Ch. 6 - Teleworker Services - Information Systems Technology

advertisement
PROVIDING TELEWORKER
SERVICES
Accessing the WAN – Chapter 6
Sandra Coleman, CCNA, CCAI
Version 4.0
OBJECTIVES
•
Describe the enterprise requirements for providing
teleworker services
•
Explain how broadband services extend Enterprise
Networks including DSL, cable, and wireless
•
Describe how VPN technology provides secure
teleworker services in an Enterprise setting
ENTERPRISE REQUIREMENTS FOR
PROVIDING TELEWORKER(TELECOMMUTER)
SERVICES
• Describe the benefits of teleworkers for business, society
and the environment.
ENTERPRISE REQUIREMENTS FOR
PROVIDING TELEWORKER SERVICES
• Traditional private
WAN – Frame Relay,
ATM, leased lines.
Provide remote
access solutions.
• IPsec VPNs – offer
flexible and
scalable
connectivity
• Site-to-site
connections – Most
common –
broadband, Secure
VPN over public
internet
ENTERPRISE REQUIREMENTS FOR
PROVIDING TELEWORKER SERVICES
• At home:
Computer,
broadband
access (DSL, etc),
VPN router
• At the office: VPNcapable routers,
security
appliances,
authentication
and mgt devices.
HOW BROADBAND SERVICES EXTEND ENTERPRISE
NETWORKS
• Dialup –
inexpensive,56K
speeds
• DSL – more
expensive, faster
connection<
>=200K
• Cable modem –
similar to DSL,
shared service,
so speed is
affected by #
users
• Satellite –
Satellite modem,
radio signals,
<128K < 512K
HOW BROADBAND SERVICES EXTEND ENTERPRISE
NETWORKS
• Headend –
where signals
are first received,
processed and
distributed
downstream.
• Distribution
network – Tree &
branch system
of cabling.
• Subscriber drop
– connection of
subscriber to the
service.
HOW BROADBAND SERVICES EXTEND ENTERPRISE
NETWORKS
• DSL-high speed connection
over copper wires. Not all
bandwidth of phone wires was
being used, so ADSL took up
the slack.
• Local loop (last mile) –
NOT as shared medium,
therefore each user has a
direct connection to the
DSLAM (DSL Access
Multiplexer).
HOW BROADBAND SERVICES EXTEND ENTERPRISE
NETWORKS
• Provides mobility –
• Municipal – gov’t
working with ISP to
deploy Wi-Fi
• WiMAX – (Worldwide
Interoperability for
Microwave Access)
higher speeds, greater
distances. Aimed at
providing coverage to
rural areas out of reach
by DSL
• Satellite – available
worldwide. Approx
500kbps.
Types of wireless
SECURITY FOR BROADBAND SERVICES EXTEND
ENTERPRISE NETWORKS
• 802.11b – 11 Mbps
• 802.11g – 54 Mbps
• 802.11n - > 54 Mbps
• 802.16 – WiMAX 70 Mbps,
with a range of 30 miles.
VPN TECHNOLOGY
 What is a VPN? virtual
WAN infrastructure that
connects business
partner sites to a
corporate network.
 Virtual – Private network
over a public network
 Private – data is
encrypted
 Each LAN is an IsLANd –
Each inhabitant of the
island gets their own
submarine to connect to
the mainland which is
fast, at your disposal, can
be invisible, and is very
dependable.
VPN TECHNOLOGY
• Cost savings – No more
dedicated lines!
• Security – Advanced
encryption and
authentication protocols
• Scalability – Easy to add
new users without adding
significant infrastructure
changes.
TYPES OF VPN’S
• Site-to-Site – access
between 2 physical
sites.
• Remote-access – gives
remote users acces to
the corporate network
over a shared
infrastructure. Used by
teleworkers and mobile
users.
VPN COMPONENTS
• An existing network
(clients/servers)
• Connection to the
internet
• VPN gateways, such as
routers, firewalls, etc,
that act as endpoints
to establish, maintain,
and manage VPN
connections
• Appropriate software
to create and manage
VPN tunnels
CHARACTERISTICS OF SECURE VPNS
• Data confidentiality – protect data from
eavesdroppers! VPNs do this using mechanisms of
encapsulation and encryption
• Data Integrity – guarantees that no tampering or
alterations to the data occur while it travels from
source to destination. Typicallly done using a hash
feature.
• Authentication – ensures that a message comes from
an authenticated source and goes to an
authenticated destination. Uses passwords, digital
certificates, smart cards, and even biometrics!
VPN TUNNELING
• Tunneling allows the use of public networks to carry
data for users as though the users had access to a
private network. See the figure on pg. 410 for an
example
VPN ENCRYPTION
• Encryption – the act of
coding a given message
into a different format to
alter the data’s
appearance, making it
incomprehensible tot hose
who are not authorized to
view it.
• Uses an algorithm (DES,
3DES, AES, RSA)
• Three basic components –
• Key
• Cipher
• Message
• Hashes – MD5, SHA-1
IPSEC SECURITY PROTOCOLS
• IPsec - a protocol suite
for securing IP
communications that
provides encryption,
integrity, and
authentication.
• 2 main framework
protocols
• Authentication
Header (AH) – used
when confidentiality is
not required. No
encryption. Usually
used with ESP
• Encapsulation
Security Payload (ESP)
– provides
confidentiality and
authentication
WHAT TO DO NOW?
• Online Test – On until Wednesday, April 3, midnight!
• Test grade for Ch. 6 will be the Packet Tracer Skills
Integration Challenge on pg. 219. (LSG04-PTSkills6.pka)
• You will do this NOW!
Download