11

CONNECTING TO THE INTERNET

Chapter 5

Chapter 5: CONNECTING TO THE INTERNET 2

CHAPTER INTRODUCTION

List the types of routers used for Internet connections.

Describe the various WAN technologies used for Internet connections.

Understand the criteria used to select an ISP for a network Internet connection.

List the criteria for determining how much Internet bandwidth a network needs.

Determine the Internet access security requirements for a network.

Chapter 5: CONNECTING TO THE INTERNET 3

UNDERSTANDING INTERNET CONNECTIVITY ARCHITECTURE

Chapter 5: CONNECTING TO THE INTERNET 4

INTERNET ACCESS ROUTERS

Software Windows Server 2003

Any Microsoft operating system that supports ICS

Any operating system that provides firewall capabilities

Hardware Dedicated devices

Chapter 5: CONNECTING TO THE INTERNET 5

INTERNET CONNECTION TYPES

Dial-up modem

ISDN

CATV and DSL

Leased lines

Frame relay

Chapter 5: CONNECTING TO THE INTERNET 6

DIAL-UP MODEM CONNECTIONS

Maximum speed of 53 Kbps downstream, 33.6 Kbps upstream

Widely available

Requires standard phone line and modem

Inexpensive to implement and run

Chapter 5: CONNECTING TO THE INTERNET 7

ISDN

Dial-up technology

Requires specialized phone line and hardware

Available in two versions

BRI

128 Kbps

PRI

1.544 Mbps

Chapter 5: CONNECTING TO THE INTERNET 8

CATV AND DSL

CATV Available from cable TV providers.

Bandwidth varies depending on location and other users.

DSL Uses standard phone lines.

Consistent bandwidth.

Chapter 5: CONNECTING TO THE INTERNET 9

LEASED LINES

Always-on, high-speed digital connection

Requires special hardware, installation, and maintenance

Normally available in two variants

T-1 (also known as DS-1)

1.544 Mbps

T-3 (also known as DS-3)

44.736 Mbps

Chapter 5: CONNECTING TO THE INTERNET 10

FRAME RELAY

Still requires modem, leased line, or ISDN connection to ISP.

Allows you to more effectively manage ISP costs if they are charged on a usage basis.

Not all ISPs provide support for frame relay connections.

Chapter 5: CONNECTING TO THE INTERNET 11

INTERNET SERVICE PROVIDERS

Provide Internet access to business and residential customers

Provide related services such as web hosting, e-mail, and DNS server services

Organized into tiers depending on their proximity to the Internet backbone

Chapter 5: CONNECTING TO THE INTERNET 12

UNDERSTANDING ISP SERVICES

Multiple WAN support

IP addresses

DNS servers

E-mail services

Web hosting

Internet domain hosting

Chapter 5: CONNECTING TO THE INTERNET 13

DETERMINING INTERNET CONNECTIVITY REQUIREMENTS

How much bandwidth?

How many users?

What applications do the users need?

When is Internet bandwidth needed?

Where are the users located?

Chapter 5: CONNECTING TO THE INTERNET 14

HOW MUCH BANDWIDTH?

How many users will require Internet access at one time?

What applications will the users need?

When will the users need access to the Internet?

Where will the users be located?

How much incoming bandwidth will Internet servers require?

Chapter 5: CONNECTING TO THE INTERNET 15

HOW MANY USERS?

Not necessarily equivalent to the number of employees.

More accurate measure is how many computers, particularly in environments where computer systems may be shared.

Consider work habits such as employees working on a shift system.

Consider the type of Internet access required by different users.

Chapter 5: CONNECTING TO THE INTERNET 16

WHAT APPLICATIONS DO THE USERS NEED?

Some applications are more connection-intensive than others.

Consider implementing restrictions to limit the use of unauthorized or unnecessary applications.

Chapter 5: CONNECTING TO THE INTERNET 17

WHEN IS INTERNET BANDWIDTH NEEDED?

Daily schedule

Business model

Annual schedule

Chapter 5: CONNECTING TO THE INTERNET 18

WHERE ARE THE USERS LOCATED?

Influences placement of Internet connectivity solutions

Can have an effect on IP addressing schemes

Can have an effect on features such as NAT

Chapter 5: CONNECTING TO THE INTERNET 19

SECURING AND REGULATING INTERNET ACCESS

Most companies monitor Internet access by employees.

Some companies regulate what employees can access on the Internet.

Threats include viruses, information theft, and loss of productivity.

Chapter 5: CONNECTING TO THE INTERNET 20

DETERMINING INTERNET SECURITY REQUIREMENTS

Limiting applications

Limiting users

Regulating Internet access

Chapter 5: CONNECTING TO THE INTERNET 21

LIMITING APPLICATIONS

Using unregistered IP addresses through a firewall protects systems on the internal network from being contacted by systems on the Internet.

Port filtering can be used to prevent users from accessing applications from servers based on the TCP/IP port number.

Packet filters allow you to control what applications are accessible through the firewall or proxy server.

Chapter 5: CONNECTING TO THE INTERNET 22

LIMITING USERS

Two commonly implemented methods of limiting Internet access by users: Packet filtering

Authentication

Chapter 5: CONNECTING TO THE INTERNET 23

REGULATING INTERNET ACCESS

By using a software application like a proxy server, you can Monitor what users are accessing on the

Internet.

Identify excessive Internet use.

Block sites based on content.

Chapter 5: CONNECTING TO THE INTERNET 24

USING NETWORK ADDRESS TRANSLATION

Static NAT

Provides one-to-one translation between unregistered and registered IP addresses

Dynamic NAT

Provides many-to-many translation between unregistered and registered IP addresses

Masquerading NAT

Provides many-to-one translation between unregistered and registered IP addresses

Chapter 5: CONNECTING TO THE INTERNET 25

NAT SECURITY

Relies on basic methods and procedures to provide security

Is not a substitute for a full-featured firewall

Does not provide the capability to block based on traffic type

Does not protect against denial of service (DoS) attacks

Chapter 5: CONNECTING TO THE INTERNET 26

STATEFUL PACKET INSPECTION

Inspects the contents of each packet as it travels between interfaces running the stateful inspection software

Allows common threats to be identified and filtered

Provides ancillary services such as detailed logging

Chapter 5: CONNECTING TO THE INTERNET 27

PORT FORWARDING

Allows an internally hosted system to be accessed through NAT by an external system

Disguises the IP address of the internal system, which provides added security

Used to take advantage of features like load balancing and redirection

Chapter 5: CONNECTING TO THE INTERNET 28

USING A PROXY SERVER

Acts as an intermediary between client computers on a private network and servers on the Internet

Forwards all requests with the IP address of the proxy server external interface

Works only with specific client applications

Allows Internet access to be controlled and monitored

Chapter 5: CONNECTING TO THE INTERNET 29

USING MICROSOFT INTERNET SECURITY AND ACCELERATION SERVER 2000

Microsoft’s integrated proxy and firewall solution

Provides policy-based security

Requires users to authenticate before granting Internet access

Caches information retrieved from the Internet to improve performance

Chapter 5: CONNECTING TO THE INTERNET 30

SELECTING AN INTERNET ACCESS METHOD

NAT

Low security, low level of control

Proxy

High security, high level of control

Chapter 5: CONNECTING TO THE INTERNET 31

CHAPTER SUMMARY

Internet access routers can range from workstation computers to servers to dedicated hardware devices.

WAN technologies used to establish Internet connectivity include dial-up modems, ISDN, CATV, DSL, leased lines, and frame relay.

ISPs can provide a variety of services to business clients in addition to providing simple Internet access.

The Internet bandwidth needed by a network is based on the number of users and the types of applications they run.

Chapter 5: CONNECTING TO THE INTERNET 32

CHAPTER SUMMARY (continued)

An Internet connection is a gateway that can work in both directions, enabling Internet users to access your private network as well as allowing your users Internet access.

Most NAT implementations today use masquerading, a technique that maps unregistered IP addresses to a single registered IP address combined with a port number.

Proxy server products have evolved to now include an array of firewall and access-control features that provide comprehensive Internet security for a private network.