Wireless Internet and Municipal Wi-Fi Networks

Questions and Answers

What spectrum is used by wireless technology to transmit data?

• Infrared spectrum
• Licensed radio spectrum
• Microwave spectrum
• Unlicensed radio spectrum (correct)

What is a typical limitation of early wireless access regarding range?

• Up to 1000 feet
• Up to 500 feet
• Up to 50 feet
• Up to 100 feet (correct)

What is the purpose of municipal Wi-Fi networks?

• Control traffic signals
• Offer high-speed internet freely or at a reduced cost (correct)
• Monitor air quality
• Provide internet access only to government employees

What piece of equipment is typically needed to connect to a municipal Wi-Fi network?

A wireless modem (D)

What is cellular service used for in the context of wireless WAN technology?

Connecting users and remote locations where other WAN access isn't available (A)

What do phones and tablets use to communicate through the internet via cellular technology?

Radio waves (C)

What does 'LTE' stand for in the context of wireless technology?

Long-Term Evolution (D)

Where is satellite internet typically used?

In rural or remote locations (D)

What is needed to access satellite internet services?

A satellite dish and two modems (B)

What is a primary requirement for installing a satellite internet antenna?

Clear view toward the equator (B)

What is WiMAX?

A technology that provides high-speed broadband service with wireless access (C)

How does WiMAX operate in comparison to Wi-Fi?

Faster speeds, greater distances, more users (B)

What is the primary function of a VPN?

To provide an encrypted connection for network traffic (C)

What is a key benefit of using VPNs for organizations?

Cost savings by using the global internet (C)

What is the main characteristic of a 'site-to-site' VPN?

VPN settings are configured on routers (D)

In which ISP connectivity option does the client connects to the ISP using one link?

Single-homed (B)

Which ISP connectivity provides no redundancy?

Single-homed (B)

Which ISP connectivity option is the least expensive solution?

Single-homed (D)

In which ISP connectivity option does the client connects to the same ISP using two links?

Dual-homed (B)

Which ISP connectivity topology provides both redundancy and load balancing?

Dual-homed (A)

In which ISP connectivity option does the client connects to two different ISPs?

Multihomed (B)

Which ISP connectivity options can enables load-balancing?

Multihomed and Dual-multihomed (B)

Which ISP connectivity is the most resilient topology?

Dual-multihomed (D)

Which ISP connectivity topology provides the most redundancy possible?

Dual-multihomed (B)

Which ISP connectivity is the most expensive option?

Dual-multihomed (A)

Which broadband solution has bandwidth shared by many users, leading to slower upstream during high-usage hours?

Cable (A)

Which broadband solution's bandwidth is limited and distance-sensitive?

DSL (B)

Which solution requires fiber installation directly to the home?

Fiber-to-the-Home (B)

What is a common issue with cellular/mobile broadband option?

Coverage Issues (D)

When is satellite broadband typically used?

When no other broadband option is available (C)

What action describes a virtual private network?

It provides an encrypted connection over a public network. (D)

What does a VPN help protect?

VPNs provide the highest level of security available, by using advanced encryption and protocols that protect data from unauthorized access. (A)

What security appliance is used to secure VPNs for remote branches and mobile users?

Cisco Adaptive Security Appliance (ASA) (C)

What software can remote workers use to establish client-based VPN connections?

Cisco AnyConnect (C)

What feature of VPNs helps to secure connections between sites?

Internet Protocol Security (IPsec) (A)

When are cost savings achieved with VPNs?

By increasing connection bandwidth (D)

Which devices typically require preconfigured information to establish a secure tunnel in Site-to-Site VPNs?

VPN gateways (B)

Which of the following is true for internal hosts in a Site-to-Site VPN?

Internal hosts have no knowledge that a VPN is being used (B)

When is a remote access SSL VPN commonly used?

Checking your banking information online (B)

How can VPNs be managed and deployed?

Enterprise and Service Provider VPNs. (D)

What protocol does Clientless VPN connection use to secure it's connection?

A web browser SSL connection . (D)

What is the function of a VPN gateway in a site-to-site IPsec VPN?

To encrypt and encapsulate outbound traffic. (B)

What type of data does a WiMAX provide?

It provides a high-speed broadband service. (B)

What does 'LTE' stand for?

Long-Term Evolution (D)

Which of the following is a characteristic of the unlicensed radio spectrum used by wireless technology?

It's accessible to anyone with a wireless router. (D)

What is needed to access a WiMAX network?

A WiMAX receiver and special encryption code (D)

Flashcards

Unlicensed Radio Spectrum

Wireless technology uses this spectrum to transmit/receive data freely.

Municipal Wi-Fi

Wireless internet provided by cities, often free or low cost.

3G/4G/5G Wireless

Mobile technology standards enabling wireless internet access.

Long-Term Evolution (LTE)

Refers to a more recent, faster generation (4G) mobile technology.

Satellite Internet

Internet access using a satellite dish, modems, and coaxial cables.

WiMAX

High-speed broadband service using wireless access, broad coverage like a cell network.

Virtual Private Network (VPN)

Encrypted connection over a public network to ensure secure communication.

VPN Cost Savings

Connect remote offices using the global internet, reducing expenses.

VPN Security

VPNs use encryption and authentication to protect data.

VPN Scalability

VPNs allow easy addition of new users within ISP infrastructure.

VPN Compatibility

VPNs support broadband services like DSL and cable.

Site-to-site VPN

VPN settings configured on routers, clients unaware of encryption.

Remote Access VPN

User initiates remote access connection (e.g., HTTPS to a bank).

Single-homed ISP

Internet access through one ISP link, least expensive.

Dual-homed ISP

Connects to one ISP using two links for redundancy and load balancing.

Multihomed ISP

Connects to two different ISPs for increased redundancy and load balancing.

Dual-multihomed ISP

Most resilient setup, redundant links to multiple ISPs.

Fiber-to-the-Home

Requires direct fiber installation.

Cellular/Mobile

May have coverage issues, bandwidth can be limited.

Municipal Wi-Fi

May not be widely deployed, but viable if available.

Satellite

Expensive with subscriber capacity limits.

Virtual Private Network (VPN)

Creates end-to-end private connections for secure traffic.

Cisco ASA Firewall

Firewall that helps secure connectivity for remote branches/users.

Cisco AnyConnect

Software for remote workers to establish client-based VPN connections.

Clientless VPN connection

It secures HTTP(S) & protocols like IMAP and POP3 via an SSL tunnel.

Client-based VPN connection

VPN client software needed, users authenticate to VPN gateway.

SSL VPNs

Uses TLS, public key infra, digital certificates for peer authentication.

Site-to-Site IPsec VPNs

Connects networks across untrusted networks with TCP/IP traffic encrypted.

GRE over IPsec

GRE doesn't support encryption, unlike IPsec ones.

Passenger protocol

Original packet encapsulated by GRE

Carrier protocol

It is the carrier protocol that encapsulates the original passenger protocol.

Transport protocol

Protocol used to forward the packet (IPv4 or IPv6).

Study Notes

Wireless Internet-Based Broadband

• This technology transmits and receives data using the unlicensed radio spectrum.
• Anyone with a wireless router and compatible technology can access the unlicensed spectrum.
• Wireless access was limited to a local transmission range, typically within 100 feet of a wireless router with a wired internet connection.

Municipal Wi-Fi

• Many cities are establishing municipal wireless networks.
• These networks often provide high-speed internet access for free or at a reduced cost. Some networks are for city use, allowing police, fire departments, etc. to remotely perform their duties.
• Connecting to municipal Wi-Fi generally requires a wireless modem.
• Wireless modems provide a stronger radio and directional antenna compared to standard wireless adapters.
• Service providers may offer necessary equipment for free or for a fee, similar to DSL or cable modems.

Cellular

• Cellular service provides wireless WAN used to connect users and remote locations.
• Smartphones and tablets can use cellular data for email, web browsing, apps, and videos.
• Devices use radio waves to communicate through a nearby mobile phone tower, with the provider having a larger antenna at the top of the tower within miles of the device.

3G/4G/5G Wireless

• These are mobile wireless technology abbreviations for 3rd, 4th, and 5th generations.
• 4G standards support bandwidths up to 450 Mbps download and 100 Mbps upload.
• Emerging 5G standards should support 100 Mbps to 10 Gbps and beyond.

Long-Term Evolution (LTE)

• LTE is a newer, faster technology and part of the 4th generation (4G).

Satellite Internet

• Typically used in rural or remote areas where cable and DSL are unavailable.
• Accessing satellite internet requires a satellite dish, two modems (uplink and downlink), and coaxial cables between the dish and the modem.
• A router connects to a satellite dish pointed towards a service provider's satellite.
• Signals travel approximately 35,786 kilometers (22,236 miles) to and from the satellite in geosynchronous orbit.
• The antenna needs a clear view toward the equator, where most orbiting satellites are located.
• Heavy rains and trees can affect signal reception.
• Satellite internet offers two-way data communication.
• Upload speeds are about one-tenth of the download speed.
• Download speeds range from 5 Mbps to 25 Mbps.

WiMAX

• WiMAX is a new wireless technology.
• WiMAX is described in IEEE standard 802.16.
• WiMAX provides high-speed broadband service with wireless access and broad coverage, similar to a cell phone network.
• WiMAX operates at higher speeds and over greater distances than Wi-Fi, for more users.
• Accessing a WiMAX network requires subscribing to an ISP with a WiMAX tower within 30 miles of the user's location.
• A WiMAX receiver and encryption code are also needed to access the base station.
• WiMAX has largely been replaced by LTE for mobile access, and by cable/DSL for fixed access.

VPN Technology

• Security risks emerge when teleworkers or remote office workers use broadband to access the corporate WAN over the Internet.
• Broadband services address these risks by providing Virtual Private Network (VPN) connections to a network device at the corporate site.
• A VPN provides an encrypted connection between private networks across a public network like the Internet.
• VPNs use virtual connections called VPN tunnels rather than dedicated Layer 2 connections.
• VPN tunnels route traffic through the internet from the company's private network to a remote site or employee host.

VPN Benefits

• Cost saving: VPNs enable organizations to utilize the global internet to connect remote offices and remote users to the corporate site, eliminating expensive, dedicated WAN links and modem banks.
• Security: VPNs employ advanced encryption and authentication protocols to deliver top-tier security, safeguarding data against unauthorized access.
• Scalability: The internet infrastructure within ISPs facilitates the addition of new users, allowing corporations to scale capacity without substantial infrastructure investments.
• Compatibility - VPN is supported by broadband service providers. VPNs enable telecommuters to utilize their home high-speed internet access to connect across corporate networks

Types of VPN Implementation

• Site-to-site VPN: VPN settings configured on routers, clients remain unaware that data is being encrypted.
• Remote Access: Users initiate remote access connection, such as through HTTPS or with VPN client software.

ISP Connectivity Options

• ISP connectivity options provide various levels of redundancy and resilience for internet access.

Single-Homed

• A single-homed connection uses one link to connect to an ISP.
• The topology provides no redundancy.
• This is the least expensive option.

Dual-Homed

• Dual-homed connectivity uses two links to connect to the same ISP.
• The topology provides redundancy and load balancing.
• If both links are operational, traffic can be load balanced.
• The organization loses internet connectivity if the ISP experiences an outage.

Multihomed

• Multihomed connectivity connects to two different ISPs.
• The design provides increased redundancy and enables load balancing.
• It can be expensive.

Dual-Multihomed

• Dual-multihomed is the most resilient topology.
• The client connects with redundant links to multiple ISPs.
• This topology provides the most redundancy.
• It is the most expensive option.

Broadband Solution Comparison

• Each broadband solution has its own advantages and disadvantages.
• The solution is to have fiber-optic cable to the client network.
• Some locations only have cable or DSL: some only have broadband wireless.

Factors to Consider: Cable

• Cable TV bandwidth is shared by users, resulting in slow upstream data rates during peak hours.

Factors to Consider: DSL

• DSL has limited bandwidth sensitive to distance from the ISP central office, with proportionally lower upload rates compared to download rates.

Factors to Consider: Fiber-to-the-Home

• This option requires fiber installation to the home.

Factors to Consider: Cellular/Mobile

• Cellular and mobile options often have limited coverage and bandwidth within small office or home settings.

Factors to Consider: Municipal Wi-Fi

• Municipal Wi-Fi may not be widely deployed in a mesh network, but is viable if available and in range.

Factors to Consider: Satellite

• A final consideration is that satellite is typically used as a last resort and provides expensive, limited capacity.

Virtual Private Networks

• VPNs are used to secure network traffic between sites/users.
• VPN creates end-to-end private network connections as an encrypted connection across a shared public network.
• Corporate site uses a Cisco Adaptive Security Appliance firewell, and remote and mobile users can use Cisco's AnyConnect software.
• SOHO remote users can connect via VPN connectivity to the corporate main site.

Cisco AnyConnect

• Secure Mobility Client software allows remote workers to establish client-based VPN connections with the main site.

VPNs - Site-to-Site

• VPN devices are preconfigured to establish a secure tunnel.
• The VPN encrypts only the traffic between the VPN terminating devices. The internal data hosts have no knowledge of a VPN being used on a company network.

VPNs - Remote Access

• Remote-access VPNs establish secure connections between clients and a VPN terminating device.
• An example uses SSL VPN to secure your data when banking online.

VPN Enterprise Managed

• Secures enterpise trrafic across internet. Site-to-site and remote accesss VPNs are created via IPsec and SSL VPNs.

VPN Service Provider

• These VPNs, managed over the provider network, use MPLS at Layer 2 or 3. MPLS creates secure channels between sites, segregating traffic. Legacy solutions include Frame Relay and ATM.

Remote-Access VPNs

• Remote-access VPNs encrypted tunnels that enable remote access to the enterprise.
• These allow remote email and other applications with limited security access to contractors and partners.

Clientless VPN and Client-Based

• With clientless VPN connections, connections are secured by SSL web browser connections. SSL is used for HTTP traffic, and secure email protocols such as, IMAP and POP3, with SSL-tunnelling exchange of HTTOP data.
• Client-based VPN connection: VPN client software, like Cisco AnyConnect, has to be installed on the computers. Remote users must initiate with VPN client which authenticats the gateway with access to files and applications.

SSL VPNs

• Clients negotiate an SSL VPN connection with the VPN gateway, it uses TLS.
• TLS is a newer version of SSL and is sometimes expressed as SSL/TLS.
• SSL uses the public key infrastructure and digital certificates to authenticate peers.
• IPsec and SSL VPN technologies offer access to applications.
• Support and ease of implementation issues use SSLs: use Type based upon access requirements of users.

IPsec VPNs

• Supports all IP based applications.
• Uses two way authentication with security keys/digital certs.
• Strong, using key length from 56-256 bits.
• Medium install, from VPN client on host.

SSL VPNs

• Limited applications.
• Moderate one/two way authentication.
• Moderate to strong keys of 40-256 bits.
• No install, uses web browser.

Site-to-Site IPsec tunnels

• Connect networks over the Internet where normal TCP/IP traffic goes through VPN terminating devices and gateways. Cisco ASA is a standalone example with integrated firewall.

IPsec tunnels

• The VPN gateway encrypts outbound traffic and sends traffic to a target site. The VPN gateway then strips the headers before decrypting and relays the packets toward the host on its private network.
• Typical configuration uses IPsec and GRE.

GRE over IPsec

• GRE allows sites to encapsulate data various layers (network) and supports traffic using multicast and broadcast for the routing protocols to operate over a VPN without encryption support.
• IPsec VPN can create unicast traffic routes. Routing protocols can't exchange information over an IPsec VPN where the encapsulation of GRE use many protocols.

Protocol terms

• Passenger - Original packet to be encapsulated with IPv4 and IPv6, updates to its routers, etc.
• Carrier - Encapsulation by passenger packets.
• Transport - Actual protocol to forward the packet using IPv4 or IPv6. For example, displaying a topology with interchanged OSPF protocols using GRE tunneling.