Chapter 5 PowerPoint

11

CONNECTING TO THE INTERNET

Chapter 5

Chapter 5: CONNECTING TO THE INTERNET 2

CHAPTER INTRODUCTION

List the types of routers used for Internet connections.

Describe the various WAN technologies used for Internet connections.

Understand the criteria used to select an ISP for a network Internet connection.

List the criteria for determining how much Internet bandwidth a network needs.

Determine the Internet access security requirements for a network.


UNDERSTANDING INTERNET CONNECTIVITY ARCHITECTURE


INTERNET ACCESS ROUTERS

Software Windows Server 2003

Any Microsoft operating system that supports ICS

Any operating system that provides firewall capabilities

Hardware Dedicated devices


INTERNET CONNECTION TYPES

Dial-up modem

ISDN

CATV and DSL

Leased lines

Frame relay


DIAL-UP MODEM CONNECTIONS

Maximum speed of 53 Kbps downstream, 33.6 Kbps upstream

Widely available

Requires standard phone line and modem

Inexpensive to implement and run


ISDN

Dial-up technology

Requires specialized phone line and hardware

Available in two versions

BRI

128 Kbps

PRI

1.544 Mbps


CATV AND DSL

CATV Available from cable TV providers.

Bandwidth varies depending on location and other users.

DSL Uses standard phone lines.

Consistent bandwidth.


LEASED LINES

Always-on, high-speed digital connection

Requires special hardware, installation, and maintenance

Normally available in two variants

T-1 (also known as DS-1)

1.544 Mbps

T-3 (also known as DS-3)

44.736 Mbps


FRAME RELAY

Still requires modem, leased line, or ISDN connection to ISP.

Allows you to more effectively manage ISP costs if they are charged on a usage basis.

Not all ISPs provide support for frame relay connections.


INTERNET SERVICE PROVIDERS

Provide Internet access to business and residential customers

Provide related services such as web hosting, e-mail, and DNS server services

Organized into tiers depending on their proximity to the Internet backbone


UNDERSTANDING ISP SERVICES

Multiple WAN support

IP addresses

DNS servers

E-mail services

Web hosting

Internet domain hosting


DETERMINING INTERNET CONNECTIVITY REQUIREMENTS

How much bandwidth?

How many users?

What applications do the users need?

When is Internet bandwidth needed?

Where are the users located?


HOW MUCH BANDWIDTH?

How many users will require Internet access at one time?

What applications will the users need?

When will the users need access to the Internet?

Where will the users be located?

How much incoming bandwidth will Internet servers require?


HOW MANY USERS?

Not necessarily equivalent to the number of employees.

More accurate measure is how many computers, particularly in environments where computer systems may be shared.

Consider work habits such as employees working on a shift system.

Consider the type of Internet access required by different users.


WHAT APPLICATIONS DO THE USERS NEED?

Some applications are more connection-intensive than others.

Consider implementing restrictions to limit the use of unauthorized or unnecessary applications.


WHEN IS INTERNET BANDWIDTH NEEDED?

Daily schedule

Business model

Annual schedule


WHERE ARE THE USERS LOCATED?

Influences placement of Internet connectivity solutions

Can have an effect on IP addressing schemes

Can have an effect on features such as NAT


SECURING AND REGULATING INTERNET ACCESS

Most companies monitor Internet access by employees.

Some companies regulate what employees can access on the Internet.

Threats include viruses, information theft, and loss of productivity.


DETERMINING INTERNET SECURITY REQUIREMENTS

Limiting applications

Limiting users

Regulating Internet access


LIMITING APPLICATIONS

Using unregistered IP addresses through a firewall protects systems on the internal network from being contacted by systems on the Internet.

Port filtering can be used to prevent users from accessing applications from servers based on the TCP/IP port number.

Packet filters allow you to control what applications are accessible through the firewall or proxy server.


LIMITING USERS

Two commonly implemented methods of limiting Internet access by users: Packet filtering

Authentication


REGULATING INTERNET ACCESS

By using a software application like a proxy server, you can Monitor what users are accessing on the

Internet.

Identify excessive Internet use.

Block sites based on content.


USING NETWORK ADDRESS TRANSLATION

Static NAT

Provides one-to-one translation between unregistered and registered IP addresses

Dynamic NAT

Provides many-to-many translation between unregistered and registered IP addresses

Masquerading NAT

Provides many-to-one translation between unregistered and registered IP addresses


NAT SECURITY

Relies on basic methods and procedures to provide security

Is not a substitute for a full-featured firewall

Does not provide the capability to block based on traffic type

Does not protect against denial of service (DoS) attacks


STATEFUL PACKET INSPECTION

Inspects the contents of each packet as it travels between interfaces running the stateful inspection software

Allows common threats to be identified and filtered

Provides ancillary services such as detailed logging


PORT FORWARDING

Allows an internally hosted system to be accessed through NAT by an external system

Disguises the IP address of the internal system, which provides added security

Used to take advantage of features like load balancing and redirection


USING A PROXY SERVER

Acts as an intermediary between client computers on a private network and servers on the Internet

Forwards all requests with the IP address of the proxy server external interface

Works only with specific client applications

Allows Internet access to be controlled and monitored


USING MICROSOFT INTERNET SECURITY AND ACCELERATION SERVER 2000

Microsoft’s integrated proxy and firewall solution

Provides policy-based security

Requires users to authenticate before granting Internet access

Caches information retrieved from the Internet to improve performance


SELECTING AN INTERNET ACCESS METHOD

NAT

Low security, low level of control

Proxy

High security, high level of control


CHAPTER SUMMARY

Internet access routers can range from workstation computers to servers to dedicated hardware devices.

WAN technologies used to establish Internet connectivity include dial-up modems, ISDN, CATV, DSL, leased lines, and frame relay.

ISPs can provide a variety of services to business clients in addition to providing simple Internet access.

The Internet bandwidth needed by a network is based on the number of users and the types of applications they run.


CHAPTER SUMMARY (continued)

An Internet connection is a gateway that can work in both directions, enabling Internet users to access your private network as well as allowing your users Internet access.

Most NAT implementations today use masquerading, a technique that maps unregistered IP addresses to a single registered IP address combined with a port number.

Proxy server products have evolved to now include an array of firewall and access-control features that provide comprehensive Internet security for a private network.

Documents

Chapter 5 PowerPoint