www.yorktech.com
Download
Report
Transcript www.yorktech.com
1
Chapter 5
CONNECTING TO THE
INTERNET
Chapter 5: CONNECTING TO THE INTERNET
CHAPTER INTRODUCTION
List the types of routers used for Internet
connections.
Describe the various WAN technologies used for
Internet connections.
Understand the criteria used to select an ISP for a
network Internet connection.
List the criteria for determining how much Internet
bandwidth a network needs.
Determine the Internet access security
requirements for a network.
2
Chapter 5: CONNECTING TO THE INTERNET
UNDERSTANDING INTERNET CONNECTIVITY
ARCHITECTURE
3
Chapter 5: CONNECTING TO THE INTERNET
INTERNET ACCESS ROUTERS
Software
Windows Server 2003
Any Microsoft operating system that supports ICS
Any operating system that provides firewall
capabilities
Hardware
Dedicated devices
4
Chapter 5: CONNECTING TO THE INTERNET
INTERNET CONNECTION TYPES
Dial-up modem
ISDN
CATV and DSL
Leased lines
Frame relay
5
Chapter 5: CONNECTING TO THE INTERNET
DIAL-UP MODEM CONNECTIONS
Maximum speed of 53 Kbps downstream, 33.6
Kbps upstream
Widely available
Requires standard phone line and modem
Inexpensive to implement and run
6
Chapter 5: CONNECTING TO THE INTERNET
ISDN
Dial-up technology
Requires specialized phone line and hardware
Available in two versions
BRI
128 Kbps
PRI
1.544 Mbps
7
Chapter 5: CONNECTING TO THE INTERNET
CATV AND DSL
CATV
Available from cable TV providers.
Bandwidth varies depending on location and other
users.
DSL
Uses standard phone lines.
Consistent bandwidth.
8
Chapter 5: CONNECTING TO THE INTERNET
LEASED LINES
Always-on, high-speed digital connection
Requires special hardware, installation, and
maintenance
Normally available in two variants
T-1 (also known as DS-1)
1.544 Mbps
T-3 (also known as DS-3)
44.736 Mbps
9
Chapter 5: CONNECTING TO THE INTERNET
10
FRAME RELAY
Still requires modem, leased line, or ISDN
connection to ISP.
Allows you to more effectively manage ISP costs if
they are charged on a usage basis.
Not all ISPs provide support for frame relay
connections.
Chapter 5: CONNECTING TO THE INTERNET
11
INTERNET SERVICE PROVIDERS
Provide Internet access to business and residential
customers
Provide related services such as web hosting,
e-mail, and DNS server services
Organized into tiers depending on their proximity to
the Internet backbone
Chapter 5: CONNECTING TO THE INTERNET
UNDERSTANDING ISP SERVICES
Multiple WAN support
IP addresses
DNS servers
E-mail services
Web hosting
Internet domain hosting
12
Chapter 5: CONNECTING TO THE INTERNET
DETERMINING INTERNET CONNECTIVITY
REQUIREMENTS
How much bandwidth?
How many users?
What applications do the users need?
When is Internet bandwidth needed?
Where are the users located?
13
Chapter 5: CONNECTING TO THE INTERNET
14
HOW MUCH BANDWIDTH?
How many users will require Internet access at one
time?
What applications will the users need?
When will the users need access to the Internet?
Where will the users be located?
How much incoming bandwidth will Internet servers
require?
Chapter 5: CONNECTING TO THE INTERNET
15
HOW MANY USERS?
Not necessarily equivalent to the number of
employees.
More accurate measure is how many computers,
particularly in environments where computer
systems may be shared.
Consider work habits such as employees working on
a shift system.
Consider the type of Internet access required by
different users.
Chapter 5: CONNECTING TO THE INTERNET
16
WHAT APPLICATIONS DO THE USERS NEED?
Some applications are more connection-intensive
than others.
Consider implementing restrictions to limit the use
of unauthorized or unnecessary applications.
Chapter 5: CONNECTING TO THE INTERNET
WHEN IS INTERNET BANDWIDTH NEEDED?
Daily schedule
Business model
Annual schedule
17
Chapter 5: CONNECTING TO THE INTERNET
WHERE ARE THE USERS LOCATED?
Influences placement of Internet connectivity
solutions
Can have an effect on IP addressing schemes
Can have an effect on features such as NAT
18
Chapter 5: CONNECTING TO THE INTERNET
19
SECURING AND REGULATING INTERNET
ACCESS
Most companies monitor Internet access by
employees.
Some companies regulate what employees can
access on the Internet.
Threats include viruses, information theft, and loss
of productivity.
Chapter 5: CONNECTING TO THE INTERNET
DETERMINING INTERNET SECURITY
REQUIREMENTS
Limiting applications
Limiting users
Regulating Internet access
20
Chapter 5: CONNECTING TO THE INTERNET
21
LIMITING APPLICATIONS
Using unregistered IP addresses through a firewall
protects systems on the internal network from being
contacted by systems on the Internet.
Port filtering can be used to prevent users from
accessing applications from servers based on the
TCP/IP port number.
Packet filters allow you to control what applications
are accessible through the firewall or proxy server.
Chapter 5: CONNECTING TO THE INTERNET
LIMITING USERS
Two commonly implemented methods of limiting
Internet access by users:
Packet filtering
Authentication
22
Chapter 5: CONNECTING TO THE INTERNET
23
REGULATING INTERNET ACCESS
By using a software application like a proxy server,
you can
Monitor what users are accessing on the Internet.
Identify excessive Internet use.
Block sites based on content.
Chapter 5: CONNECTING TO THE INTERNET
USING NETWORK ADDRESS TRANSLATION
Static NAT
Provides one-to-one translation between
unregistered and registered IP addresses
Dynamic NAT
Provides many-to-many translation between
unregistered and registered IP addresses
Masquerading NAT
Provides many-to-one translation between
unregistered and registered IP addresses
24
Chapter 5: CONNECTING TO THE INTERNET
25
NAT SECURITY
Relies on basic methods and procedures to provide
security
Is not a substitute for a full-featured firewall
Does not provide the capability to block based on
traffic type
Does not protect against denial of service (DoS)
attacks
Chapter 5: CONNECTING TO THE INTERNET
26
STATEFUL PACKET INSPECTION
Inspects the contents of each packet as it travels
between interfaces running the stateful inspection
software
Allows common threats to be identified and filtered
Provides ancillary services such as detailed logging
Chapter 5: CONNECTING TO THE INTERNET
PORT FORWARDING
Allows an internally hosted system to be accessed
through NAT by an external system
Disguises the IP address of the internal system,
which provides added security
Used to take advantage of features like load
balancing and redirection
27
Chapter 5: CONNECTING TO THE INTERNET
USING A PROXY SERVER
Acts as an intermediary between client computers
on a private network and servers on the Internet
Forwards all requests with the IP address of the
proxy server external interface
Works only with specific client applications
Allows Internet access to be controlled and
monitored
28
Chapter 5: CONNECTING TO THE INTERNET
USING MICROSOFT INTERNET SECURITY AND
ACCELERATION SERVER 2000
Microsoft’s integrated proxy and firewall solution
Provides policy-based security
Requires users to authenticate before granting
Internet access
Caches information retrieved from the Internet to
improve performance
29
Chapter 5: CONNECTING TO THE INTERNET
SELECTING AN INTERNET ACCESS METHOD
NAT
Low security, low level of control
Proxy
High security, high level of control
30
Chapter 5: CONNECTING TO THE INTERNET
31
CHAPTER SUMMARY
Internet access routers can range from workstation
computers to servers to dedicated hardware
devices.
WAN technologies used to establish Internet
connectivity include dial-up modems, ISDN, CATV,
DSL, leased lines, and frame relay.
ISPs can provide a variety of services to business
clients in addition to providing simple Internet
access.
The Internet bandwidth needed by a network is
based on the number of users and the types of
applications they run.
Chapter 5: CONNECTING TO THE INTERNET
32
CHAPTER SUMMARY (continued)
An Internet connection is a gateway that can work in
both directions, enabling Internet users to access
your private network as well as allowing your users
Internet access.
Most NAT implementations today use
masquerading, a technique that maps unregistered
IP addresses to a single registered IP address
combined with a port number.
Proxy server products have evolved to now include
an array of firewall and access-control features that
provide comprehensive Internet security for a
private network.