Post on 05-Jan-2016
description
Version 4.0
PROVIDING TELEWORKER SERVICES Accessing the WAN – Chapter 6
Sandra Coleman, CCNA, CCAI
OBJECTIVES• Describe the enterprise requirements for providing
teleworker services
• Explain how broadband services extend Enterprise Networks including DSL, cable, and wireless
• Describe how VPN technology provides secure teleworker services in an Enterprise setting
ENTERPRISE REQUIREMENTS FOR PROVIDING
TELEWORKER(TELECOMMUTER) SERVICES
• Describe the benefits of teleworkers for business, society and the environment.
ENTERPRISE REQUIREMENTS FOR PROVIDING TELEWORKER SERVICES
• Traditional private WAN – Frame Relay, ATM, leased lines. Provide remote access solutions.
• IPsec VPNs – offer flexible and scalable connectivity
• Site-to-site connections – Most common – broadband, Secure VPN over public internet
ENTERPRISE REQUIREMENTS FOR PROVIDING TELEWORKER SERVICES
• At home: Computer, broadband access (DSL, etc), VPN router
• At the office: VPN-capable routers, security appliances, authentication and mgt devices.
HOW BROADBAND SERVICES EXTEND ENTERPRISE NETWORKS
• Dialup – inexpensive,56K speeds
• DSL – more expensive, faster connection< >=200K
• Cable modem – similar to DSL, shared service, so speed is affected by # users
• Satellite – Satellite modem, radio signals, <128K < 512K
HOW BROADBAND SERVICES EXTEND ENTERPRISE NETWORKS
• Headend – where signals are first received, processed and distributed downstream.
• Distribution network – Tree & branch system of cabling.
• Subscriber drop – connection of subscriber to the service.
HOW BROADBAND SERVICES EXTEND ENTERPRISE NETWORKS
• DSL-high speed connection over copper wires. Not all bandwidth of phone wires was being used, so ADSL took up the slack.
• Local loop (last mile) – NOT as shared medium, therefore each user has a direct connection to the DSLAM (DSL Access Multiplexer).
HOW BROADBAND SERVICES EXTEND ENTERPRISE NETWORKS
• Provides mobility –
• Municipal – gov’t working with ISP to deploy Wi-Fi
• WiMAX – (Worldwide Interoperability for Microwave Access) higher speeds, greater distances. Aimed at providing coverage to rural areas out of reach by DSL
• Satellite – available worldwide. Approx 500kbps.
Types of wireless
SECURITY FOR BROADBAND SERVICES EXTEND ENTERPRISE NETWORKS
• 802.11b – 11 Mbps
• 802.11g – 54 Mbps
• 802.11n - > 54 Mbps
• 802.16 – WiMAX 70 Mbps, with a range of 30 miles.
VPN TECHNOLOGY
What is a VPN? virtual WAN infrastructure that connects business partner sites to a corporate network.
Virtual – Private network over a public network
Private – data is encrypted
Each LAN is an IsLANd – Each inhabitant of the island gets their own submarine to connect to the mainland which is fast, at your disposal, can be invisible, and is very dependable.
• Cost savings – No more dedicated lines!
• Security – Advanced encryption and authentication protocols
• Scalability – Easy to add new users without adding significant infrastructure changes.
VPN TECHNOLOGY
TYPES OF VPN’S
• Site-to-Site – access between 2 physical sites.
• Remote-access – gives remote users acces to the corporate network over a shared infrastructure. Used by teleworkers and mobile users.
VPN COMPONENTS
• An existing network (clients/servers)
• Connection to the internet
• VPN gateways, such as routers, firewalls, etc, that act as endpoints to establish, maintain, and manage VPN connections
• Appropriate software to create and manage VPN tunnels
CHARACTERISTICS OF SECURE VPNS
• Data confidentiality – protect data from eavesdroppers! VPNs do this using mechanisms of encapsulation and encryption
• Data Integrity – guarantees that no tampering or alterations to the data occur while it travels from source to destination. Typicallly done using a hash feature.
• Authentication – ensures that a message comes from an authenticated source and goes to an authenticated destination. Uses passwords, digital certificates, smart cards, and even biometrics!
VPN TUNNELING
• Tunneling allows the use of public networks to carry data for users as though the users had access to a private network. See the figure on pg. 410 for an example
VPN ENCRYPTION
• Encryption – the act of coding a given message into a different format to alter the data’s appearance, making it incomprehensible tot hose who are not authorized to view it.
• Uses an algorithm (DES, 3DES, AES, RSA)
• Three basic components – • Key• Cipher• Message
• Hashes – MD5, SHA-1
IPSEC SECURITY PROTOCOLS
• IPsec - a protocol suite for securing IP communications that provides encryption, integrity, and authentication.
• 2 main framework protocols
• Authentication Header (AH) – used when confidentiality is not required. No encryption. Usually used with ESP
• Encapsulation Security Payload (ESP) – provides confidentiality and authentication
WHAT TO DO NOW?
• Online Test – On until Wednesday, April 3, midnight!
• Test grade for Ch. 6 will be the Packet Tracer Skills Integration Challenge on pg. 219. (LSG04-PTSkills6.pka)
• You will do this NOW!