Lecture Outline

1
Lecture Outline

• Packet Switched Services
• Internet
• Security
• Access Technologies

2
Packet Switched Services
3
Packet Switched Services
4
Packet Switched Services

• A Datagram is a connectionless service which adds
  a destination and sequence number to each packet,
  in addition to information about the data stream
  to which the packet belongs. Packets may follow a
  different route, and are reassembled at the
  destination.
• In a Virtual circuit the packet switched network
  establishes an end-to-end circuit between the
  sender and receiver. All packets for that
  transmission take the same route over the virtual
  circuit that has been set up for that
  transmission.

5
X.25

• The oldest packet switched service is X.25, a
  standard developed by ITU-T. X.25 offers
  datagram, switched virtual circuit, and permanent
  virtual circuit services.
• Although widely used in Europe, X.25 is not
  widespread in North America. The primary reason
  is transmission speed, now 2.048 Mbps (up from 64
  Kbps).

6
Frame Relay

• Frame relay is a newer packet switching
  technology that transmits data faster than X.25.
  It differs from X.25 and traditional networks in
  three important ways
• 1. Frame relay only operates at the data link
  layer.
• 2. Frame relay networks do not perform error
  control.
• 3. Frame relay defines two connection data rate
  that are negotiated per connection and for each
  virtual circuit as it is established. (Committed
  information rate and Maximum allowable rate).

7
Asynchronous Transfer Mode (ATM)

• ATM has three important difference from frame
  relay
• ATM uses fixed packet lengths of 53 bytes (5
  bytes of overhead and 48 bytes of user data),
  which is more suitable for voice transmissions.
• ATM provides extensive quality of service
  information that enables the setting of very
  precise priorities among different types of
  transmissions (i.e. voice, video e-mail).
• ATM is scaleable. It is easy to multiplex basic
  ATM circuits into much faster ATM circuits.

8
Commonly Available Services

• Type of Service Approximation Data
  Rates
• Dialed Circuit Services
• Voice-grade 28.8 Kbps to 56 Kbps
• Dedicated Circuit Services
• Voice-grade 28.8 Kbps to 56 Kbps
• T-carrier 65 Kbps to 274 Mbps
• SONET 52 Mbps to 622 Mbps

9
Commonly Available Services

• Type of Service Approximation Data
  Rates
• Circuit Switched Services
• Narrowband ISDN 128 Kbps to 1.5 Mbps
• Broadband ISDN 155 Mbps to 622 Mbps
• Packet-Switched services
• X.25 56 Kbps to 2 Mbps
• Frame relay 56 Kbps to 45 Mbps
• ATM 1.5 Mbps to 622 Mbps

10
Internode Business Connect

• An alternative to both Internet-based Virtual
  Private Networks, and traditional Frame Relay
  and ISDN Wide Area Networks.
• IBC is a private IP network, with a very high
  data delivery ratio, a very low latency (or
  round trip transit delay), and minimal latency
  variation (or jitter). These parameters combine
  to provide the necessary Quality of Service to
  meet the demanding requirements of internal
  business networks.
• The other significant benefit of the IBC
  private IP network is security. The network has
  multiple levels of security, including physical
  POP security, strict authentication requirements
  and L2TP traffic separation. This security is
  fully managed by Internode staff.

11
Internode Business Connect
Sample Network
12
Internet History

• 1969 4 nodes of ARPANET (Advanced Research
  Projects Agency Network) connected.
• 1982 TCP/IP defined for ARPANET
• 1984 DNS introduced
• 1986 NSFNET backbone created
• 1992 WWW released by CERN

13
Internet Governance

• ISOC Internet Society
• www.isoc.org
• IETF Internet Engineering Task Force
• www.ietf.org
• IAB Internet Architecture Board

14
Basic Internet Architecture
15
(No Transcript)
16
IP Packet version
IP4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
1 Version number 4 bits 2 Header length 4
bits 3 Type of Service 8 bits 4 Total length 16
bits 5 Identifiers 16 bits 6 Flags 3
bits 7 Packet offset 13 bits 8 Hop limit 8 bits
9 Protocol 8 bits 10 CRC 16 16 bits 11 Source
address 32 bits 12 Destination Address 32
bits 13 Options varies 14 User
data varies 15 Flow name 24 bits 16 Next
header 8 bits
IP6
1
15
4
16
8
11 (128 bits)
12 (128 bits)
14
17
TCP Connections

• End-to-end connection
• Adds reliability
• Sliding window protocol

18
TCP Packet
1
2
3
4
5
6
7
8
9
10
11
User Data
1 Source ID 16 bits 2 Destination ID 16
bits 3 Sequence number 32 bits 4 ACK number 32
bits 5 Header length 4 bits 6 Unused 6
bits 7 Flags 6 bits 8 Flow control 16
bits 9 CRC 16 16 bits 10 Urgent pointer 16
bits 11 Options 16 bits
19
Security Ratings

• Department of Defense (DOD) provides of network
  security ratings.
• Division D Security Rating (D1)
• Lowest rating
• Basically no security at all
• Division C Security Rating (Sub categories C1 and
  C2
• Provides discretionary (need-to-know) protection
• Audit capabilities to track user actions and
  accountability
• Division B Security Rating (Sub categories B1,
  B2, and B3)
• Must have mandatory protection (system access
  rules)
• Division A Security Rating (A1)
• Highest ratings
• Formal security verification methods
• Requires extensive documentation

20
A Balanced Approach to Security
Size Denotes Effectiveness
Resources
Security Conscious People
Policies and Procedures
Network Controls
Security Software
Threats
21
Protecting the Environment
Securing the Perimeter
Mirror Database Servers
H-IDS
H-IDS
Public Internet
N-IDS
N-IDS
DMZ
HTTP Proxy
FTP
DNS
Database Servers
Hub
IDS Console
22
Internet security

• A security concern on the internet is the growing
  number accessing it via high-speed methods (xDSL
  and cable modems).
• Conditions which allow security intrusion into a
  users machine include
• They are always connected.
• They often have a static IP address.
• To combat intrusion, users are installing
  firewalls.

23
Firewalls

• A firewall is a hardware and software combination
  that serves as a gateway between the users or
  organizations internal network and the Internet.
• Designed to prevent unauthorized access to or
  from a private network.
• Firewalls do not protect from all risk.

24
Firewall Techniques

• There are several types of firewall techniques
• Packet filter
• Application gateway
• Circuit-level gateway
• Proxy server

25
ISP
Access Server
VPN Device
Telephone Line
Office
VPN Device
Employees Home
Internet
VPN Tunnel
Backbone
VPN Tunnel
Office
VPN Device
Backbone
26
ISP POP
Individual Dial-up Customers
ISP Point-of Presence
Modem Pool
ISP POP
Corporate T1 Customer
T1 CSU/DSU
Layer-2 Switch
ATM Switch
ISP POP
Corporate T3 Customer
T3 CSU/DSU
Remote Access Server
Corporate OC-3 Customer
ATM Switch
NAP/MAE
Inside an ISP Point of Presence
27
Digital Subscriber Line (DSL)

• DSL services are quite new and not all common
  carriers offer them.
• Two general categories of DSL services have
  emerged in the marketplace.
• Symmetric DSL (SDSL) provides the same
  transmission rates (up to 128 Kbps) in both
  directions on the circuits.
• Asymmetric DSL (ADSL) provides different data
  rates to (up to 640 Kbps) and from (up to 6.144
  Mbps) the carriers end office. It includes an
  analog channel for voice transmissions.

28
Cable Modems

• One potential competitor to DSL is the cable
  modem a digital service offered by cable
  television companies which offers an upstream
  rate of 1.5-10 Mbps and a downstream rate of 2-30
  Mbps.
• A few cable companies offer downstream services
  only, with upstream communications using regular
  telephone lines.

29
TransportCo Legacy Data Network
DDS 4.8k
DDS 9.6k
DDS Multipoint
ISDN 64k
World Wide Web
Several Dial-up Internet Accounts
Onsite Modems
Legacy Wide Area Network - DDS and ISDN Very low
bit rate - green screens only (no IP
apps). Layer 1 network, 1980s technology ....
30
MiningCo Current Data Network
ISDN
DDS
Frame Relay
DialIP
ISDN
1.0 Mbps Frame Relay Access
2 Mbps
ISDN
Internet Direct
Current network - Hybrid Frame Relay
ISDN Optimal cost layer 2 network, with managed
remote access. Ten times the bandwidth of
legacy, but .....
31
ServiceCo Data Network Solution 2001
World Wide Web
Firewall Cache Proxy etc.
512k to Telstra Internet Direct
Telstra PrivateIP
128k
768k Frame Relay
64k
64k
OnRamp2 ISDN
OnRamp2 ISDN
Newly Installed - Private IP Network Low cost
reliable remote sites Internet, managed routers.
32
http//telstra.com.au/ipsolutions
RetailCo Future Data Network Concept
Hosted Internet Services
RetailCo Corporate Data Centre
Hosted Application Storage Servers
WWW
IP Solutions Secure, any to any, managed IP
network with QoS
Managed Firewall
Future Ubiquitous IP Network with Value Added
Services Add access technologies, bandwidths,
ITT Services indefinitely