Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services



Similar documents
Describe the enterprise requirements for providing teleworker services Describe the teleworker requirements and recommended architecture for

CCNA Security 1.1 Instructional Resource

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

Chapter 9 Using Telephone and Cable Networks for Data Transmission

Understanding the Cisco VPN Client

VPN. Date: 4/15/2004 By: Heena Patel

Technical papers Virtual private networks

Introduction to Security and PIX Firewall

Cisco Which VPN Solution is Right for You?

Appendix A: Basic network architecture

VPN. VPN For BIPAC 741/743GE

1.264 Lecture 34. Telecom: Connecting wired LAN, WAN. Next class: Green chapter 17. Exercise due before class

How Virtual Private Networks Work

Chapter 9A. Network Definition. The Uses of a Network. Network Basics

Public Network. 1. Relatively long physical distance 2. Requiring a service provider (carrier) Branch Office. Home. Private Network.

ADSL or Asymmetric Digital Subscriber Line. Backbone. Bandwidth. Bit. Bits Per Second or bps

A General Glossary of Telecommunications Terminology

Chapter 5. Data Communication And Internet Technology

Exam questions. 1. Which of the following are true regarding xdsl? Choose three. It uses a portion of the existing phone line.

Residential Broadband: Technologies for High-Speed Access To Homes

VPN SECURITY. February The Government of the Hong Kong Special Administrative Region

How To Get High Speed Internet In Australia

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Getting Broadband. FCC Consumer Facts. What Is Broadband?

Broadband 101: Installation and Testing

Monitoring Remote Access VPN Services

Network+ Guide to Networks 6 th Edition. Chapter 7 Wide Area Networks

Broadband Primer. A Guide to High Speed Internet Technologies. Indiana Office of Utility Consumer Counselor

CTS2134 Introduction to Networking. Module 07: Wide Area Networks

XDSL and DSLAM Access Technologies

Appendix 1: Satellite broadband service providers

Chapter 9. Internet. Copyright 2011 John Wiley & Sons, Inc 10-1

VPN VPN requirements Encryption VPN-Types Protocols VPN and Firewalls

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Viewing VPN Status, page 335. Configuring a Site-to-Site VPN, page 340. Configuring IPsec Remote Access, page 355

Virtual Private Networks

Virtual Private Network and Remote Access Setup

Chapter 1 Instructor Version

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Site to Site Virtual Private Networks (VPNs):

Building integrated services intranets

R2. The word protocol is often used to describe diplomatic relations. How does Wikipedia describe diplomatic protocol?

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Narrowband and Broadband Access Technologies

The BANDIT Products in Virtual Private Networks

ADSL part 2, Cable Internet, Cellular

Chapter 4 Virtual Private Networking

How To Understand And Understand The Security Of A Key Infrastructure

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Application Note: Onsight Device VPN Configuration V1.1

Overview. Protocols. VPN and Firewalls

Connection Services. Hakim S. ADICHE, MSc

AN OVERVIEW OF REMOTE ACCESS VPNS: ARCHITECTURE AND EFFICIENT INSTALLATION

High Performance VPN Solutions Over Satellite Networks

Evaluating Bandwidth Optimization Technologies: Bonded Internet

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

Overview of WAN Connections Module 1

THE BCS PROFESSIONAL EXAMINATIONS BCS Level 5 Diploma in IT. October 2009 EXAMINERS' REPORT. Computer Networks

Chapter 8 Virtual Private Networking

ADSL BROADBAND BASICS FOR THE DOMESTIC USER. The Main Limitations of ADSL Broadband are as follows.

Intranet Security Solution

Broadband Access Technologies

Cisco Virtual Office Express

Local Area Networks (LANs) Blueprint (May 2012 Release)

Wholesale IP Bitstream on a Cable HFC infrastructure

Wholesale Partner Technical Guide

INTERNET ACCESS VIA CABLE TELEVISION NETWORK AS BETTER ALTERNATIVE FOR HOME NETWORK DEPLOYMENT

Broadband Definitions and Acronyms

Implementing and Managing Security for Network Communications

Virtual Private Networks (VPN) Connectivity and Management Policy

Wireless SDSL for the Business Sector

Today s Topics SSL/TLS. Certification Authorities VPN. Server Certificates Client Certificates. Trust Registration Authorities

IP-VPN Architecture and Implementation O. Satty Joshua 13 December Abstract

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Voice and Delivery Data Networks

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Residential Broadband: Technologies for High-Speed Access To Homes

Network Access Security. Lesson 10

By: Mohsen Aminifar Fall 2014

Introduction. Technology background

"ASM s INTERNATIONAL E-Journal on Ongoing Research in Management and IT"

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Configuring MPLS VPN & Remote Access. 12- ian- 2010

Cisco Cisco 3845 X X X X X X X X X X X X X X X X X X

Virtual Private Networks: IPSec vs. SSL

Securing Modern Substations With an Open Standard Network Security Solution. Kevin Leech Schweitzer Engineering Laboratories, Inc.

Unified Services Routers

IPv6 Broadband Access Network Systems

CCNP: Implementing Secure Converged Wide-area Networks

CSCI Topics: Internet Programming Fall 2008

Branch Office VPN Tunnels and Mobile VPN

ISG50 Application Note Version 1.0 June, 2011

WAN Data Link Protocols

Analysis of xdsl Technologies

Cisco RV 120W Wireless-N VPN Firewall

Secure Network Design: Designing a DMZ & VPN

VIRTUAL PRIVATE NETWORK MANAGEMENT

ICTNPL5071A Develop planning strategies for core network design

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

Transcription:

ITE I Chapter 6 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Providing Teleworker Services Describe the enterprise requirements for providing teleworker services Explain how broadband services extend Enterprise Networks including DSL, cable, and wireless Describe how VPN technology provides secure teleworker services in an Enterprise setting Accessing the WAN Chapter 6 2 Teleworking Remote Connection Options A broad term referring to conducting work by connecting to a workplace from a remote location, with the assistance of telecommunications. Possible because of broadband Internet connections, virtual private networks (VPN), and more advanced technologies, including Voice over IP (VoIP) and videoconferencing. Teleworking can save money otherwise spent on travel, infrastructure, and facilities support. Residential cable, DSL and broadband wireless are three options that provide high bandwidth to teleworkers. 3 4 Providing Teleworker Services A VPN is a private data network that uses the public telecommunication infrastructure, i.e. the Internet. VPN security maintains privacy using a tunneling protocol and security procedures. Connecting Teleworkers to the Corporate WAN 5 6

Residential Cable Broadband (CATV) Cable Broadband Uses fibre and coaxial cable for signal transmission Headend Where signals are first received, processed, formatted, and distributed downstream to the cable network The distribution network consists of trunk and feeder cables Subscriber drop coaxial cable Splitter connects topbox and cable modem Cable modem provides an Ethernet connection to a host computer or LAN 7 8 Cable Broadband Users on a segment share bandwidth Downstream bandwidth is usually greater than upstream bandwidth An individual subscriber can typically get an access speed of between 256 kb/s and 6 Mb/s. DOCSIS, a non-profit research and development consortium for cable-related technologies Cable operators employ DOCSIS to provide Internet access over their existing hybrid fiber-coaxial (HFC) infrastructure Euro-DOCSIS variation for use in Europe 9 Delivers high bandwidth over local loop copper wires Asymmetric (ADSL) Lower upload bandwidth residential use Symmetric (SDSL) Same bandwidth in both directions business use Available DSL services and bandwidths depends on length and quality of local loop - loop must be less than 5.5 kilometers (3.5 miles) At best, bandwidth can exceed a T1 line The advantage of DSL over cable technology is that DSL is not a shared medium. Each user has a separate direct connection to the central office (CO) of the provider. 10 Plain old telephone service (POTS) only uses the lower frequency range. Remaining frequency space used by the upstream and downstream DSL signals. DSL access multiplexer (DSLAM) located at the central office (CO) of the provider concentrates connections from multiple DSL subscribers. 11 12

POTS splitter separates the DSL traffic from the POTS traffic. One wire would go directly to the DSL modem, and the other would carry the DSL signal to the telephones. Alternatively, use microfilters The user connects inline microfilters on each telephone Can connect DSL modem or telephone to any access point No installation required, more flexible Asymmetric (ADSL) Lower upload bandwidth residential use Symmetric (SDSL) Same bandwidth in both directions business use Available DSL services and bandwidths depends on length and quality of local loop - loop must be less than 5.5 kilometers (3.5 miles) At best, bandwidth can exceed a T1 line 13 14 Broadband Wireless 802.11b WLAN connection to wired networks Covers limited area Wi-Fi hotspots 802.16 (or WiMAX) Allows transmissions up to 70 Mb/s, and has a range of up to 30 miles Providing wireless data in a variety of ways, from point-to-point links to full mobile cellular type access Satellite Internet One-way multicast Internet pages be "pushed" to local storage at enduser sites by satellite Internet One-way terrestrial return dialup access to send outbound data through a modem and receive downloads from the satellite. Two-way satellite Satellite dish at each location needs precise positioning to avoid interference with other satellites. 15 16 Virtual Private Networks (VPNs) VPN technology used to create private networks over the public Internet infrastructure that maintain confidentiality and security Benefits of using VPNs: Cost savings Security Scalability Site-to-site VPN Hosts send and receive traffic through a VPN gateway A VPN gateway could be a router, PIX firewall, or an Adaptive Security Appliance (ASA). Remote-access VPN Site-to-Site and Remote Access VPNs 17 18 Each host typically has VPN client software

VPN Security VPNs secure data by encapsulating (tunnelling) and/or encrypting the data. Data confidentiality Protect data from eavesdroppers Data integrity Guarantee that no tampering or alterations occur to data while it travels between the source and destination. Authentication Use passwords, digital certificates, smart cards, and biometrics to establish the identity of parties at the other end of a network. 19 VPN Tunneling Tunneling encapsulates an entire packet within another packet and sends the new, composite packet over a network 20 VPN Tunneling Protocols VPN Encryption Carrier protocol The protocol over which the data is travelling (Frame Relay, ATM, etc) Encapsulating protocol The protocol wrapped around the original data (GRE, IPSec, L2F, PPTP, L2TP) Passenger protocol The protocol over which the original data was being carried (IPX, AppleTalk, IPv4, IPv6) Plain text data transported over the public Internet can be intercepted and read. To keep data private, it needs to be encrypted. Symmetric Encryption Require a shared secret key Example: DES, 3DES, AES Asymmetric Encryption Uses different keys for encryption and decryption. Example: RSA 21 22 VPN Encryption Hashing for Data Integrity 23 A hash, also called a message digest, is a number generated from a string of text and a secret key. Hosts can add a hash to the message to provide data integrity and peer authentication A keyed hashed message authentication code (HMAC) is a data integrity algorithm that guarantees the integrity of the message There are two common HMAC algorithms: Message Digest 5 (MD5) Uses a 128-bit shared secret key. Secure Hash Algorithm 1 (SHA-1) Uses a 160-bit secret key. 24

Hashing for Peer Authentication Peer Authentication methods: Pre-shared key (PSK) Key is entered manually. RSA signature Uses the exchange of digital certificates to authenticate the peers. IPsec IPsec is a protocol suite for securing IP communications which provides encryption, integrity, and authentication. There are two main IPsec framework protocols: Authentication Header (AH) Provides data authentication and integrity for IP packets passed between two systems. Use when confidentiality is not required or permitted Encapsulating Security Payload (ESP) Provides encryption, data integrity and authentication. 25 26 Requirements for providing teleworker services are: Maintains continuity of operations Provides for increased services Secure & reliable access to information Cost effective Scalable Components needed for a teleworker to connect to an organization s network are: Home components Corporate components 27 Broadband services used Cable transmits signal in either direction simultaneously DSL requires minimal changes to existing telephone infrastructure delivers high bandwidth data rates to customers Wireless increases mobility wireless availability via:»wimax» satellite internet 28 Securing teleworker services VPN security achieved through using Advanced encryption techniques Tunneling Characteristics of a secure VPN Data confidentiality Data integrity Authentication 29

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information