Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


CCNA Exploration 4 | Chapter 6 - Teleworker Services

No description

Juñel Canoy

on 26 September 2012

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of CCNA Exploration 4 | Chapter 6 - Teleworker Services

What is TELEWORKING TELEWORKING - a broad term referring to conducting work by
connecting to a workplace from a remote location,
with the assistance of telecommunications.

Efficient Teleworking is made possible through broadband
Internet connections, virtual private networks (VPN), and more
advanced technologies, including Voice over IP (VoIP) and
videoconferencing. What is a VPN How it works Operates at layer 2 or 3 of OSI model
•Layer 2 frame – Ethernet
•Layer 3 packet – IP

•allows senders to encapsulate their data in IP
packets that hide the routing and switching
infrastructure of the Internet
•to ensure data security against unwanted viewers,
or hackers. Advantages

-Cost Savings
-Scalability Others ::
~ Protocols
~ Security
~ Appliances Protocols

~ IP Security (IPSec)
~ Transport mode
~ Tunnel mode
~ Point-to-Point Tunneling Protocol (PPTP)
~ Voluntary tunneling method
~ Uses PPP (Point-to-Point Protocol)
~ Layer 2 Tunneling Protocol (L2TP)
Exists at the data link layer of OSI
Composed from PPTP and L2F (Layer 2 Forwarding)
Compulsory tunneling method Tunneling -> allows the use of public networks like the Internet to carry data for users as though the users had access to a private network.
-> encapsulates an entire packet within another packet and sends the new, composite packet over a network. 2) Triple DES (3DES) algorithm VPN Authentication Two Peer Authentication Methods ::

Pre-shared key (PSK)
-> shared between the two parties using a
secure channel before it needs to be used
-> use symmetric key cryptographic algorithms
-> entered into each peer manually and is used
to authenticate the peer

RSA signature
-> uses the exchange of digital certificates to
authenticate the peers. 6.0 - Introduction
6.1 - Business Requirements for teleworker Services
6.1.1 - The Business Requirements for Teleworker Services
6.1.2- The Teleworker Solution
6.2 - Broadband Services
6.2.1- Connecting Teleworkers to the WAN
6.2.2 - Cable
6.2.3 - DSL
6.2.3 - Broadband Wireless
6.3 - VPN Technology
6.3.1 - VPNs and Their Benefits
6.3.2 - Types of VPNs
6.3.3 - VPN Components
6.3.4 - Characteristics of Secure VPNs
6.3.5 - VPN Tunneling
6.3.6 - VPN Data Integrity
6.3.7 - IPsec Security Protocols
6.4 - Summary Broadband
-> advanced communications systems capable of providing high-speed transmission of services, such as data, voice, and video, over the Internet and other networks HISTORY ::
Bell Labs identified typical voice conversation over a local loop having a required bandwidth of 300Hz to 3kHz

Advances in technology allows DSL to use the additional bandwidth from 3 kHz up to 1 MHz to deliver high-speed data services over ordinary copper lines What is DSL DSL
- provides high-speed connections over installed copper wires
- it uses high transmission frequencies(up to 1Mz)
- a connection between subscriber and CO

All forms of DSL service are categorized as ADSL or SDSL

ADSL – uses a frequency range from approximately 20 kHz to
1 MHz
- provides higher downstream bandwidth to the user
than upload bandwidth
SDSL - provides the same capacity in both directions. Establish DSL Connection Separating Data from Voice in ADSL Connection Two Ways to Separate ADSL from Voice

a) microfilter - a passive low-pass filter with two ends. It eliminates the need for a technician to visit the premises and allows the user to use any jack in the house for voice or ADSL service

b) splitter(POTS splitters) - a passive device that separates the DSL traffic from the POTS traffic. Usually located at the CO in which it separates the voice traffic, destined for POTS connections, and the data traffic destined for the DSLAM Cisco EZ-DSL Microfilters DSL Splitter Box Definition : transmission medium of copper wire or optical
fiber wrapped in a protective cover

The cable system uses a coaxial cable that carries
radio frequency (RF) signals across the network. Coaxial
cable is the primary medium used to build cable TV
systems. Early systems were one-way, with cascading amplifiers placed in series along the network to compensate for signal loss.

Modern cable systems provide two-way communication between subscribers and the cable operator. Cable operators
-> now offer customers advanced telecommunications services, including high-speed Internet access, digital cable television, and residential telephone service.
-> typically deploy hybrid fiber-coaxial (HFC) networks to enable high-speed transmission of data to cable modems located in a SOHO. Cable System Sending Digital Signals over Radio Waves (RF) Downstream

the direction of an RF signal transmission (TV channels and data) from the source (headend) to the destination (subscribers). Transmission from source to destination is called the forward path. Downstream frequencies are in the range of 50 to 860 megahertz (MHz). Upstream

the direction of the RF signal transmission from subscribers to the headend, or the return or reverse path. Upstream frequencies are in the range of 5 to 42 MHz. Data-over-Cable Service Interface Specification (DOCSIS) Physical layer

for data signals that the cable operator can use, DOCSIS specifies the channel widths (bandwidths of each channel) as 200 kHz, 400 kHz, 800 kHz, 1.6 MHz, 3.2 MHz, and 6.4 MHz. DOCSIS also specifies modulation techniques (the way to use the RF signal to convey digital data). MAC layer

defines a deterministic access method, time-division multiple access (TDMA) or synchronous code division multiple access method (S-CDMA). DOCSIS specifies the OSI Layer 1 and Layer 2 requirements: Delivering services over a cable network requires different radio frequencies. Downstream frequencies are in the 50 to 860 MHz range, and the upstream frequencies are in the 5 to 42 MHz range

Two types of equipment are required to send digital modem signals upstream and downstream on a cable system:

Cable modem termination system (CMTS) at the headend of the cable operator
Cable modem (CM) on the subscriber end Sending Data over Cable The benefits of Wi-Fi extend beyond not having to use or install wired network connections. Wireless networking provides mobility, increased flexibility and productivity to the teleworker. Municipal Wi-Fi
Satellite Internet Types of Broadband Wireless Access Meshed Municipal Wi-Fi Network WiMAX (Worldwide Interoperability for Microwave Access) Two-way Satellite Internet Satellite Internet services are used in locations where land-based Internet access is not available, or for temporary installations that are continually on the move

There are three ways to connect to the Internet using satellites:
one-way multicast satellite
one-way terrestrial return satellite
two-way satellite The most common standards are included in the IEEE 802.11 wireless local area network (WLAN) standard, which addresses the 5 GHz and 2.4 GHz public (unlicensed) spectrum bands.

The 802.16 (or WiMAX) standard allows transmissions up to 70 Mb/s, and has a range of up to 30 miles (50 km). It can operate in licensed or unlicensed bands of the spectrum from 2 to 6 GHz. Wireless Standards and Security Virtual Private Network (VPN)
-> is a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures.
-> is a way of creating a secure connection to and from a network or computer.
-> is the extension of a private network that encompasses links across shared or public networks like the Internet. Benefits of VPN Disadvantages

-Lack of standards
-Understanding of security issues
-Unpredictable Internet traffic
-Difficult to accommodate products
from different vendors Site-to-Site VPNs ~ Site-to-Site VPN
~ Remote Access
~ PPTP VPN (Dial Up VPN)
~ Point-to-Point
~ MPLS Network Remote Access VPNs PPTP VPNs (Dial Up VPNs) Point-to-Point VPNs MPLS Network Components required to establish this VPN include:

~ An existing network with servers and workstations
~ A connection to the Internet
~ VPN gateways, such as routers, firewalls, VPN
concentrators, and ASAs, that act as endpoints to establish,
manage, and control VPN connections
~ Appropriate software to create and manage VPN tunnels Illustration of VPN Components Security

The key to VPN effectiveness is security. VPNs secure data by encapsulating or encrypting the data. Most VPNs can do both. Encapsulation is also referred to as tunneling, because encapsulation transmits data transparently from network to network through a shared network infrastructure. Encryption codes data into a different format using a secret key. Decryption decodes encrypted data into the original unencrypted format. Security Appliances

~ Intrusion Detection Firewalls
~ VPN Client
~ VPN Server
~ VPN Tunnel
~ VPN Connection
~ Tunneled Data
~ Transit Internetwork Secure VPN requirements
~ All traffic on the secure VPN must be encrypted
and authenticated.
~ The security properties of the VPN must be agreed
to by all parties in the VPN.
~ No one outside the VPN can affect the security
properties of the VPN. Trusted VPN requirements
~ No one other than the trusted VPN provider can affect
the creation or modification of a path in the VPN
~ No one other than the trusted VPN provider can change
data, inject data, or delete data on a path in the VPN
~ The routing and addressing used in a trusted VPN must
be established before the VPN is created. Tunneling VPN Security VPN Encryption Four Common Encryption Algorithms

Data Encryption Standard (DES)
Triple DES (3DES)
Advanced Encryption Standard (AES)
Rivest, Shamir, and Adleman (RSA) VPN Encryption Algorithms Data Encryption Standard
(DES) 56-bit key Triple DES (3DES) Advanced Encryption Standard (AES) 128, 192, and 256-bit keys Rivest, Shamir, and Adleman (RSA) 512, 768, 1024, or larger Using Hashes (message digest) for Data Integrity Hashed Message Authentication Code (HMAC)

-> is a data integrity algorithm that guarantees the integrity of the message
-> has two parameters: a message input and a secret key known only to the message originator and intended receivers
-> function : to produce a value (the message authentication code), formed by condensing the secret key and the message input Two Common HMAC Algorithms:

Message Digest 5 (MD5)
-> uses a 128-bit shared secret key
-> the variable length message and 128-bit shared secret
key are combined and run through the HMAC-MD5
hash algorithm

Secure Hash Algorithm 1 (SHA-1)
-> uses a 160-bit secret key
-> the variable length message and the 160-bit shared
secret key are combined and run through the HMAC-
SHA-1 hash algorithm. VPN Authentication IPsec Framework
Full transcript