Four WAN Technologies and Security Protocols by joiyaharoon

VIEWS: 49 PAGES: 61

									   Understanding Network Basics



WAN Technologies and
 Security Protocols
                                                         Module 8 WAN Technologies and security Protocols

                                Module 8 WAN Technologies and
                                      Security Protocols
    ♦   Overview
    ♦   This module deals with the wide area technologies with includes various methods of
        switching technology, Internet access methods and the remote access protocols. The
        Switching method is a component of a network topology which determines the
        connection created between nodes. The rapid growth of the Internet and the
        abundance in computer hardware and software availability to people has placed an
        increasing demand on the telecommunications providers to supply faster data rates for
        the private use. To log into the remote access server, you must dial into a network as a
        remote node. This server often provides the remote node services across the Internet,
        via tunneling protocols. There are a number of remote access servers, among which a
        dedicated server is used to provide remote node services since it is able to maintain
        better security and high performance. This module also deals with the security
        protocols which are implemented to provide security on a network to protect the
        stored data and the software from being accessed by unknown users.
    ♦   Lessons covered in this module

         ► WAN Technology
         ► Security Protocols


2                         Understanding Network Basics
                                                       Module 8 WAN Technologies and security Protocols



                                   Lesson 1 WAN Technologies


    ♦   Introduction
    ►   Switching is a component of a network topology which determines the
        connection created between nodes. Common switching types of switching
        methods are packet switching and circuit switching.
    ►   The rapid growth of the Internet and the abundance in computer hardware
        and software availability to people has placed an increasing demand on the
        telecommunications providers to supply faster data rates for the private use.
        One of the currently popular solutions is Digital Subscriber Line (DSL)
        technology. These standards are often called xDSL because of many
        variations, permit rapid data communications over common telephone lines,
        often simultaneously permitting voice conversations.




3                       Understanding Network Basics
                                                      Module 8 WAN Technologies and security Protocols



                                  Lesson 1 WAN Technologies

♦ Topics covered in this lesson are

     ►   Switching Method
     ►   Internet access technology
     ►   Remote Access Protocol




 4                     Understanding Network Basics
                                                       Module 8 WAN Technologies and security Protocols



                                    Topic 1 Switching Methods

♦ Switching methods refers to the routing process used to move data
     throughout the wide area network. This method divides messages
     into packets and sends each packet individually. Switching methods
     influence the rapid process of routing. Some of the common
     switching methods are:
     ►   Packet Switching
     ►   Circuit Switching




 5                      Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

♦ Packet Switching
     ►   Packet switching involves the breaking up of messages into smaller
         components called packets. Depending on the system involved, the packets
         size often range from about 600 bytes to 4000 bytes. Each packet contains
         source and destination information, and is treated as an individual message.




 6                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods


     ►   Packet switching is ideal for digital data, because the information is grouped
         into frames or packets, which are simply a collection of bytes of data. Packet
         switching networks treat each packet as an individual message to be routed.
         Messages are broken into packets and reassembled via the Packet
         Assembler/Disassembler device (PADs).
♦ Advantages of Packet Switching
     ►   Packet switching is quiet faster because messages are not stored in their
         entirety for later recovery.
     ►   It allows the avoidance of pathway failure due to excessive traffic loads or
         mechanical problems.
     ►   Packet switching allows us to use pathways that may not normally get much
         traffic. Instead of concentrating on a few paths that are always busy, packet
         switching spreads the load of communication across several paths.


 7                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

♦ Circuit Switching
     ►   Circuit switching involves the formation of a physical path for data flow
         between a sender and receiver. This method creates link between the callers
         using the phone system.
     ►   The whole connection of sender to receiver is called a circuit. Circuit
         switching has the advantages associated with a physical pathway like
         reliability of transfer.
     ►   The problem associated with circuit switching is that overhead is required to
         create the physical pathway. The circuit offers the desirable bandwidth to the
         sender and receiver.




 8                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

♦ Integrated Services Digital Network
     ►   Integrated Services Digital Network (ISDN) is a circuit switched telephone
         network system, intended to allow digital transmission of voice and data over
         ordinary telephone copper wires, resulting in better quality and higher speeds.
         It is a set of protocols for establishing and breaking circuit switched
         connections. ISDN consists of digital lines that are broken up into two types
         of channels - Data and Signaling.
     ►   The data-bearing B channels or bearer channels support data transfer rates up
         to 64Kbps per channel. The B channels can be grouped together to support
         higher data rates.
     ►   ISDN supports two major service types. They are:
          • Basic Rate Interface (BRI)
          • Primary Rate Interface (PRI)




 9                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

♦ Basic Rate Interface (BRI)
     ►   Basic Rate Interface (BRI) is made up of two B channels and one D channel
         (2B+D) for transmitting control information. It is also called as ‘S’ or ‘T’
         interface. The BRI B-channel service operates at 64Kbps and its main
         function is to carry the user data. BRI D-channel service operates at 16Kbps
         and is intended to carry control and signaling information.


♦ Primary Rate Interface (PRI)
     ►   Primary Rate Interface (PRI) consists of 23 B-channels and one D-channel
         (23B+D or 30B+D depending on the bandwidth. It can also handle 23 and 30
         voice channels respectively. The 23B+D delivers throughputs of 1.544 Mbps
         while 30B+D delivers 2.040 Mbps. These arrangements feature separate 16
         Kbps D channels for handling control information.



10                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

♦ ISDN Specification
     ►   A computer with an ISDN line is able to connect to any other computer that
         also uses ISDN simply by dialing its ISDN number.
     ►   The ISDN specification includes several types of equipment, as listed below:
          • Terminal adapter (TA): Also called an ISDN modem, this is either an internal or
            external adapter to connect equipment to an ISDN line.
          • Terminal equipment type 1 (TE1): Terminals with built-in ISDN adapters.
          • Terminal equipment type 2 (TE2): Terminals that require a terminal adapter to
            connect to an ISDN line.
          • Network termination type 1 (NT1): Connects the ISDN line between the
            customer’s location and the telephone company’s local loop.
          • Network termination type 2 (NT2): Used for digital private branch exchanges
            (PBXs), providing addressing and routing services.




11                       Understanding Network Basics
                                                       Module 8 WAN Technologies and security Protocols



                                    Topic 1 Switching Methods

♦ Fiber Distributed Data Interface (FDDI)
     ►   Fiber Distributed Data Interface is a media access control protocol with
         token-ring architecture which has a communication bandwidth of 100 Mbps.
         It is supported on a fiber network medium and is fast compared to standard
         token ring and Ethernet.
♦ FDDI Dual-ring Architecture




12                      Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

♦    FDDI Specifications
     ►   FDDI specifies the physical and media access layers of the OSI reference
         model. There are four specifications in FDDI. They are;
         •   Media Access Control (MAC)
         •   Physical Layer Protocol (PHY)
         •   Physical Medium Dependent (PMD)
         •   Station Management specifications (SMT)
     ►   Media Access Control (MAC)
         •   The Media Access Control specification defines the method of accessing the
             medium with the frame format, token handling, addressing, algorithms for
             calculating cyclic redundancy check (CRC) value, and error recovery
             mechanisms.
     ►   Physical Layer Protocol (PHY)
         •   The Physical Layer Protocol specification defines the data encoding/decoding
             procedures, clocking requirements, and framing, along with the other functions.

13                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

     ►   Physical Medium Dependent (PMD)
         •   The Physical Medium Dependent specification defines the characteristics of the
             transmission medium, together with the fiber-optic links, power levels, bit-error
             rates, optical components, and connectors.
     ►   Station Management specifications (SMT)
         •   The Station Management specification defines the FDDI station configuration,
             ring configuration, and ring control features, including station insertion and
             removal, initialization, fault isolation and recovery, scheduling, and statistics
             collection.




14                       Understanding Network Basics
                                                       Module 8 WAN Technologies and security Protocols



                                    Topic 1 Switching Methods

♦ FDDI Frame Format
     ►   The FDDI frame format is similar to that of the Token ring frame. The
         following frame format show the extent of similarities between the FDDI and
         Token ring frame format.




15                      Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

     ►   Preamble
          • This field gives a unique sequence which prepares each station for the
            upcoming frame.
     ►   Start Delimiter
          • This field indicates the starting of the frame and consists of the signaling
            patterns which differentiate it from the other frame.
     ►   Frame Control
          • This field indicates the size of the address fields and confirms the frame
            contains asynchronous or synchronous data among the other control
            information.
     ►   Destination Address
          • The Destination Address field is 6 bytes long and it contains a unicast,
            multicast or broadcast address.
     ►   Source Address
          • The Source Address field is 6 bytes long and field identifies the station
            which is sent the frame.



16                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

     ►   Data
          • It contains either the information destined for an upper-layer protocol or
            control information.
     ►   Frame Check Sequence
          • Frame Check Sequence field is used to check or verify the traversing
            frame for any bit errors. This field is filled by the source station with a
            calculated 32 bit cyclic redundancy check value dependent on frame
            contents. The destined address recalculates the value to determine
            whether the frame was damaged in transit, otherwise the frame is
            discarded.
     ►   End Delimiter
          • This field contains unique symbols which indicate the end of the frame.
     ►   Frame Status
          • This field allows the source station to determine the error check and
            identifies whether the frame is reorganized and copied into the memory
            of the intended receiver.

17                       Understanding Network Basics
                                                         Module 8 WAN Technologies and security Protocols



                                      Topic 1 Switching Methods

♦ T-Carrier System
     ►   T-carrier system is a series of data transmission formats developed by Bell
         Telephone. The base unit of a T-carrier is DS0, which is 64 Kbps. The T-
         carrier system uses in-band signaling which is a method that actually robs bits
         from being used for data and uses them instead for overhead. This reduces the
         transmission rates used for T-carrier signals.
     ►   T-1 carrier
          • T-1 is a digital line made up of 24 channels which consists the rate of 1.544Mbps
            used to connect corporate networks and Internet Service Providers. It is also
            called as DS0 or DS1.
     ►   T-3 carrier
          • T-3 carrier is also associated with the phone connection supporting data rates of
            43Mbps. A T3 line usually consists of 672 individual channels. It is also called as
            DS3 lines.



18                        Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Topic 1 Switching Methods

     ►   E1
          • E1 is the European format for digital transmission. E1 carries signals at 2Mbps,
            32 channels at 64 Kbps with 2 channels reserved for signaling and controlling
            with the T1, which carries signals at 1.544Mbps, 24 channels at 64Kbps. E1 and
            T1 lines can be interconnected for international purpose.
♦    X.25
     ►   X.25 is a set of protocols incorporated in a packet switching network made up
         of switching services. It uses packet switching and virtual circuits, and
         provides a data rate up to 64kbps. It provides robust error checking features,
         which makes it a good option for older networks.. In addition, the data
         packets are subjected to the delays of the shared networks. Most of the packet
         switching technology does not use a dedicated physical or virtual circuit and
         is generally connectionless in nature therefore; X.25 establishes virtual
         circuits that allow it to be connection oriented. The connection is established,
         the data is transferred, and then the connection is terminated.


19                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                             Topic 2 Internet Access Technology

♦ Internet access technology
     ►   One of the currently popular solutions is Digital Subscriber Line (DSL)
         technology. These standards are often called xDSL because of many
         variations, permit rapid data communications over common telephone lines,
         often simultaneously permitting voice conversations. A major network
         company Aber, 2001 defines xDSL as the dedicated, point-to-point, public
         network access technologies which allow multiple forms of data, voice, and
         video to be carried over twisted-pair copper wire on the local loop between a
         network service provider’s central office and the customer site.




20                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                             Topic 2 Internet Access Technology

♦ Digital Subscriber Line (xDSL)
     ►   The x Digital Subscriber Line technology or xDSL is an advanced coding
         technique which allows digital signals of up to 50 Mbits to be transmitted
         over the length of copper pair cable. xDSL is used to enhance the service
         delivery capability of copper pairs. The xDSL includes two main branches
         namely,
          • Symmetric DSL: Symmetric DSL services provide identical data rates upstream
            and downstream.
          • Asymmetric DSL: Asymmetric DSL provides relatively lower rates upstream
            but higher rates downstream.
     ►   There are four main variations of xDSL:
          • Asymmetric Digital Subscriber Line (ADSL)
          • High Bit-Rate Digital Subscriber Line (HDSL)
          • Very High Bit-Rate Digital Subscriber Line (VDSL)
          • ISDN Digital Subscriber Line (IDSL)

21                       Understanding Network Basics
                                                         Module 8 WAN Technologies and security Protocols



                              Topic 2 Internet Access Technology

     ►   Asymmetric Digital Subscriber Line (ADSL)
          • Asymmetric Digital Subscriber Line was designed to provide higher downstream
            data rates at the expense of upstream rates. ADSL technology is asymmetric.
     ►   High Bit-Rate Digital Subscriber Line (HDSL)
          • High Bit-Rate Digital Subscriber Line is a symmetric solution, which offers the
            same bandwidth both upstream and downstream. HDSL requires two phone lines
            to deliver the basic data rate (1,544 kbps), and it can deliver a maximum rate of
            2,048 kbps using three lines.
     ►   Very High Bit-Rate Digital Subscriber Line (VDSL)
          • Very High Bit-Rate Digital Subscriber Line (VDSL) requires shorter cable
            lengths than other forms of DSL with a maximum of 4,500 feet, but it also
            achieves the highest data rate with 51,840 kbps.
     ►   ISDN Digital Subscriber Line (IDSL)
          • ISDN Digital Subscriber Line is a hybrid DSL/ISDN solution. IDSL offers only
            limited data rates 128 kbps, while multiple circuits may be bonded. The IDSL is
            DSL over ISDN lines and the distances can be up to 18,000 feet and speeds can
            reach 144 Kbits/sec.


22                        Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                             Topic 2 Internet Access Technology

♦ Broadband cable (Cable Modem)
     ►   Broadband refers to the transmission technique which carries several data
         channels through common wire. In home networking, broadband usually
         refers to high-speed Internet access using transmission technique. The DSL
         and cable modem are the common broadband Internet technologies.
♦ Plain Old Telephone Service/Public Switched Telephone
     Network (POTS/PSTN)
     ►   Public Switched Telephone Network refers to the international telephone
         system based on copper wires carrying analog voice data. PSTN is now
         entirely digital and includes mobile as well as fixed telephone. By using
         digital signal, instead of analog, PSTN can send more voice calls over the
         same cable which has reduced the per call minute cost.




23                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                             Topic 2 Internet Access Technology

♦ Satellite
     ►   Satellite Internet is a form of high-speed Internet service. Satellite Internet
         services utilize telecommunications satellites to provide Internet access to
         consumers. It covers areas where DSL and cable access is unavailable.
         Satellite offers less network bandwidth compared to DSL or cable. In
         addition, the extended delays required to transmit data between the satellite
         and the ground stations tend to create high network latency, causing a slow-
         moving performance.
♦ Wireless
     ►   Wireless networking refers to the technology which enables two or more
         computers to communicate using the standard network protocols, but without
         network cabling. Wireless has grown from an expensive curiosity to a
         practical and affordable networking technology. Today’s most common
         wireless standard is 802.11b Ethernet, also called Wi-Fi (Wireless Fidelity). It
         is fast and affordable for the home networks.

24                       Understanding Network Basics
                                                          Module 8 WAN Technologies and security Protocols



                             Topic 3 Remote Access Service (RAS)

♦ When you dial into a network as a remote node, you log into a
  remote access server. This is often the same server which provides
  remote node services across the Internet, via tunneling protocols. A
  variety of remote access servers is available. In general,
  organizations use a dedicated server to provide remote node
  services because it can maintain security better and offer higher
  performance.
♦ Point-to-Point Protocol (PPP)
      ►   Point-to-point protocol was originally intended for the encapsulation of
          protocol for transporting IP traffic between two peers. The PPP provides a
          standard method for transporting multi-protocol datagram's over point-to-
          point links. It is a data link layer protocol in the TCP/IP protocol suite. PPP is
          an addition to TCP/IP that adds two sets of functionality:
           • It can transmit TCP/IP packets over a serial link
           • It has login security


 25                        Understanding Network Basics
                                                       Module 8 WAN Technologies and security Protocols



                          Topic 3 Remote Access Service (RAS)




♦ The main components of PPP are as follows:
     ►   Encapsulation It is a method for encapsulating multi-protocol datagrams.
         The PPP encapsulation provides multiplexing of different network layer
         protocols simultaneously over the same link. The PPP encapsulation has been
         carefully designed to retain compatibility with the most commonly used
         supporting hardware.


26                      Understanding Network Basics
                                                       Module 8 WAN Technologies and security Protocols



                          Topic 3 Remote Access Service (RAS)



     ►   Link Control Protocol The Link Control Protocol is flexible and portable to
         a wide variety of environment.
     ►   Configuration is used by other control protocols such as Network Control
         Protocols (NCPs). In order to establish communications over a point-to-point
         link, each end of the PPP link should send the LCP packets to configure and
         test data link. After the link is established and optional facilities are
         negotiated as needed by the LCP, PPP must send NCP packets to choose and
         configure one or more network layer protocols.




27                      Understanding Network Basics
                                                    Module 8 WAN Technologies and security Protocols



                        Topic 3 Remote Access Service (RAS)

          8             16             24            40bits         variable        16-32bits

         Flag         Address        Control        Protocol       Information        FCS




      Flag field indicates the beginning or end of a frame which consists of the binary
       sequence 01111110.
     • Address field contains the binary sequence 11111111, the standard broadcast
       address.
     • Control field contains the binary sequence 00000011, which calls for
       transmission of user data in an unsequenced frame.
     • Protocol field identifies the protocol encapsulated in the information field of the
       frame.
     • Information field has zero or more octets which contains the datagram for the
       protocol specified in the protocol field.
     • Frame Check Sequence (FCS) field contains normally 16 bits, but for PPP
       implementations 32-bit FCS can be used for improved error detection.


28                   Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                           Topic 3 Remote Access Service (RAS)

♦ Serial Line Internet Protocol (SLIP)
     ►   Serial Line Internet Protocol is simply a packet framing protocol. SLIP
         defines a sequence of characters which frame the IP packets on a serial line.
         It does not provide addressing, packet type identification, error
         detection/correction or compression mechanisms. It is commonly used on
         serial links and sometimes for dialup purposes, and is generally used with
         line speeds between 1200bps and 19.2Kbps. SLIP is useful for allowing
         mixes of hosts and routers to communicate with one another.

     ►   The SLIP protocol defines two special characters
          • END
          • ESC




29                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                           Topic 3 Remote Access Service (RAS)

♦ Point-to-Point Protocol over Ethernet (PPPoE)
     ►   Point-to-Point Protocol over Ethernet is a designed for connecting multiple
         computer users on an Ethernet local area network. PPPoE is used to share a
         common Digital Subscriber Line (DSL), cable modem, or wireless
         connection for multiple users to the Internet. PPPoE combines the Point-to-
         Point Protocol commonly used in dialup connections, with the Ethernet
         protocol, which supports multiple users in a local area network. The PPP
         protocol information is encapsulated within an Ethernet frame.
♦ Point-to-Point Tunneling Protocol (PPTP)
     ►   Point-to-Point-Tunneling Protocol is a networking technology which supports
         multiprotocol virtual private networks (VPN). This protocol enables remote
         users to access corporate networks securely across various operating systems
         and other point-to-point protocol (PPP) enabled systems to dial into a local
         Internet service provider, in order to connect securely to their corporate
         network through the Internet.

30                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                           Topic 3 Remote Access Service (RAS)

     ►   PPTP supports data encryption and compression of the data packets. PPTP
         also uses a form of General Routing Encapsulation (GRE) to get data to
         and from its final destination. The PPTP-based Internet remote access VPNs
         are the most common form of PPTP VPN. In this environment, VPN tunnels
         are created by means of the following two-step process:
          • The PPTP client connects to their ISP using PPP dial-up networking.
          • PPTP creates a TCP control connection between the VPN client and VPN server
            to establish a tunnel. PPTP uses TCP port 1723 for these connections.
     ►   PPTP also supports VPN connectivity via a LAN and therefore, the tunnels
         can be created directly using the YCP control connection between the VPN
         server and client. When the VPN tunnel is established, PPTP supports two
         types of information flow:
          • Control messages for managing and eventually breaking down the VPN
            connection. This message is passed directly between VPN client and server.
          • Data packets are passed to or from the VPN client through the tunnel.


31                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                           Topic 3 Remote Access Service (RAS)

♦ Remote Desktop Protocol (RDP)
     ►   Remote Desktop Protocol (RDP) is a multi-channel protocol which allows a
         user to connect to a system for separate virtual channels used for carrying
         presentation data, serial device communication, and highly encrypted
         information. This protocol is designed to provide remote display and input
         capabilities through network connections for Windows-based applications
         running on a server. RDP is mainly used for connectivity purpose because it
         offers a platform to extend capabilities.
     ►   It is also designed to support many different types of network topologies such
         as ISDN and LAN protocols like IPX, NetBIOS.




32                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                  Topic 4 Remote Access Server

  A remote access server is the computer and related software which
  is set up to handle users to access network remotely. It is sometimes
  called a communication server; a remote access server is usually
  associated with a firewall server to ensure the security and a router
  that can forward the remote access request to another part of the
  shared network. A remote access server can also be used as part of
  a virtual private network (VPN).
♦ Dial-up connections
      ►   The Dial-up networking technology allows you to connect to your computer
          and other network devices to a LAN or WAN through the standard telephone
          lines. Dial-up networking is the simplest way and most widely used type of
          computer connection to the Internet. Dial-up connections are the most
          common type of internet connection available from ISPs; they are also the
          slowest and the most inexpensive.

 33                      Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                  Topic 4 Remote Access Server

♦ Features of Dial-up connection
     ►   Dial-up networking uses a modem as the interface between a single system
         and a network such as the Internet; the modems are typically capable of
         speeds up to 56 kbps.
     ►   Dial-up connection with a modem is the cheapest and most extensively
         available way to connect to the Internet, but because it offers comparatively
         slow connection speeds, graphics-intensive web sites take a longtime to
         download.
     ►   The maximum speed to download the data using dial-up networking is
         limited by the telephone system’s analog bandwidth, the line quality, and the
         Internet traffic load.
     ►   Dial-up networking usually communicates with the ISP using the Point to
         Point Protocol standard.



34                       Understanding Network Basics
                                                         Module 8 WAN Technologies and security Protocols



                                   Topic 4 Remote Access Server



     ►   Advantages of Dial-up connection
          • Dial-up connections are very economic and are widely available,
          • Cost is affordable; same as a local phone call price, as these connections use a
            standard modem the hardware costs are minimal.
     ►   Disadvantages of Dial-up connection
          • Dial-up connections are very slow compared to other connection types.
          • When connected to the internet the same phone line cannot be used for phone
            calls, if used the connected lines get busy signal.




35                        Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                  Topic 4 Remote Access Server

♦ Virtual Private Network (VPN)
     ►   Virtual Private Network (VPN) is a network that allows the combination of
         computers and networks to communicate without a number of security risks.
         It uses the Internet or other network service as its Wide Area Network
         (WAN) backbone. VPN enables you to send the data between two computers
         across a shared or public internet work in a method which emulates the
         properties of a point-to-point private link.
     ►   When a point-to-point link is established, data is encapsulated, or wrapped,
         with a header that provides routing information allowing it to navigate the
         shared or public transit internet work to reach its endpoint. When a private
         link is established, the data being sent is encrypted for privacy. Packets that
         are intercepted on the shared or public network are impossible to read without
         the encryption keys.




36                       Understanding Network Basics
                                                     Module 8 WAN Technologies and security Protocols



                               Topic 4 Remote Access Server

♦ The portion of the connection in which the private data is
      encapsulated is known as the tunnel. The portion of the connection
      in which the private data is encrypted is known as the virtual
      private network (VPN) connection and is illustrated below:




 37                   Understanding Network Basics
                                                         Module 8 WAN Technologies and security Protocols



                                   Topic 4 Remote Access Server


♦ A VPN allows a private intranet to be securely extended across the
      Internet or other network service, facilitating secure extranet
      connections. There are three main types of VPN:
      ►   Intranet VPN: It allows the private networks to be extended across the
          Internet or other public network service in a secure way.
      ►   Remote access VPN: The remote access VPN is also referred as dial-up
          VPNs. It allows individual dial-up users to connect to a central site across the
          Internet.
      ►   Extranet VPN: It allows secure connections for the purpose of e-commerce.
          Extranet VPNs are an extension of intranet VPNs with the addition of
          firewalls to protect the internal network.




 38                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                     Lesson 2 Security Protocols


     ♦   Introduction
          ►In computer networking, security is a part of every network administrator’s job in
           order to secure the data stored on every computer. There are various methods
           used to provide security on a network to protect information and software from
            being accessed by unauthorized people.




39                       Understanding Network Basics
                                                      Module 8 WAN Technologies and security Protocols



                                    Lesson 2 Security Protocols

♦    Topics covered in this lesson are

     ►   Security Protocols
     ►   Authentication Protocols




40                     Understanding Network Basics
                                                    Module 8 WAN Technologies and security Protocols



                                  Topic 1 Security Protocols

♦ Security protocols provide the secure communication over a
     network. They are commonly used over TCP/IP connections such
     as the Internet to communicate between the systems. Using some of
     the security protocols, the communication between the systems is
     ensured and the data is prevented from tampering. A set of security
     protocols are discussed as follows.




41                   Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                      Topic 1 Security Protocols

♦ IPSec
     ►   IP Security is a set of protocols developed by the Internet Engineering Task
         Force (IETF) to maintain secure exchange of packets at the IP layer. IPsec is
         has been deployed widely to implement Virtual Private Networks (VPNs).
         IPsec supports two encryption modes:

          • Transport: Transport mode encrypts only the data segment (payload) of each
            packet, but leaves the header intact.
          • Tunnel: The Tunnel mode is more secure and encrypts both the header and the
            payload. On the receiving side, an IPSec compliant device decrypts each packet.
♦ Implementations of IPSec: There are two main implementations
     associated with the use of IPSec.
     ►   Establishment of a secure VPN between the separated networks using
         Internet.
     ►   Remotely accessing private networks from a stand-alone system.


42                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                      Topic 1 Security Protocols

♦ Implementation of an IPSec VPN over the Internet




     ►   The above diagram shows a VPN tunnel between the two LAN sites. Most of
         the tasks are automatically done by the IPSec gateways. The gateways are
         connected to the Internet, as long as the connection exists, an IPSec tunnel is
         automatically established between the respective LANs.


43                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                      Topic 1 Security Protocols

♦ Implementation of Remote Access




     ►   The establishment of a secure tunnel between a system and the office LAN is
         automatically connected as long as the IPSec client is configured accurately.
         Modem or the ISDN dial-up connection is used by the remote system to
         connect to the Internet and directly connect to the office LAN.


44                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                      Topic 1 Security Protocols

♦ Layer 2 Tunneling Protocol (L2TP)
     ►   The Layer 2 Tunneling Protocol is used for integrating multi-protocol dial-up
         services into the existing Internet Service Providers Point of Presence. The
         Point-to-point Protocol defines an encapsulation mechanism for transporting
         multiprotocol packets across the layer 2 (L2) point-to-point links.
     ►   L2TP extends the PPP model by allowing the L2 and PPP endpoints to be
         located on different devices interconnected by a packet switched network.
         With L2TP, a user has an L2 connection to an access concentrator such as
         modem bank, ADSL DSLAM, etc and the concentrator then tunnels
         individual PPP frames to the NAS. This allows the actual processing of PPP
         packets to be broken up from the termination of the L2 circuit.
     ►   This protocol may also be used to solve the "multilink hunt-group splitting"
         problem. Multilink PPP, often used to aggregate ISDN B channels, requires
         that all channels composing a multilink bundle be grouped at a single
         Network Access Server (NAS).

45                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                      Topic 1 Security Protocols

♦ Secure Sockets Layer (SSL)
     ►   Secure Socket layer is a protocol designed to provide a new and flexible
         alternative for secure remote access across the Internet. Its main purpose is to
         ensure the data is transmitted privately, the content of the data is not altered
         during transmission, authentication of the web server authentication of the
         web browser.
     ►   Private Data Transmission
     ►   SSL uses encryption and decryption method to ensure that the data is
         transmitted privately. Encryption transforms the data to a format that is not
         readable. Decryption transforms encrypted data back into a readable format,
         because the web server encrypts the data before sending it to the web
         browser, web browser users can only read the information sent by the web
         server. Therefore, SSL uses two types of encryption:
          • Symmetric-key
          • Public-key

46                       Understanding Network Basics
                                                       Module 8 WAN Technologies and security Protocols



                                     Topic 1 Security Protocols

♦    Symmetric-key
     ►   Symmetric-key encryption uses a single key. The web browser and the web
         server create the key during the SSL handshake. The same key is used to
         both encrypt and decrypt the data. This encryption ensures that no one else
         can read the data being transmitted in either direction.
♦    Public-key
     ►   Public-key encryption uses a pair of keys made up of public and a private
         key, which work together to encrypt and decrypt the information. The
         private key and the public key correspondingly are referred to as key pair.
         The public key is freely distributed; the sender uses the public key to encrypt
         messages to the recipient and the private key is kept by its owner. The
         recipient uses the private key to decrypt the messages from the sender. The
         data encrypted with one key in the pair can only be decrypted using the other
         key in the pair.


47                      Understanding Network Basics
                                                         Module 8 WAN Technologies and security Protocols



                                       Topic 1 Security Protocols

♦ SSL Handshake
     ►   A web server and web browser use a public key encryption when initially
         establishing communications. During the SSL handshake, the web browser
         authenticates the web server. When the handshake is complete, the web
         server and web browser switch to the more efficient symmetric key
         encryption for the remainder of the transaction.

     ►   The following tasks are accomplished during the SSL handshake:
          • The web browser and the web server negotiate the secret message suite they use
            for the rest of the security services.
          • The web browser authenticates the web server.
          • The web server requests the client certificate of the web browser, which it might
            use later to authenticate and authorize the browser.
          • The web browser selects and transmits a symmetric key to the web server.



48                        Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                      Topic 1 Security Protocols


♦ WEP (Wired Equivalent Privacy)
     ►   Wired Equivalent Privacy is a security protocol for wireless local area
         networks mainly designed to prevent the interception of radio frequency
         signals by unauthorized users. It is most suitable for small networks since,
         there is no key management protocol and each key must be entered manually
         into the clients which is a time consuming administrative task. WEP aims to
         provide security by encrypting data over radio waves so that it is protected as
         it is transmitted from one end point to another. It works by having all clients
         and Access Points configured with the same key for encryption and
         decryption.




49                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                      Topic 1 Security Protocols


♦ Wireless Access Points (WPA)
     ►   Wireless access point (WAP) allows mobile users to connect to a wired
         network via radio frequency technologies. WAPs also allow wired networks
         to connect to each other via wireless technologies. They can connect to
         multiple wireless devices through hub or a switch together to form a network.
         The most popular use for wireless access points is to provide Internet access
         in public areas. WAPs are easy to set up and most often, you just need to plug
         them in to a wired network and power them up to get them to work.




50                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                                      Topic 1 Security Protocols



♦ 802.1x
     ►   The 802.1x standard is a port-based network access control and the devices
         that support it have the ability to allow a connection into the network at layer
         2 only if user authentication is successful. This protocol works well for
         access points which need the ability to keep users disconnected if they are not
         connected on the network. 802.1x provides a means of authenticating and
         authorizing devices to attach to a LAN port.




51                       Understanding Network Basics
                                                    Module 8 WAN Technologies and security Protocols



                           Topic 2 Authentication Protocols



♦    Authentication is the process of determining and verifying the
     identity of a user or service. Developers can use the authentication
     services and programming interfaces to authenticate users and to
     store certificates that can be used for authentication.




52                   Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                               Topic 2 Authentication Protocols

♦ Challenge Handshake Authentication Protocol (CHAP)
     ►   Challenge Handshake Authentication Protocol is an Internet standard defined
         in RFC 1994. This protocol uses the industry standard Message Digest 5 one-
         way encryption scheme to encrypt the response, providing a high level of
         protection against unauthorized access. CHAP uses a three-way handshake to
         verify identity. The three steps in the process are:
          • The authenticator sends a challenge message to the client.
          • The client responds with a value which is calculated via the Message Digest 5
            (MD-5) one-way hash function.
          • The authenticator also calculates the hash value and compares the client’s
            response with its own calculation. If the values match, the connection is
            established.




53                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                               Topic 2 Authentication Protocols

♦ Microsoft Challenge Handshake Authentication Protocol (MS-
     CHAP)
     ►   Microsoft Challenge Handshake Authentication Protocol is Microsoft’s
         version of the standard CHAP method. It uses the same three-way handshake
         process, but is designed to be used by computers running Windows operating
         systems and integrates the encryption and hashing algorithms that are used on
         Windows networks. Version 2 adds such features as mutual (two-way)
         authentication of the client and server, as well as stronger encryption keys.
         MS-CHAP v2 is more secure than CHAP for Windows systems.




54                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                               Topic 2 Authentication Protocols

♦ Password Authentication Protocol (PAP)
     ►   Password Authentication Protocol is the most basic form of authentication, in
         which a user’s name and password are transmitted through the network and
         compared to a table of name password pairs.
     ►   Usually, the passwords stored in the table are encrypted. The Basic
         Authentication feature built into the HTTP protocol uses PAP.
     ►   This protocol can be excluded as a feasible option for most businesses
         because it sends passwords across the phone line or Internet in plain text. The
         user’s name and password are sent through the wire to a server, where they
         are compared with a database of user account names and passwords.
     ►   The Password Authentication Protocol provides a simple method for the peer
         to establish its identity using a 2-way handshake.
     ►   PAP is not a strong authentication method because of its security issues.
         There is no protection or repeated trial and error attacks.


55                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                               Topic 2 Authentication Protocols



♦ Remote Authentication Dial-In User Service (RADIUS)
     ►   Remote Authentication Dial-In User Service provides for a centralized
         authentication database and can handle authorization and accounting in
         addition to authentication. Authorization refers to granting specific services
         to users based on their authenticated identity. Accounting refers to tracking
         the use of the network by users and can be done for billing, management, or
         security purposes. RADIUS is supported by dial-in remote access servers,
         VPN servers, and wireless access points (WAPs).




56                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                               Topic 2 Authentication Protocols


♦ Extensible Authentication Protocol (EAP)
     ►   EAP provides for use of more secure authentication methods such as smart
         cards, Kerberos, and digital certificates, which are much more secure than the
         user name/password authentication methods above. The remote access server
         acts as the EAP authenticator, or it can act as a pass through, encapsulating
         the EAP packets and sending them to a backend security server such as a
         Remote Authentication Dial In User Server (RADIUS) server.




57                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols



                               Topic 2 Authentication Protocols

♦ Kerberos
     ►   Kerberos is a network authentication protocol. It is designed to provide strong
         authentication for client/server applications by using secret-key cryptography.
         Kerberos was created by MIT (Massachusetts Institute of Technology) as a
         solution to the network security problems. The Kerberos protocol uses strong
         cryptography so that a client can prove its identity to a server (and vice versa)
         across an insecure network connection. After a client and server have used
         Kerberos to prove their identity, they can also encrypt all of their
         communications to assure privacy. Kerberos is a solution to your network
         security problems.




58                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols




♦ Summary
     ►   Authentication is the process of determining and verifying the identity of a
         user or service.
     ►   Password Authentication Protocol is the most basic form of authentication, in
         which a user’s name and password are transmitted through the network and
         compared to a table of name password pairs.
     ►   Kerberos is a network authentication protocol. It is designed to provide strong
         authentication for client/server applications by using secret-key cryptography.




59                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols




♦ Summary
     ►   Switching methods divide messages into packets and send each packet
         individually. Some of the common switching methods are:
          • Packet Switching
          • Circuit Switching
     ►   Packet switching involves the process of breaking up of messages into
         smaller components called packets. It is ideal for digital data, because the
         information is grouped into frames or packets, which are simply a collection
         of bytes of data.
     ►   Circuit switching involves the formation of a physical path for data flow
         between a sender and receiver. This method creates link between the callers
         using the phone system. The whole connection of sender to receiver is called
         a circuit.
     ►   Circuit switching has the advantages associated with a physical pathway like
         reliability of transfer.

60                       Understanding Network Basics
                                                        Module 8 WAN Technologies and security Protocols




     ►   Integrated Services Digital Network (ISDN) is a set of protocols for
         establishing and breaking circuit switched connections. ISDN consists of
         digital lines that are broken up into two types of channels - Data and
         Signaling.
     ►   The x Digital Subscriber Line technology or xDSL is an advanced coding
         technique used to enhance the service delivery capability of copper pairs.
     ►   The Dial-up networking technology is the simplest way and most widely used
         type of computer connection to the Internet. It allows you to connect to your
         computer and other network devices to a LAN or WAN through the standard
         telephone lines.
     ►   Virtual Private Network (VPN) is a network that allows the combination of
         computers and networks to communicate without a number of security risks.
         VPN uses the Internet or other network service as its Wide Area Network
         (WAN) backbone.



61                       Understanding Network Basics

								
To top