Continuity of operations
Secure, reliable, and manageable access to information
Cost-effective integration of data, voice, video, and applications
Increased employee productivity, satisfaction, and retention
Increased employment opportunities for marginalized groups
Less travel and commuter related stress
Reduced carbon footprints, both for individual workers and organizations
- Traditional private WAN Layer 2 technologies, including Frame Relay, ATM, and leased lines, provide many remote connection solutions. The security of these connections depends on the service provider.
- IPsec Virtual Private Networks (VPNs) offer flexible and scalable connectivity. Site-to-site connections can provide a secure, fast, and reliable remote connection to teleworkers.
- The term broadband refers to advanced communications systems capable of providing high-speed transmission of services, such as data, voice, and video, over the Internet and other networks. Transmission is provided by a wide range of technologies, including digital subscriber line (DSL) and fiber-optic cable, coaxial cable, wireless technology, and satellite. The broadband service data transmission speeds typically exceed 200 kilobits per second (kb/s), or 200,000 bits per second, in at least one direction: downstream (from the Internet to the user's computer) or upstream (from the user's computer to the Internet).
Dialup access is an inexpensive option that uses any phone line and a modem.
It is the slowest connection option, and is typically used in areas where higher speed connections are not available.
Cable operators typically deploy hybrid fiber-coaxial (HFC) networks to enable high-speed transmission of data to cable modems located in a SOHO.
- The abbreviation CATV originally meant "community antenna television". This form of transmission shared TV signals
- Cable systems were originally built to extend the reach of TV signals and improve over-the-air TV reception.
- Modern cable systems use fiber and coaxial cable for signal transmission.
• Cable uses a part of RF electromagnetic frequencies.
• Cable can transmit signal simultaneously in either direction.
• RF portion used is subdivided for the two paths:
- Downstream: Headend-to-subscriber has 810 MHz of RF bandwidth.
- Upstream: Subscriber-to-headend has 37 MHz of RF bandwidth.
DOCSIS (Data-over-Cable Service Interface Specification)
DOCSIS is a standard for certification of cable equipment vendor devices (cable modem and cable modem termination system).
DOCSIS specifies the physical and MAC layers.
DOCSIS defines RF interface requirements for a data-over-cable system.
Cable equipment vendors must pass certification conducted by CableLabs.
Euro-DOCSIS is a variation adapted for use in Europe.
Two types of equipment are required to send digital modem signals upstream and downstream on a cable system:
1) Cable modem termination system (CMTS) at the headend of the cable operator
2) Cable modem (CM) on the subscriber end
Distribution network segment (feeder segment) is from 500 up to 2000 active subscribers.
The actual bandwidth for Internet service over a CATV line can be up to 27 Mb/s on the download path to the subscriber and about 2.5 Mb/s of bandwidth on the upload path. Based on the cable network architecture, cable operator provisioning practices, and traffic load, an individual subscriber can typically get an access speed of between 256 kb/s and 6 Mb/s.
DSL is a means of providing high-speed connections over installed copper wires.
- Uses high transmission frequencies ( 20kHz to 1 MHz)
- Technology for delivering high bandwidth over regular copper lines
- Connection between subscriber and CO
The two basic types of DSL technologies are asymmetric (ADSL) and symmetric (SDSL).
For satisfactory service, the loop must be less than 5.5 kilometers (3.5 miles).
A microfilter is a passive low-pass filter with two ends. One end connects to the telephone, and the other end connects to the telephone wall jack.
POTS splitters separate the DSL traffic from the POTS traffic. The splitter acts as a low-pass filter, allowing only the 0 to 4 kHz frequencies to pass to or from the telephone.
Municipal Wi-Fi - provide high-speed Internet access at no cost or for substantially less than the price of other broadband services.
WiMAX - operates at higher speeds, over greater distances, and for a greater number of users than Wi-Fi. B
Satellite Internet - are used in locations where land-based Internet access is not available, or for temporary installations that are continually on the move. There are three ways to connect to the Internet using satellites: one-way multicast, one-way terrestrial return, and two-way.
Benefits when using VPNs:
- Cost savings - Organizations can use cost-effective, third-party Internet transport to connect remote offices and users to the main corporate site. This eliminates expensive dedicated WAN links and modem banks. By using broadband, VPNs reduce connectivity costs while increasing remote connection bandwidth.
- Security - Advanced encryption and authentication protocols protect data from unauthorized access.
- Scalability - VPNs use the Internet infrastructure within ISPs and carriers, making it easy for organizations to add new users. Organizations, big and small, are able to add large amounts of capacity without adding significant infrastructure.Types:
- Site to site VPN - extension of classic WAN, hosts send and receive TCP/IP traffic through a VPN gateway, which could be a router, PIX firewall appliance, or an Adaptive Security Appliance (ASA).
- Remote-access VPN - each host typically has VPN client software.
Some of the more common encryption algorithms and the length of keys they use are as follows:
- Data Encryption Standard (DES) algorithm - Developed by IBM, DES uses a 56-bit key, ensuring high-performance encryption. DES is a symmetric key cryptosystem. Symmetric and asymmetric keys are explained below.
- Triple DES (3DES) algorithm - A newer variant of DES that encrypts with one key, decrypts with another different key, and then encrypts one final time with another key. 3DES provides significantly more strength to the encryption process.
- Advanced Encryption Standard (AES) - The National Institute of Standards and Technology (NIST) adopted AES to replace the existing DES encryption in cryptographic devices. AES provides stronger security than DES and is computationally more efficient than 3DES. AES offers three different key lengths: 128, 192, and 256-bit keys.
- Rivest, Shamir, and Adleman (RSA) - An asymmetrical key cryptosystem. The keys use a bit length of 512, 768, 1024, or larger.
Symmetric Encryption - equires knowledge of which computers will be talking to each other so that the same key can be configured on each computer.
Asymmetric Encryption -
Asymmetric encryption uses different keys for encryption and decryption. Knowing one of the keys does not allow a hacker to deduce the second key and decode the information.
Public key encryption is a variant of asymmetric encryption that uses a combination of a private key and a public key. The recipient gives a public key to any sender with whom the recipient wants to communicate. The sender uses a private key combined with the recipient's public key to encrypt the message. Also, the sender must share their public key with the recipient. To decrypt a message, the recipient will use the public key of the sender with their own private key.
A hash, also called a message digest, is a number generated from a string of text. A keyed hashed message authentication code (HMAC) is a data integrity algorithm that guarantees the integrity of the message.
There are two common HMAC algorithms:
- Message Digest 5 (MD5) - Uses a 128-bit shared secret key.
- Secure Hash Algorithm 1 (SHA-1) - Uses a 160-bit secret key.
There are two peer authentication methods:
-Pre-shared key (PSK) - A secret key that is shared between the two parties using a secure channel before it needs to be used. PSKs use symmetric key cryptographic algorithms.
-RSA signature - Uses the exchange of digital certificates to authenticate the peers.
IPsec is protocol suite for securing IP communications which provides encryption, integrity, and authentication. IPsec spells out the messaging necessary to secure VPN communications, but relies on existing algorithms.
There are two main IPsec framework protocols:
- Authentication Header (AH) - Use when confidentiality is not required or permitted. AH provides data authentication and integrity for IP packets passed between two systems. It verifies that any message passed from R1 to R2 has not been modified during transit.
- Encapsulating Security Payload (ESP) - Provides confidentiality and authentication by encrypting the IP packet. IP packet encryption conceals the data and the identities of the source and destination.