CCNA – Semester 4




Chapter 6: Teleworker Services

       CCNA Exploration 4.0
Objectives
•   Describe the enterprise requirements for providing
    teleworker services, including the differences betwe...
Business Requirements for
   Teleworker Services




                            3
The Business Requirements for Teleworker
Services
•   More and more companies are finding it beneficial to have
    telewo...
The Teleworker Solution
•   Organizations need secure, reliable, and cost-effective
    networks to connect corporate head...
The Teleworker Solution




                          6
Teleworker Solution Components




                                 7
Broadband Services




                     8
Connecting Teleworkers to the WAN
•   Teleworkers typically use diverse applications (for example,
    e-mail, web-based a...
Connecting Teleworkers to the WAN




DSL
• Also uses telephone lines, more expensive than dialup, but
  provides a faster...
Connecting Teleworkers to the WAN




Satellite
• Offered by satellite service providers.
• The computer connects through ...
Connecting Teleworkers to the WAN




Cable modem
• Offered by cable television service providers. The Internet
  signal i...
Cable
•   Accessing the Internet through a cable network is a popular
    option used by teleworkers to access their enter...
What is a Cable System




                         14
What is a Cable System




                         15
Sending Digital Signals over Radio Waves




                                           16
Cable
•   The Data-over-Cable Service Interface Specification
    (DOCSIS) is a standard for certification of cable equipm...
Sending Data over Cable




• Delivering services over a cable network requires different radio
    frequencies. Downstrea...
Sending Data over Cable
•   CMTS (Cable Modem Termination System): is a component
    that exchanges digital signals with ...
DSL




•   Is a means of providing high-speed connections over
    installed copper wires.
•   Uses high transmission fre...
DSL




      21
DSL
•   The connection is set up between a pair of modems on
    either end of a copper wire that extends between the CPE
...
DSL




•   The advantage that DSL has over cable technology is that
    DSL is not a shared medium. Each user has a separ...
ADSL




• A key feature of ADSL is coexistence with POTS.
• Transmission of voice and data signals is performed on the
  ...
ADSL




•   A microfilter is a passive low-
    pass filter with two ends.


                                      25
ADSL




       •   Splitters separate the DSL traffic from
           the POTS traffic.


                               ...
Broadband Wireless
•   Wireless networking,
    or Wi-Fi (wireless
    fidelity), not only in the
    SOHO, but on
    ent...
Broadband Wireless




•   With advances in technology, the reach of wireless
    connections has been extended.
•   New d...
Municipal Wi-Fi
•   Single router: typical
    home deployment



•   Mesh




                             29
WiMAX




•   WiMAX (Worldwide Interoperability for Microwave Access) is
    telecommunications technology aimed at provid...
Satellite Internet




•   Internet access using satellites is available worldwide,
    including for vessels at sea, airp...
Broadband Wireless
•   Teleworker equipment generally
    uses the 2.4 GHz range
    complying with these standards:
     ...
VPN Technology




                 33
What is a VPN?




•   VPN technology enables organizations to create private
    networks over the public Internet infras...
What is a VPN?
•   Virtual: Information within a private network is transported
    over a public network.
•   Private: Th...
VPNs and Their Benefits
•   Cost savings: Organizations can use cost-effective, third-
    party Internet transport to con...
Types of VPNs: Site-to-site VPNs




•   Organizations use site-to-site VPNs to connect dispersed
    locations in the sam...
Types of VPNs: remote Access VPNs




•   Mobile users and telecommuters use remote access VPNs
    extensively.
•   Most ...
VPN Components




                 39
Characteristics of Secure VPNs
•   VPNs use advanced encryption techniques and tunneling to
    permit organizations to es...
VPN Tunneling
•   Tunneling allows the use of public networks like the Internet
    to carry data for users as though the ...
VPN Tunneling




                42
VPN Data Integrity




•   VPN encryption encrypts the data and renders it unreadable
    to unauthorized receivers.
     ...
VPN Data Integrity




                     44
VPN Data Integrity




                     45
VPN Data Integrity: VPN Authentication




•   VPNs use a message authentication code to verify the
    integrity and the ...
VPN Data Integrity: VPN Authentication
•   A HMAC has two parameters: a message input and a secret key
    known only to t...
IPsec Security Protocols
•   IPsec is protocol suite for securing IP communications which
    provides encryption, integri...
IPsec Security Protocols
•   IPsec relies on existing algorithms to implement encryption,
    authentication, and key exch...
IPsec Security Protocols




•   IPsec provides the framework, and the administrator
    chooses the algorithms used to im...
Scenario: 6.3.7.2




                    51
Scenario: 6.3.7.3




                    52
Summary
•   Describe the enterprise requirements for providing
    teleworker services, including the differences between
...
Upcoming SlideShare
Loading in...5
×

Ca Ex S4 C6 Teleworker Services

1,732

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,732
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
87
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Ca Ex S4 C6 Teleworker Services

  1. 1. CCNA – Semester 4 Chapter 6: Teleworker Services CCNA Exploration 4.0
  2. 2. Objectives • Describe the enterprise requirements for providing teleworker services, including the differences between private and public network infrastructures. • Describe the teleworker requirements and recommended architecture for providing teleworking services. • Explain how broadband services extend enterprise networks using DSL, cable, and wireless technology. • Describe the importance of VPN technology, including its role and benefits for enterprises and teleworkers. • Describe how VPN technology can be used to provide secure teleworker services to an enterprise network. 2
  3. 3. Business Requirements for Teleworker Services 3
  4. 4. The Business Requirements for Teleworker Services • More and more companies are finding it beneficial to have teleworkers. 4
  5. 5. The Teleworker Solution • Organizations need secure, reliable, and cost-effective networks to connect corporate headquarters, branch offices, and suppliers. • Three remote connection technologies available to organizations for supporting teleworker services: – Traditional private WAN Layer 2 technologies, including Frame Relay, ATM, and leased lines, provide many remote connection solutions. The security of these connections depends on the service provider. – IPsec Virtual Private Networks (VPNs) offer flexible and scalable connectivity. – Site-to-site connections can provide a secure, fast, and reliable remote connection to teleworkers. 5
  6. 6. The Teleworker Solution 6
  7. 7. Teleworker Solution Components 7
  8. 8. Broadband Services 8
  9. 9. Connecting Teleworkers to the WAN • Teleworkers typically use diverse applications (for example, e-mail, web-based applications, mission-critical applications, real-time collaboration, voice, video, and videoconferencing) that require a high-bandwidth connection. • The choice of access network technology and the need to ensure suitable bandwidth are the first considerations to address when connecting teleworkers. • Dialup access – An inexpensive option that uses any phone line and a modem. To connect to the ISP, a user calls the ISP access phone number. – Dialup is the slowest connection option, and is typically used by mobile workers in areas where higher speed connection options are not available. 9
  10. 10. Connecting Teleworkers to the WAN DSL • Also uses telephone lines, more expensive than dialup, but provides a faster connection. • Provides a continuous connection to the Internet. • Uses a special high-speed modem that separates the DSL signal from the telephone signal and provides an Ethernet connection to a host computer or LAN. 10
  11. 11. Connecting Teleworkers to the WAN Satellite • Offered by satellite service providers. • The computer connects through Ethernet to a satellite modem that transmits radio signals to the nearest point of presence (POP) within the satellite network. 11
  12. 12. Connecting Teleworkers to the WAN Cable modem • Offered by cable television service providers. The Internet signal is carried on the same coaxial cable that delivers cable television. A special cable modem separates the Internet signal from the other signals carried on the cable and provides an Ethernet connection to a host computer or LAN. 12
  13. 13. Cable • Accessing the Internet through a cable network is a popular option used by teleworkers to access their enterprise network. • The cable system uses a coaxial cable that carries radio frequency (RF) signals across the network. Coaxial cable is the primary medium used to build cable TV systems. • CATV originally meant “community antenna television.” This form of transmission shared TV signals • Cable systems were originally built to extend the reach of TV signals and improve over-the-air TV reception • Modem cable systems use fiber and coaxial cable for signal transmission 13
  14. 14. What is a Cable System 14
  15. 15. What is a Cable System 15
  16. 16. Sending Digital Signals over Radio Waves 16
  17. 17. Cable • The Data-over-Cable Service Interface Specification (DOCSIS) is a standard for certification of cable equipment vendor devices (cable modem and cable modem termination system). • DOCSIS specifies the physical and MAC layers. – Physical layer: DOCSIS specifies the channel widths – MAC layer - Defines a deterministic access method, TDMA or S-CDMA. • DOCSIS defines RF interface requirements for a data-over- cable system. • Cable equipment vendors must pass certification conducted by CableLabs. • Euro-DOCSIS is a variation adapted for use in Europe. About DOCSIS: http://www.cablemodem.com/specifications About Euro-DOCSIS: http://www.euro-docsis.com 17
  18. 18. Sending Data over Cable • Delivering services over a cable network requires different radio frequencies. Downstream frequencies are in the 50 to 860 MHz range, and the upstream frequencies are in the 5 to 42 MHz range. • Two types of equipment are required to send digital modem signals upstream and downstream on a cable system: – Cable modem termination system (CMTS) at the headend of the cable operator – Cable modem (CM) on the subscriber end 18
  19. 19. Sending Data over Cable • CMTS (Cable Modem Termination System): is a component that exchanges digital signals with cable modems on a cable network. A headend CMTS communicates with CMs that are located in subscriber homes. • CM (Cable Modem): enables you to receive data at high speeds. Typically, the cable modem attaches to a standard 10BASE-T Ethernet card in the computer. • Fiber: The trunk portion of the cable network is usually fiber optic cable. • Node: converts optical signals to RF signals • Distribution Area (feeder segment) is from 500 to as many as 2000 subscribers • Coaxial cable: coaxial feeder cables originate from the note and carry RF signals to the subscriber. 19
  20. 20. DSL • Is a means of providing high-speed connections over installed copper wires. • Uses high transmission frequencies (up to 1 MHz). • Technology for delivering high bandwidth over regular copper lines. • Connection between subscriber and CO, less than 5.5 kilometers (3.5 miles). • The two basic types of DSL technologies are asymmetric (ADSL) and symmetric (SDSL). 20
  21. 21. DSL 21
  22. 22. DSL • The connection is set up between a pair of modems on either end of a copper wire that extends between the CPE and the DSL access multiplexer (DSLAM). • The two key components are the DSL transceiver and the DSLAM: – Transceiver: Connects the computer of the teleworker to the DSL. Usually is a DSL modem connected to the computer using a USB or Ethernet cable. Newer DSL transceivers can be built into small routers with multiple 10/100 switch ports suitable for home office use. – DSLAM: Located at the CO of the carrier, the DSLAM combines individual DSL connections from users into one high-capacity link to an ISP, and thereby, to the Internet. 22
  23. 23. DSL • The advantage that DSL has over cable technology is that DSL is not a shared medium. Each user has a separate direct connection to the DSLAM. Adding users does not impede performance, unless the DSLAM Internet connection to the ISP, or the Internet, becomes saturated. 23
  24. 24. ADSL • A key feature of ADSL is coexistence with POTS. • Transmission of voice and data signals is performed on the same wire pair. • Data circuits are offloaded from the voice switch. 24
  25. 25. ADSL • A microfilter is a passive low- pass filter with two ends. 25
  26. 26. ADSL • Splitters separate the DSL traffic from the POTS traffic. 26
  27. 27. Broadband Wireless • Wireless networking, or Wi-Fi (wireless fidelity), not only in the SOHO, but on enterprise campuses as well. • Uses 802.11 networking standards • Wireless router or wireless access point: limits the local transmission range (typically less than 100 feet) 27
  28. 28. Broadband Wireless • With advances in technology, the reach of wireless connections has been extended. • New developments in broadband wireless technology are increasing wireless availability. These include: – Municipal Wi-Fi – WiMAX – Satellite Internet 28
  29. 29. Municipal Wi-Fi • Single router: typical home deployment • Mesh 29
  30. 30. WiMAX • WiMAX (Worldwide Interoperability for Microwave Access) is telecommunications technology aimed at providing wireless data over long distances in a variety of ways, from point-to- point links to full mobile cellular type access. 30
  31. 31. Satellite Internet • Internet access using satellites is available worldwide, including for vessels at sea, airplanes in flight, and vehicles moving on land. • Three ways to connect to the Internet using satellites: one- way multicast, one-way terrestrial return, and two-way. 31
  32. 32. Broadband Wireless • Teleworker equipment generally uses the 2.4 GHz range complying with these standards: – 802.11b - 11 Mb/s, 2.4 GHz – 802.11g - 54 Mb/s, 2.4 GHz – 802.11n > 54 Mb/s, MIMO, 2.4 GHz • The 802.16 (or WiMAX) standard allows transmissions up to 70 Mb/s, and has a range of up to 30 miles (50 km). It can operate in licensed or unlicensed bands of the spectrum from 2 to 6 GHz. 32
  33. 33. VPN Technology 33
  34. 34. What is a VPN? • VPN technology enables organizations to create private networks over the public Internet infrastructure that maintain confidentiality and security. 34
  35. 35. What is a VPN? • Virtual: Information within a private network is transported over a public network. • Private: The traffic is encrypted to keep the data confidential. • Organizations use VPNs to provide a virtual WAN infrastructure that connects branch offices, home offices, business partner sites, and remote telecommuters to all or portions of their corporate network. • Each remote member of your network can communicate in a secure and reliable manner using the Internet as the medium to connect to the private LAN. • A VPN can grow to accommodate more users and different locations much easier than a leased line. 35
  36. 36. VPNs and Their Benefits • Cost savings: Organizations can use cost-effective, third- party Internet transport to connect remote offices and users to the main corporate site. This eliminates expensive dedicated WAN links and modem banks. By using broadband, VPNs reduce connectivity costs while increasing remote connection bandwidth. • Security: Advanced encryption and authentication protocols protect data from unauthorized access. • Scalability: VPNs use the Internet infrastructure within ISPs and carriers, making it easy for organizations to add new users. Organizations, big and small, are able to add large amounts of capacity without adding significant infrastructure. 36
  37. 37. Types of VPNs: Site-to-site VPNs • Organizations use site-to-site VPNs to connect dispersed locations in the same way as a leased line or Frame Relay connection is used. • In a site-to-site VPN, hosts send and receive TCP/IP traffic through a VPN gateway • Can use ASA, router or Firewall to terminate a VPN 37
  38. 38. Types of VPNs: remote Access VPNs • Mobile users and telecommuters use remote access VPNs extensively. • Most teleworkers now have access to the Internet from their homes and can establish remote VPNs using broadband connections. • Each host typically has VPN client software. • Can use VPN concentrator, ASA, router or Firewall to terminate a VPN 38
  39. 39. VPN Components 39
  40. 40. Characteristics of Secure VPNs • VPNs use advanced encryption techniques and tunneling to permit organizations to establish secure, end-to-end, private network connections over the Internet. • The foundation of a secure VPN is: – Data Confidentiality: Protects data from eavesdroppers (spoofing). – Data Integrity: Guarantees that no tampering or alterations occur. – Authentication: Ensures that only authorized senders and devices enter the network. • Data confidentiality and data integrity depend on encryption and encapsulation. 40
  41. 41. VPN Tunneling • Tunneling allows the use of public networks like the Internet to carry data for users as though the users had access to a private network. • Tunneling encapsulates an entire packet within another packet and sends the new, composite packet over a network. 41
  42. 42. VPN Tunneling 42
  43. 43. VPN Data Integrity • VPN encryption encrypts the data and renders it unreadable to unauthorized receivers. 43
  44. 44. VPN Data Integrity 44
  45. 45. VPN Data Integrity 45
  46. 46. VPN Data Integrity: VPN Authentication • VPNs use a message authentication code to verify the integrity and the authenticity of a message. • A keyed hashed message authentication code (HMAC) is a data integrity algorithm that guarantees the integrity of the message. 46
  47. 47. VPN Data Integrity: VPN Authentication • A HMAC has two parameters: a message input and a secret key known only to the message originator and intended receivers. • The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, on the size and quality of the key, and the size of the hash output length in bits. • Two common HMAC algorithms: – Message Digest 5 (MD5): Uses a 128-bit shared secret key. – Secure Hash Algorithm 1 (SHA-1): Uses a 160-bit secret key. • The device on the other end of the VPN tunnel must be authenticated before the communication path is considered secure – Pre-shared key (PSK) – RSA signature 47
  48. 48. IPsec Security Protocols • IPsec is protocol suite for securing IP communications which provides encryption, integrity, and authentication. • IPsec spells out the messaging necessary to secure VPN communications, but relies on existing algorithms. • Two main IPsec framework protocols: 48
  49. 49. IPsec Security Protocols • IPsec relies on existing algorithms to implement encryption, authentication, and key exchange. Some of the standard algorithms that IPsec uses are as follows: – DES: Encrypts and decrypts packet data. – 3DES: Provides significant encryption strength over 56-bit DES. – AES: Provides stronger encryption, depending on the key length used, and faster throughput. – MD5: Authenticates packet data, using a 128-bit shared secret key. – SHA-1: Authenticates packet data, using a 160-bit shared secret key. – DH: Allows two parties to establish a shared secret key used by encryption and hash algorithms. 49
  50. 50. IPsec Security Protocols • IPsec provides the framework, and the administrator chooses the algorithms used to implement the security services within that framework. 50
  51. 51. Scenario: 6.3.7.2 51
  52. 52. Scenario: 6.3.7.3 52
  53. 53. Summary • Describe the enterprise requirements for providing teleworker services, including the differences between private and public network infrastructures. • Describe the teleworker requirements and recommended architecture for providing teleworking services. • Explain how broadband services extend enterprise networks using DSL, cable, and wireless technology. • Describe the importance of VPN technology, including its role and benefits for enterprises and teleworkers. • Describe how VPN technology can be used to provide secure teleworker services to an enterprise network. 53
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×