Different WAN Technologies And Their Comparisons Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Introduction

PART 1- Different WAN technologies and their comparisons

"Integrated Services Digital Network" ( ISDN ) it is a group of " ITU (CCITT)" standards which provide video, data transmission and voice services over "digital telephone network".( 301 book) Connections of ISDN provide full duplex digital communication or half between two points on dial up over telephone wire. Half duplex means that signals carry by communication channel is in only one direction. Full duplex means signal carry by communication channel simultaneously in both directions. Digital means data received in the form of ON -OFF. As compare with Analog connection digital connection incur lower errors. The services of ISDN purchased at different speeds like "64 Kbps, 128 Kbps, 256 Kbps and 512 Kbps". The most common service ISDN offer is 128 Kbps. It carry both data and voice also support dozen users simultaneous with good response rate (Dash,1999).

C:\Users\ASIF ULLAH\Desktop\isdnd.PNG

Figure Integrated Services Digital Network (ISDN)

Source: (ICOM, 1996-2000). 

ISDN basic rate provide two 64 Kbps channels which called bearer channels or B channels that carry data among two callers and 16 Kbps channel also called D or data channel which carry control signals eg ring telephone. D channel initiate calls digitally. 128 Kbps is now available in many geographic areas and connection charges come monthly. ISDN services installed by your telephone company and require telephone connection. We call this connection U-Loop which consists of two copper wires maximum length of 5.5 Km between yours and central telephone office. U-Loop is connecting to device" NT1 network termination 1" it has many purposes. First of all two twisted wire pairs used by companies to four wire connector which is found in telephone and lots of other telecommunication equipments. It work as translator as well like telephone company and local network it also provide power to telephone, fax if necessary. Technology of "ISDN also called digital subscriber line" (Dash,1999).

"Digital Subscriber Line" (DSL) its uses telephone line at high speed. On downstream to user end speed is up to 52 Mbps and from user side also known upstream 2.3 Mbps. ADSL "Asynchronous Digital Subscriber Line" is a common form of DSL. It offers similar speed as Leased T1 lines. It can support simultaneous user and data communications.

DSL allow users to use phone and internet at same time. For DSL service we need DSL modem that connects to telephone and computer (Dash,1999).

C:\Users\ASIF ULLAH\Desktop\DSL.PNG

Figure Digital Subscriber Line

Source: (Specall, 2008). 

This device act as modulator it translate digital signal of computer into telephone line to central hub called DSLAM "digital Subscriber Line Access Multiplier" (Kayne, 2003-2010). 

"Frame Relay" "within network cloud Frame Relay provide digital data communication service". Network cloud means any network you do not maintain. In frame relay network telecommunication carrier can maintain connection your sites. Generally frame relay take large geographical area like whole state. By creating Frame Relay Network each building must connect in your Frame Relay network cloud to the site which is maintain by your telecommunication provider. They use any WAN technology like TI lines.

C:\Users\ASIF ULLAH\Desktop\frame relay.PNG

Figure: Frame Relay

Source: (Real Time, 1998-2010). 

You can purchase frame relay in different speeds like 56 Kbps, 128 Kbps, and 1.544 Mbps. Operation of frame relay network is by sending information on circuit. It is a path which is establish for connection duration. The circuit is either PVCs permanent Virtual Circuits or SVCs Switched Virtual Circuits. Permanent Virtual Circuit is defined at time of configuration one point on WAN to every other point. Switched Virtual Circuit it is defined when connection initiated for example phone call. Advantage of Frame Relay is it requires few components to install and maintain. It is easy to expand. Frame relay is faster than ISDN and commonly available (Dash,1999).

"Asynchronous Transfer Mode" (ATM) It is high bandwidth technology developed by "ITU Telecommunication standards sector" ("ITU-TSS"). ATM forum responsible for ATM implementation and characteristics. It can be layered on physical technologies like "Fiber Distributed Data Interface" and "SONET". ATM has fixed length 53 byte cells. The length of ATM cell is uniform. Another ATM distinguishing feature is Asynchronous delivery it means that transmission does not occur periodically but in irregular intervals (Berg,1998).

C:\Users\ASIF ULLAH\Desktop\ATM1.PNG

Figure Asynchronous Transfer Mode

Source: (Quest, 2010). 

A technique used in ATM is called "Label Multiplexing time" slots are allow on demand.(book end) ATM is powerful but expensive network to carry video, voice and data to large organization. ATM provide LAN and as well as WAN technology. Frequently deployed for WANs. Speed of ATM is 1.54 Mbps to 622 Mbps. ATM has potential to carry high volumes of voice, video and data. Advantage of ATM are compare with FDDI it has higer speed (Berg,1998).

Technology Consideration for Lawyers Firm:

IP VPN

Internet Protocol "Virtual Private Network" (IP VPN) it is networking technology which connect more than one location and remote users. IP VPN replaced Frame relay, ATM and TDM based VPN services (Global Communication Group, 200-2009). VPN is private network which use resources of other networks to connect remote sites and users (Astro, 2008). IP VPN is the collection of technologies which ensure privacy over shared IP network. Privacy is achieved in many ways for data privacy most common form is encryption or partitioning of data for customers. For IP VPNs encryption is closely associated with IP security IPSec. IPSec is well developed standard combined into IP protocol. IPSec has two variant first one is Data encryption standard DES which use 56 bit key or Triple DES 3DES which means the 56 bit key apply three times strong security. Partitioning of data traffic used for IP VPNs associated with MPLS "Multi Protocol Label Switching". MPLS separate data traffic of one customer from another in shared network. Partitioning of data traffic is same as frame relay networking privacy method. IP VPNs uses an IP network. Data traffic which uses ATM or frame relay network is classified as VPN not an IP VPN (Steven Harris, 2002).

Multiple technologies and terms often associated with IP VPNs like encryption, RADIUS, firewall, authentication, tunnelling, IPSec, Extranet, MPLS and L2TP. Some of these technologies, functions and protocols may or may not a part of IP VPN implementation. 48% medium and large business using IP VPN. Main reason companies uses IP VPNs are remote access. IP VPNs is efficient to transport IP based application. There are some reasons why we deploy IP VPN. Security is on top of list. IP VPN uses Internet in secure way (Steven Harris, 2002).

C:\Users\ASIF ULLAH\Desktop\vpn sv.PNG

Figure Reason for IP VPN deployment

Source : ( Harris, 2002).

Benefits of IP VPN

Security:

MPLS uses RFs to provide secure environment use of unique RD which identifies customer traffic.

Reliability:

IP VPN is truly MPLS based service which built over fiber optic network its availability is whole year.

Flexibility:

Now you can access your business anywhere and anytime.

Cost Predictability:

Global crossing and various billing options which help your budgets and costs. By using your existing equipments you can save cost.

Ease of Management:

Within your network you can add sites without reconfiguring your routers.

High Bandwidth:

IP VPN provides high bandwidth with speed of 155 Mbps (Global Crossing, 2009).

PART 2 SECURITY WEAKNESSES / RISK AND RECOMENDATIONS:

Wide Area Network technology was developed it is simple easy to install and configure but also easy to attack. In lawyer firm two offices one Main Head office in Manchester branch and branch office Glasgow. Some security vulnerabilities between these below we will discuss these and will give suggestion and solution of these threats.

The Environment / Challenge:

In this Network system multiple or separate application are supported for example

Payroll

Web based application ( Email, file transferring etc)

Inventory control

Phone calls between HQ and Branch office

CCTV monitoring

Above some applications may be run over WAN or Internet including Voice, Inventory Control and Video. All these applications must be isolated from networking, server and each other. However the efficient infrastructure runs and combines all application from single server as well as from cost perspective it is also good. In given scenario we have two offices Head office which is based in Manchester and Branch office which is based in Glasgow as a firm it can handle legal documents and sensitive as well for that security is our high priority.

Security Risks:

For securing sensitive documents and legal data first one is criminal breaking of network via existing wireless equipments. For our system we must see and understand security holes entry points as well as weaknesses in to network. Major risk for WAN is inventory reader and barcode scanners. To secure these devices many companies claim that use clocking and masking. By using WEP key cracking it shows that clocking can slow hackers but you cannot stop to break the key. Another common threat to our internal network is an outsider. Outsider attacks are stealing of user name and password to access internal resources. They can crash operating system routing devices, email and DNS etc they all are affected by outsiders. Some Threats to computer system are:

Misuse of computer

Attacks on Network

Data loss

Computer viruses

Some kind of disaster like flood , fire etc

Some of theft hardware ( Irving, 2003).

Security Suggestions and Recommendations:

First of all define wireless and physical security policies these should address some techniques like manual procedures, firewalls, routers, limiting user access, backup of data regularly (Irving, 2003). The purpose of these policies to protect sensitive, valuable documents hardware and software's.

Policies for physical access:

Restricting to server rooms and equipments:

From unauthorized user's servers, gateways, routers, switches, bridges, and other equipments should be restricted.

Install Approved Equipments:

Install those equipments which should be approved and reliable.

AAA (Authentication, Authorization and Accounting):

Access control it is a way to control who will access network server what services they allowed to use when to access. "Authentication, Authorization and Accounting" (AAA) server provide primary framework by which you can setup control on router and access server. With modular way AAA provide performing following services (Cisco , 1992-2010). 

C:\Users\ASIF ULLAH\Desktop\aaa.PNG

Figure Typical AAA Network Configuration

Source: (Cisco, 1992-2010). 

Authentication: By this you can identify users it include login and password, response and challenge security protocols which you select and encryption. Authorization is a way in which a user is identified prior to access network and its services. By configuring AAA authentication define name and list of authentication methods (Cisco System Inc, 1992-2010).

C:\Users\ASIF ULLAH\Desktop\authentication.PNG

Fig Authentication process

Source: (Cisco , 2008).

Authorization: It can provide method of remote control access, enabling include one time or for each service authorization, support of user group and IP, IPX and Telnet. AAA authorization assemble some set of attribute that describe what and how user is authorize with a database these attribute are compared with given users (Cisco, 1992-2010).

Accounting: It provide a method of collecting, sending security information which is used for auditing, reporting billing, start time and stop time execution commands number of packets and bytes. Accounting can enable to track services which user accessing as well as how much network resources are consuming. While accounting is activated network access server can report to RADIUS security server. AAA uses RADIUS, KERBEROS and TACACS+ protocol (Cisco System Inc, 1992-2010).

Benefits of AAA:

It can increase control and flexibility

Scalability

Standard methods of authentication (RADIUS, TACACS+ and Kerberos) (Cisco, 1992-2010). 

Why Need of AAA Services:

Security of users to access network and ability dynamically define users profile gain access resources of network legacy back to dial access. AAA provide primary framework to network administrators to setup access and control on network entry points or access servers usually it is the function of access server or router. Authentication can identify user, authorization can determine what a user can do and accounting can monitors network usage. Information of AAA is stored in external database such as TACACS+ and RADIUS. As information can store locally at access server or router (Cisco, 1992-2001). 

.

Remote Access:

Dedicated offices must kept separate from other systems and no gateway rather than HQ. Our all external gateway and network interfaces should protect by firewall. Design of firewall management and implementation is responsibility of HQ. Change of management logs should maintain by HQ office. Firewall should update and review threats to HQ and protect them from those threats.

Implementation of Antivirus:

This is lawyer's firm policy to protect workstation, file servers and peripherals from virus infections. Antivirus software must install on computer and should be update. Both offices HQ and Branch office should install antivirus on all server and gateways. Before opening emails and files it should be scanned.

Intrusion Detection Software's:

It is security management for network. This system collects information and analyze within various areas of network which identify threats including intrusion as well as misuse. Data may be misused within organization. Intrusion detection use scanning this technique develops assesses security of network. For Lawyers firm i suggest to install such equipments applications which prevent documents and also track the intrusion attempts.

For network security another step is to conduct assessments of wireless vulnerability. To perform following steps assessments will be efficient

Properly detect existing threats and locate them

Compare the report which generated on different time

Automatically scan all vulnerabilities and enable zero day and attack protection.

In context of relevant regulatory and compliance map your wireless threats (Stallings,2006).

PART 3 PREVENTION FROM ANTIVIRUS AND MALICIOUS SOFWARES:

Malicious Software: Malicious software are computer program that take partial or full control of your computer system then whatever hacker or cracker want to do. Malicious software may be virus, spyware, ad ware worm all can damage data. Damages may be in shape of to change login detail then get full access to system. Authorized user does not know and hackers attack gets access to confidential data. Most malware require user initiate operation. Some malware can damage data and some just view confidential data. They install when user click OK on popup. It can install in any operating system. Since release of Agobot malware it has hundred variants. Latest version of Agobot has the ability perform service attack and steal password account detail and then propagate on network by using diverse exploits and use polymorphism for avoiding detection (Rhee,2003). 

ANTIVIRUS SOFTWARE: Antivirus is computer programs. The purpose of Antivirus is to infect system files. To protect every machine from Antivirus are difficult but not impossible there are some good Antivirus and anti malware available by many companies. For example KasperSky, panda, McAfee etc. All these software uses different approaches to detect and remove these viruses from system. Antivirus software using static and dynamic methods. They consist of two components: (Rhee,2003). 

Definition files: Files can hold information about types of viruses, information about various viruses' footprints specification and removing viruses. Definition a file has their own database to keep known viruses information.

The Engine: Engine can access definition files database to run virus scan it can clean file notify appropriate users account. Both these components must be update and get particular results (Rhee,2003). 

Security Recommendations:

Below are some security recommendations how to secure computer system, legal confidential data.

Reliable Antivirus should use for system

All patch files should update and install

Session must be locked when user not use

Configure system to automatically install and download updates

Don't save password in browsers

Don't left USB, soft copy to keep sensitive data because it can damage by virus

Don't write user name and password on paper.

PART 4 SECURE NETWORK SWITCHES BY USING 802.1X

IEEE 802.1X:

The working group of IEEE 802.11 passed 802.1X standard in 2001.It was passed to improve security in original 802.11 standards. 802.1x was planned to provide key management strong authentication and access control. 802.1x based on present authentication protocol which is known as "EAP" "Extensible Authentication Protocol". EAP is extension of Point to Point protocol. 802.1x is not tied to specific network scheme but it give basis for defining the authentication of user to network. EAP is maps by 802.1x to physical medium whether Ethernet or Wireless LAN. It has the ability to support Multiple Authentication techniques like token cards, on time password and Kerberos (Craiger,2002).

Mechanics of 802.1X:

There are main three components of 802.1x authentication.

Client

Authenticator

Authentication Server

C:\Users\ASIF ULLAH\Desktop\802 components.PNG

Figure IEEE 802.1x components

Source: (Cisco, 2008).

Authentication server is a "RADIUS" "Remote Authentication Dial In User Service" specifically it is not required by standard ( Craiger,2002).

Authentication process of 802.1x:

C:\Users\ASIF ULLAH\Desktop\802.1x authentication process.PNG

Figure Authentication process of 802.1x

Source: (Craiger, 2002).

Authentication is occurs as below:

For Authentication client send request to AP.

AP send request to client to provide identification, it block other traffic as HTTP, POP3 packets etc until AP verify client identity by using authentication server.

In this step client sends identity to authentication server.

By using appropriate algorithm authentication server verify client identity. If user is identified accept message will sent to AP if not the reject message to AP.

When client accept by authentication server then AP transition client port to authorized state (Craiger, 2002).

Using 802.1x in Lawyers firm:

In lawyers firm we use switches that support 802.1x protocol and should connect with Server room. As we know it transports authentication information by using extensible protocol. 802.1x uses standard technology to control network access. There are many departments in Lawyers firm like technical, accountancy, Lawyers office and security office 802.1x is true solution between these departments and server room.

Writing Services

Essay Writing
Service

Find out how the very best essay writing service can help you accomplish more and achieve higher marks today.

Assignment Writing Service

From complicated assignments to tricky tasks, our experts can tackle virtually any question thrown at them.

Dissertation Writing Service

A dissertation (also known as a thesis or research project) is probably the most important piece of work for any student! From full dissertations to individual chapters, we’re on hand to support you.

Coursework Writing Service

Our expert qualified writers can help you get your coursework right first time, every time.

Dissertation Proposal Service

The first step to completing a dissertation is to create a proposal that talks about what you wish to do. Our experts can design suitable methodologies - perfect to help you get started with a dissertation.

Report Writing
Service

Reports for any audience. Perfectly structured, professionally written, and tailored to suit your exact requirements.

Essay Skeleton Answer Service

If you’re just looking for some help to get started on an essay, our outline service provides you with a perfect essay plan.

Marking & Proofreading Service

Not sure if your work is hitting the mark? Struggling to get feedback from your lecturer? Our premium marking service was created just for you - get the feedback you deserve now.

Exam Revision
Service

Exams can be one of the most stressful experiences you’ll ever have! Revision is key, and we’re here to help. With custom created revision notes and exam answers, you’ll never feel underprepared again.