WANS and Their Components

Wide area networks (WANs) are considerably different than LANs. Organizations usually own their own LANs, but WAN services are typically leased; it's not feasible to have your network guy run a cable from New York to Dallas. WANs are concerned with the long-haul transmission of data and connect remote devices; the Internet is a good example of a WAN. WAN data transmissions typically cost more per megabyte than LAN transmissions. WAN technologies can be divided into two broad categories: packet switching and circuit switching.

Packet Switching

Packet-switched networks share bandwidth with other devices. Packet-switched networks divide data into packets and frames. These packets are individually routed among various network nodes at the provider's discretion. They are considered more resilient than circuit-switched networks and work well for on-demand connections with bursty traffic. Each packet takes the most expedient route, which means they might not all arrive in order or at the same time. Packet switching is a form of connectionless networking.

X.25

X.25 is one of the original packet-switching technologies. Although it is not fast, with speeds up to 56Kbps, it is reliable and works over analog phone lines.

Frame Relay

Frame Relay is a virtual circuit-switched network. It is a kind of streamlined version of X.25. Frame Relay controls bandwidth use with a committed information rate (CIR). The CIR specifies the maximum guaranteed bandwidth that the customer is promised. The customer can send more data than is specified in the CIR if additional bandwidth is available. If there is additional bandwidth, the data will pass; otherwise, the data is marked discard eligibility (DE) and is discarded. Frame Relay can use permanent virtual circuits (PVCs) or switched virtual circuits (SVCs). A PVC is used to provide a dedicated connection between two locations. A SVC works much like a phone call, in that the connection is set up on a per-call basis and is disconnected when the call is completed. Switched virtual circuits are good for teleconferencing, for phone calls, and when data transmission is sporadic.

Asynchronous Transfer Mode (ATM)

ATM is a cell-switching-based physical-layer protocol. It supports high-bandwidth data needs and works well for time-sensitive applications. Because the switching process occurs in hardware, delays are minimized. ATM uses a fixed 53-byte cell size. ATM can be implemented on LANs or WANs.

ATM is being surpassed by newer technologies, such as Multiprotocol Label Switching Architecture (MPLS). MPLS designers recognized that data didn't need to be converted into 53-byte cells. MPLS packets can be much larger than ATM cells. MPLS can provide traffic engineering and allows VPNs to be created without end-user applications.

Voice over IP (VoIP)

VoIP is carried on packet-switched networks in IP packets. Networks that have been configured to carry VoIP treat voice communications as just another form of data. Companies are moving to VoIP because of major cost savings. However, using VoIP is not without risks; as a network service, it is vulnerable in some of the same ways as other data traffic. Attackers can intercept the traffic, hack the VoIP server, or launch a DoS attack against the VoIP server and cause network outages. Another consideration is that the vulnerabilities of the operating system that the VoIP application is running on are inherited.

Circuit Switching

Circuit switching comes in either analog or digital configurations. Today the most common form of circuit switching is the Plain Old Telephone Service (POTS), but Integrated Services Digital Network (ISDN), T-carriers, and digital subscriber line (DSL) are also options.

Plain Old Telephone Service (POTS)

POTS is a voice-grade analog telephone service used for voice calls and for connecting to the Internet and other locations via modem. Modem speeds can vary from 9600bps to 56Kbps. Although the POTS service is relatively inexpensive and widely available, it offers only low data speeds.

Integrated Services Digital Network (ISDN)

ISDN is a communication protocol that operates similarly to POTS, except that all digital signaling is used. Although it was originally planned as a replacement for POTS, it was not hugely successful. ISDN uses separate frequencies called channels on a special digital connection. It consists of B channels used for voice, data, video, and fax services, and a D channel used for signaling by the service provider and user equipment. Keeping the D signaling data separate makes it harder for attackers to manipulate the service. The D channel operates at a low 16Kbps; the B channels operate at a speed up to 64Kbps. By binding the B channels together, ISDN can achieve higher speeds. ISDN is available in two levels: Basic Rate Interface (BRI) 128Kbps and Primary Rate Interface (PRI) 1.544Mbps.

T-Carriers

T-carrier service is used for leased lines. A leased line is locked in between two locations. It is very secure, but users pay a fixed monthly fee for this service, regardless of use. The most common T-carrier is a T1. A T1 uses time-division multiplexing and consists of 24 digital signal 0 (DS0) channels. Each DS0 channel is capable of transmitting 64Kbps of data; therefore, a T1 can provide a composite rate of 1.544Mbps. T3s are the next available choice. A T3 is made up of 672 DS0s and has a composite data rate of 45Mbps. For those who don't need a full T1 or a full T3, fractional service is available. A fractional T-line is just a portion of the entire carrier. Table 6.2 details common T-carrier specifications and contrasts them with POTS, ISDN, and DSL.

Table 6.2. T-Carrier Specifications

Service

Characteristics

Maximum Speed

POTS dial-up service

Switch line; widely used

56Kbps

ISDN BRI digital

Requires a terminal adaptor; can be costly

128Kbps

ISDN PRI digital

Requires a terminal adaptor; can be costly

1.54Mbps

DSL

Typically asymmetric; downloads faster than uploads

up to 52Mbps

T1

Dedicated leased line; 24 bundled phone lines

1.54Mbps

T3

Dedicated leased line; 28 bundled T1s

44.736Mbps

 

Digital Subscriber Line (DSL)

DSL is another circuit-switching connectivity option. Most DSLs are asymmetric, which means that the download speed is much faster than the upload speed. The theory is that you usually download more than you upload.

DSL modems are always connected to the Internet; therefore, you do not have to dial in to make a connection. As long as your computer is powered on, it is connected to the Internet and is ready to transmit and receive data. This is the primary security concern of DSL. Unlike the usual lengthy connection time used for dial-up service, no waiting time is involved. An advantage of the DSL is that it maintains more of a fixed speed than cable modems typically do. Table 6.3 details the different DSL types.

Table 6.3. DSL Types and Speeds

Name

Data Rate

Mode

Distance

IDSL (Internet digital subscriber line)

160Kbps

Duplex

18,000 ft., 24AWG

HDSL (High-data-rate digital subscriber line)

1.544Mbps

2.048Mbps

Duplex

Duplex

12,000 ft., 24 AWG

SDSL (Symmetric digital subscriber line)

1.544Mbps

2.048Mbps

Duplex

Duplex

10,000 ft., 24 AWG

ADSL (Asymmetrical digital subscriber line)

1.59Mbps

16640Kbps

Down

Up

9,00018,000 ft., 24 AWG

VDSL (Very-high-data-rate digital subscriber line)

1352Mbps

1.52.3Mbps

Down

Up

1,0004,500 ft., 24 AWG

 

Cable Modems

Cable Internet access refers to the delivery of Internet access over the cable television infrastructure. The Internet connection is made through the same coaxial cable that delivers the television signal to your home. The coaxial cable connects to a special cable modem that demultiplexes the TCP/IP traffic. This always-on Internet connection is a big security issue if no firewall is used. One of the weaknesses of cable Internet access is that there is a shared amount of bandwidth among many users. Cable companies control the maximum data rate of the subscriber by capping the maximum data rate. Some unscrupulous individuals attempt to uncap their line to obtain higher speeds. Uncappers are almost always caught and can be prosecuted because cable Internet providers check for this daily.

Another lingering concern is that of the loss of confidentiality. Individuals have worried about the possibility of sniffing attacks. Most cable companies have addressed this issue by implementing the Data Over Cable Service Interface Specification (DOCSIS) standard. The DOCSIS standard specifies encryption and other security mechanisms that prevent sniffing and protect privacy.

The CISSP Cram Sheet

A Note from Series Editor Ed Tittel

About the Author

Acknowledgments

We Want to Hear from You!

Introduction

Self-Assessment

The CISSP Certification Exam

Physical Security

Security-Management Practices

Access-Control Systems and Methodology

System Architecture and Models

Telecommunications and Network Security

Applications and Systems-Development Security

Operations Security

Business Continuity Planning

Law, Investigations, and Ethics

Cryptography

Practice Exam 1

Answers to Practice Exam 1

Practice Exam 2

Answers to Practice Exam 2



CISSP Exam Cram 2
CISSP Exam Cram 2
ISBN: 078973446X
EAN: 2147483647
Year: 2003
Pages: 204
Authors: Michael Gregg

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net