Chapter 06 teleworker services

Chapter 06 teleworker services

Chapter 6: Teleworker Services

CCNA Exploration 4.0

Objectives

teleworker services, including the differences between

private and public network infrastructures

architecture for providing teleworking services

using DSL, cable, and wireless technology

role and benefits for enterprises and teleworkers

secure teleworker services to an enterprise network

Business Requirements for

Teleworker Services

The Teleworker Solution

networks to connect corporate headquarters, branch offices, and suppliers

organizations for supporting teleworker services:

Frame Relay, ATM, and leased lines, provide many

remote connection solutions The security of these

connections depends on the service provider

scalable connectivity

The Teleworker Solution

Teleworker Solution Components

Broadband Services

Connecting Teleworkers to the WAN

e-mail, web-based applications, mission-critical applications, real-time collaboration, voice, video, and videoconferencing) that require a high-bandwidth connection

address when connecting teleworkers

• Dialup access

modem To connect to the ISP, a user calls the ISP

access phone number

Connecting Teleworkers to the WAN

DSL

provides a faster connection

signal from the telephone signal and provides an Ethernet

connection to a host computer or LAN

Connecting Teleworkers to the WAN

Satellite

modem that transmits radio signals to the nearest point of

presence (POP) within the satellite network

Connecting Teleworkers to the WAN

Cable modem

signal is carried on the same coaxial cable that delivers

cable television A special cable modem separates the

Internet signal from the other signals carried on the cable

and provides an Ethernet connection to a host computer or LAN

option used by teleworkers to access their enterprise

network

frequency (RF) signals across the network Coaxial cable is the primary medium used to build cable TV systems

form of transmission shared TV signals

signals and improve over-the-air TV reception

transmission

What is a Cable System

What is a Cable System

Sending Digital Signals over Radio Waves

(DOCSIS) is a standard for certification of cable equipment vendor devices (cable modem and cable modem termination system)

– Physical layer: DOCSIS specifies the channel widths

– MAC layer - Defines a deterministic access method,

Sending Data over Cable

• Delivering services over a cable network requires different radio

frequencies Downstream frequencies are in the 50 to 860 MHz range, and the upstream frequencies are in the 5 to 42 MHz range

• Two types of equipment are required to send digital modem signals

upstream and downstream on a cable system:

– Cable modem termination system (CMTS) at the headend of the

cable operator

– Cable modem (CM) on the subscriber end

Sending Data over Cable

• CMTS (Cable Modem Termination System): is a component

that exchanges digital signals with cable modems on a cable network A headend CMTS communicates with CMs that are located in subscriber homes

• CM (Cable Modem): enables you to receive data at high

speeds Typically, the cable modem attaches to a standard 10BASE-T Ethernet card in the computer

optic cable

as 2000 subscribers

and carry RF signals to the subscriber

DSL

installed copper wires

copper lines

kilometers (3.5 miles)

(ADSL) and symmetric (SDSL)

DSL

DSL

either end of a copper wire that extends between the CPE

and the DSL access multiplexer (DSLAM)

DSLAM:

– Transceiver: Connects the computer of the teleworker to

the DSL Usually is a DSL modem connected to the

computer using a USB or Ethernet cable Newer DSL

transceivers can be built into small routers with multiple

10/100 switch ports suitable for home office use

– DSLAM: Located at the CO of the carrier, the DSLAM

combines individual DSL connections from users into one high-capacity link to an ISP, and thereby, to the Internet

DSL is not a shared medium Each user has a separate

direct connection to the DSLAM Adding users does not

impede performance, unless the DSLAM Internet connection

ADSL

same wire pair

low-pass filter with two ends

ADSL

the POTS traffic

wireless access point:

limits the local

transmission range

(typically less than

Broadband Wireless

connections has been extended

increasing wireless availability These include:

Municipal Wi-Fi

home deployment

• Mesh

WiMAX

telecommunications technology aimed at providing wireless data over long distances in a variety of ways, from point-to-

point links to full mobile cellular type access

Satellite Internet

including for vessels at sea, airplanes in flight, and vehicles moving on land

•

Broadband Wireless

uses the 2.4 GHz range

complying with these standards:

2.4 GHz

70 Mb/s, and has a range of up to 30 miles (50 km) It can

operate in licensed or unlicensed bands of the spectrum

from 2 to 6 GHz

VPN Technology

What is a VPN?

networks over the public Internet infrastructure that maintain confidentiality and security

What is a VPN?

over a public network

infrastructure that connects branch offices, home offices,

business partner sites, and remote telecommuters to all or

portions of their corporate network

secure and reliable manner using the Internet as the medium

to connect to the private LAN

locations much easier than a leased line

VPNs and Their Benefits

• Cost savings: Organizations can use cost-effective,

third-party Internet transport to connect remote offices and users

to the main corporate site This eliminates expensive

dedicated WAN links and modem banks By using

broadband, VPNs reduce connectivity costs while increasing remote connection bandwidth

• Security: Advanced encryption and authentication protocols

protect data from unauthorized access

• Scalability: VPNs use the Internet infrastructure within ISPs

and carriers, making it easy for organizations to add new

users Organizations, big and small, are able to add large

amounts of capacity without adding significant infrastructure

Types of VPNs: Site-to-site VPNs

locations in the same way as a leased line or Frame Relay

connection is used

Types of VPNs: remote Access VPNs

• Mobile users and telecommuters use remote access VPNs

extensively.

• Most teleworkers now have access to the Internet from their

homes and can establish remote VPNs using broadband

connections

• Each host typically has VPN client software

• Can use VPN concentrator, ASA, router or Firewall to terminate a VPN

VPN Components

Characteristics of Secure VPNs

permit organizations to establish secure, end-to-end, private network connections over the Internet

– Data Confidentiality: Protects data from eavesdroppers

(spoofing)

– Data Integrity: Guarantees that no tampering or

alterations occur

– Authentication: Ensures that only authorized senders

and devices enter the network

and encapsulation

VPN Tunneling

to carry data for users as though the users had access to a private network

packet and sends the new, composite packet over a

network

VPN Tunneling

VPN Data Integrity

VPN Data Integrity

VPN Data Integrity

VPN Data Integrity: VPN Authentication

integrity and the authenticity of a message

data integrity algorithm that guarantees the integrity of the

message

VPN Data Integrity: VPN Authentication

• A HMAC has two parameters: a message input and a secret key known only to the message originator and intended receivers.

• The cryptographic strength of the HMAC depends upon the

cryptographic strength of the underlying hash function, on the size and quality of the key, and the size of the hash output length in

bits.

• Two common HMAC algorithms:

– Message Digest 5 (MD5): Uses a 128-bit shared secret key

– Secure Hash Algorithm 1 (SHA-1): Uses a 160-bit secret key

• The device on the other end of the VPN tunnel must be

authenticated before the communication path is considered secure

– Pre-shared key (PSK)

– RSA signature

IPsec Security Protocols

provides encryption, integrity, and authentication

communications, but relies on existing algorithms

IPsec Security Protocols

authentication, and key exchange Some of the standard

algorithms that IPsec uses are as follows:

DES

length used, and faster throughput

IPsec Security Protocols

chooses the algorithms used to implement the security

services within that framework

Scenario: 6.3.7.2

Scenario: 6.3.7.3

teleworker services, including the differences between

private and public network infrastructures

architecture for providing teleworking services

using DSL, cable, and wireless technology

role and benefits for enterprises and teleworkers

secure teleworker services to an enterprise network