving device. 1 Data
Q&A VPN Modules for Cisco 1841 and Cisco 2800 and 3800 Series Integrated Services Routers OVERVIEW Q. What is a VPN? A. A VPN, or virtual private network, delivers the benefits of private network security,
Local Area Networks (LANs) The CCNT Local Area Networks (LANs) Course April 2012 release blueprint lists the following information. Courseware Availability Date identifies the availability date for the
Page 1 of 8 Computer Networking Networks 9.1 Local area network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as a home, school, office
NEXTEP Broadband White Paper Introduction to ADSL A primer on Asymmetric Digital Subscriber Line transmission technology. A NEXTEP Broadband White Paper May 2001 Broadband Networks Group Introduction to
VPN For BIPAC 741/743GE August, 2003 1 The router supports VPN to establish secure, end-to-end private network connections over a public networking infrastructure. There are two types of VPN connections,
Chapter 1 Review Questions R1. What is the difference between a host and an end system? List several different types of end systems. Is a Web server an end system? 1. There is no difference. Throughout
Virtual Private Network (VPN) Advanced Integration Module (AIM) for the 1841 Integrated Services Router and 2800 and 3800 Series Integrated Services Routers The VPN Advanced Integration Module (AIM) for
The New Mexico Broadband Program Broadband Definitions and Acronyms Version 1, April 2013 Prepared for: The New Mexico Broadband Program NM Department of Information Technology http://www.doit.state.nm.us/broadband/
11/22/2013 1 Week3-4 Point-to-Point, LAN, WAN Review 11/22/2013 2 What will you learn? Representatives for Point-to-Point Network LAN Wired Ethernet Wireless Ethernet WAN ATM (Asynchronous Transfer Mode)
Contents: The Case for Frame Relay The Case for IP VPNs Conclusion Frame Relay vs. IP VPNs 2002 Contents: Table of Contents Introduction 2 Definition of Terms 2 Virtual Privacy and 3 the Value of Shared
Network+ Guide to Networks 6 th Edition Chapter 7 Wide Area Networks Objectives Identify a variety of uses for WANs Explain different WAN topologies, including their advantages and disadvantages Compare
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
by Curt Franklin How DSL Works When you connect to the Internet, you might connect through a regular modem, through a localarea network connection in your office, through a cable modem or through a digital
The next generation of knowledge and expertise Wireless Security Basics HTA Technology Security Consulting., 30 S. Wacker Dr, 22 nd Floor, Chicago, IL 60606, 708-862-6348 (voice), 708-868-2404 (fax), www.hta-inc.com
COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.
. Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside
Computer Networks A group of two or more computer systems linked together. There are many [types] of computer networks: Peer To Peer (workgroups) The computers are connected by a network, however, there
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
Truffle Broadband Bonding Network Appliance Reliable high throughput data connections with low-cost & diverse transport technologies PART I Truffle in standalone installation for a single office. Executive
Review questions 1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network B Local area network C Client/server
1.264 Lecture 21 Telecom network technology: Fiber, satellite, cellular telephony, cable modems, DSL Network technology We ve just covered the basic components of transmission, switching/ routing and physical
WatchGuard Certified Training Branch Office VPN Tunnels and Mobile VPN Fireware XTM and WatchGuard System Manager v11.7 Revised: January 2013 Updated for: Fireware XTM v11.7 Notice to Users Information
Broadband Wireless Access Overview 2-way Wireless Internet Wireless Internet serves both business and residential customers using the same infrastructure 1.0 Background The fast paced demand for high-speed
Network Security  Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead