Transcript chapter_14 - Homework Market

Chapter Fourteen
Working with Remote Access
Objectives
• Examines some protocols that allows a user to
log onto the network from far away
• Examines some different options for
connecting remotely
• Looks at some different carrier options
• Learns to configure a machine for RAS or DUN
Remote Access Protocols
• Making a remote connection is similar as any
other network connection. You need proper
protocol:
– PPP
– PPTP
– RDP and ICA
The Point-to-Point Protocol
• An early protocol that supported
dial-up networking or ISDN
connections
– Based on the Serial Line IP
protocol of the dark ages of
computing
• PPP is a layed protocol which is
broken down into three layers
– Link Control Protocol
– Network Control Protocol
– IP Control Protocol
The Point-to-Point Protocol
• LCP provides the end-to-end services. It handles the tasks of
establishing the connection, exchanging configuration
information, and monitoring the connection while it exists.
• NCP transports the data being sent by specific networking
suites, such as TCP/IP or IPX/SPX.
• IPCP allows for IP packets to be transmitted over a PPP
connection.
Services Provided by PPP
• There are several services provided by PPP
– Address notification
– Authentication
– Link monitoring
– Multiple protocol support
Services Provided by PPP
• Address notification allows a sever to dynamically provide a
remote client with TCP/IP configuration that exists only for
that specific connection. Once the connection is released, so
is the IP configuration.
Authentication in PPP
• Authentication is provided through one of two
authentication protocols:
– The Password Authentication Protocol (PAP)
• Two-way handshake
• The machine attempting to log on will transmits user credentials in
plain text. That information is compared to the security database
on the machine being logged on to.
• PAP has a few weak points. The most significant weak is too easy
to be hacked.
Authentication in PPP
– Challenge Handshake Protocol (CHAP)
• Three-way handshake
• When CHAP is first configured on a client, the server provides it
with a string of code, known as secret. The server keeps a
database of the secrets it has assigned.
• The secret is used to verify the client during the authentication
process and is linked to user ID and password.
• Administrator can limit the number of failed challenges.
• CHAP still sends its information in plain text.
Point-to-Point Tunneling Protocol
• Provides for encrypted authentication and data
transfer
• Can encapsulate upper layer protocols such as IP or
IPX for transmission.
• On the receiving end, the data is stripped from the
packets, unencrypted, and reassembled.
• PPTP is used by virtual private network (VPN)
RDP and ICA
• Both are thin-client protocols.
– All applications and data are processed on remote server.
– Only screenshots of the results move across the wire.
• Remote Desktop Protocol (RDP) was developed by
Microsoft for NT Terminal Server and Windows 2000
server editions.
• Independent Computing Architecture (ICA) is a Citrix
protocol which is nearly identical to RDP.
Circuit Switching vs. Packet
Switching
• In a LAN, you have control over the entire process.
• In a WAN, you have to use service provided by the
third party.
Remote Connection Options
• The different services from the third party will come in one of two
basic forms:
• Circuit switching: Make a true physical connection from sender to receiver.
This is what happens in traditional telephone systems.
• Packet switching: (1) Split any data (i.e. message) into small packets, (2)
route those packets separately from sender to receiver, and (3) assemble them
again.
Circuit Switching Options
• Circuit switching is primarily the domain of voice
communication. This is because in voice communication,
having the packets arrive in sequence is critical to the quality
of the connections. There are two telecommunication
options:
– PSTN
• Public Switched Telephone Network
– Makes use of a modem
– Limited to 53.3Kb/s
– ISDN
• Integrated Services Digital Network
PSTN
• PSTN also known as POTS (plain old telephone service).
– You need a modem to convert your computer signal from digital to
analog.
– This analog signal is converted back to the digital signal at the
telecommunication switch center.
ISDN Options
• ISDN signal is digital from end to end.
• ISDN consists of at least two data channels (B channels) and
one channel for control data (D channel).
– Basic rate ISDN （BRI） is two 64K B channels and one 16K D channel.
– Primary rate ISDN (PRI) gives you up to twenty-three 64K B channels
and one 64K D channel.
ISDN Connection
• How you interconnect your system to the ISDN line will be
determined by your location
– In U.S., the U interface is used. The U interface only supports a single
device, and that device is Network Termination-1 (NT1)
– The NT1 will convert the incoming two-wire circuit to a four-wire S/T
interface. The S/T interface provide up to seven devices to access.
– In order to connect to the telephone line, you need a Terminal
Adapter (TA), such as modem to connect your computer to ISDN
network
Packet Switching Options
• The majority of the telecommunication network is done by
way of packet-switching technologies.
–
–
–
–
–
–
–
Cellular Digital Packet Data (CDPD)
General Packet Radio Service (GPRS)
WCDMA/3G
Bluetooth
Frame Relay
ATM
Sonet/SDH
T-lines and E-lines
• Digital Trunk Line (T1) is used to solve two problems:
– More calls can be made over a single twisted pair
– Increase the transmission distance with several repeater
• T1 lines combine 24 64K digital channels and sends them over
the a single carrier in frames. Each frame consists of one 8-bit
voice sample for each of the 24 channels plus one single
framing bit which makes a 193-bit frame.
• The throughput for T1 is 8000 x 193 = 1.544 Mb/s
T-lines and E-lines
• Fractional T1 is any combination of multiple 64K channels that
do not kill an entire T1 line.
– The Europe had a different vision, called the E1 line
T-lines and E-lines
• In order to connect to T1 network, you need to install a
channel service unit/data service unit (CSU/DSU)
– CSU transmits and receives signals from the WAN interface
– DSU takes those 193-bit frame and converts them into a frame your
computer can recognize.
Frame Relay
• It is based on the HDLC protocol. Data is moves over the wire
using HDLC frames
• Error correction is only done at end points.
– Relay devices are not involved in error maintenance.
• Since error correction is done at the end points of the link, an
intermediate device simply reads the frame deep enough to
extract addressing information. As soon as it has that, the
frame is on its way to the next stop. As a result, there is
extremely low latency.
Frame Relay
• With Frame relay, you can choose either a Virtual Circuit (VC)
or a Permanent Virtual Circuit (PVC)
– With VC, when a session is first established, the service provider’s
equipment will determine the best route and create a path from point
A to point B
– With PVC, a leased line is dedicated for you as long as you subscribe.
• With Frame Relay, if your bandwidth exceeds your committed
information rate (CIR), the discharge eligibility (DE) is set to 1.
If the network is congested, this frame will be discarded.
FDDI
• A data link protocol that provides up to
100Mb/s throughput
• Requires a dedicated line to be run
• Requires a long-term commitment
Asynchronous Transfer Mode
(ATM)
• High-speed fiber backbone
• Protocol independent
• Transmits data in 53-byte packets
– First 5 bytes are header information
– 48 bytes are payload.
• Provides speeds up to 622Mb/s
• ATM is a connection-oriented service
Asynchronous Transfer Mode
(ATM)
• ATM has 5 layers:
– Application - similar to OSI application layer
– High-Level Protocols –>agreement on the protocol
– Adaptation layer provides end-to-end service, sequencing
of packets, error detection and correction, and
synchronization
– ATM layer sets up and maintains the connections
– Physical layer  similar to OSI physical layer
Sonet/SDH
• Synchronous Optical Network (SONET) and Synchronous
Digital Hierarchy (SDH) are very similar technologies. They are
physical layer protocol.
• Provides speeds of 155Mb/s and 2.5Gb/s
• Mixes multiple protocols into a single carrier using time
division multiplexing
• A protection ring acts as a backup in case the primary ring fails
• The core architecture of the Internet
Sonet/SDH
• SONET network will be divided into three separate regions:
– Local collector ring provide access to the individual subscriber
– Regional network provide service to single service provider
– Broadband backbone moves data over the pipeline
Sonet/SDH
• Optical carrier level (OCx) is used to define throughput. OC1
represents the base rate of 51.84 Mb/s
Making the Connection
• Dial-up networking
– In My Computer in WIN9x
– Network and dial-up connections in WIN2K and later
– Dial-up uses PPP protocol
• Virtual private networks
– PPTP provides higher security
– Allows a user to access a remote network over the Internet
• Remote access services
– Allows a network administrator to manage remote access on the
server level