Wireless Internet & Broadband

Questions and Answers

What spectrum does wireless technology use to transmit data?

• Unlicensed radio spectrum (correct)
• Licensed radio spectrum
• Microwave spectrum
• Infrared spectrum

What is a typical range limitation of early wireless access points?

• 100 feet (correct)
• 200 feet
• 1000 feet
• 500 feet

What is the purpose of municipal Wi-Fi networks?

• Provide high-speed internet for free or at a reduced cost (correct)
• Only used during emergencies
• Exclusively provide services to schools
• Provide internet access for a fee

What does a subscriber typically need to connect to a municipal Wi-Fi network?

A wireless modem with a strong antenna (D)

What is cellular data primarily used for on smartphones and tablets?

Email, web surfing, app downloads, streaming videos (C)

What do phones, tablets and computers use to connect to the internet via cellular technology?

Radio waves and mobile phone towers (C)

What does LTE stand for?

Long-Term Evolution (C)

Where is satellite internet typically used?

Rural areas and in remote locations (C)

What equipment is needed to access satellite internet services?

A satellite dish, two modems, and coaxial cables (A)

What is a primary installation requirement for satellite internet?

Having a clear view toward the equator (A)

What type of service does WiMAX provide?

High-speed broadband with wireless access (B)

How does WiMAX operate in comparison to Wi-Fi?

Higher speeds, greater distances (D)

What is needed to access a WiMAX network?

A subscription to an ISP with a WiMAX tower nearby (C)

What has largely replaced WiMAX for mobile access?

LTE (A)

What is a key purpose of VPN technology?

Securing data over the internet (B)

What type of connections does VPN use?

Virtual connections called VPN tunnels (D)

What is one of the cost savings benefits of using VPNs?

Using the internet instead of expensive WAN links (C)

What type of VPN implementation involves VPN settings configured on routers?

Site-to-site VPN (C)

What type of VPN requires user awareness and initiation for remote access?

Remote Access VPN (B)

What is a characteristic of single-homed ISP connectivity?

No redundancy (B)

What is a main benefit of dual-homed ISP connectivity?

Provides both redundancy and load balancing (C)

What is a key advantage of multihomed ISP connectivity?

Increased redundancy and load-balancing (A)

What is the most resilient ISP connectivity topology?

Dual-multihomed (D)

What factor often causes slower data rates using cable broadband during peak hours?

Shared bandwidth among many users (B)

What bandwidth limitation is DSL sensitive to?

Distance from the ISP central office (C)

What is a key benefit of fiber-to-the-home internet?

Requires fiber installation directly to the home (C)

What is a typical challenge that affects cellular/mobile internet coverage?

Coverage issues often arise (A)

Why is satellite internet usually a last resort?

Low capacity (D)

What is the primary function of a Virtual Private Network (VPN)?

To secure network traffic between sites and users (A)

How does a VPN ensure that traffic remains private?

By encrypting the data (B)

How can Cisco AnyConnect be described?

Software to connect to a client-based VPN (C)

What is a characteristic of encryption features, such as Internet Protocol Security (IPsec) and Secure Sockets Layer (SSL)?

Support encryption features (D)

What is provided with costs savings benefits of a modern VPN?

Advents of bandwidth technologies (D)

What is the role of VPN gateways in a site-to-site VPN?

To establish a secure tunnel between preconfigured devices (C)

What type of VPN is dynamically created?

Remote-Access VPN (D)

Remote-access VPN is used when a user needs what?

Establish a Secure Connection (A)

What is one benefit of having remote users securely connecting when using remote-access VPNs?

Secure replication of access (B)

What kind of connection is used with Clientless VPN?

Web browser secured with an SSL (A)

Why would you consider SSL over IPsec?

Requires less skill (D)

How would Clientless VPN connection secure information?

Use HTTPs (B)

What is the typical range one needed to be within for early wireless access points?

Around 100 feet. (D)

What does a wireless modem provide for connecting to a municipal Wi-Fi?

A stronger radio and directional antenna. (A)

How do devices communicate to the internet using cellular technology?

Via radio waves to a mobile phone tower. (A)

What is 'LTE' related to?

Fourth Generation (4G) technology. (C)

What is needed when accessing satellite internet services?

A satellite dish, two modems, and coaxial cables. (A)

Flashcards

Wireless Technology

Wireless technology uses the unlicensed radio spectrum to send and receive data.

Municipal Wi-Fi

Many cities provide high-speed internet access through municipal wireless networks, often at low or no cost.

Cellular Service

A wireless WAN technology allowing users to connect and use cellular data for various online activities.

3G/4G/5G Wireless

Abbreviations for mobile wireless technologies that support wireless internet access.

Long-Term Evolution (LTE)

A newer, faster technology that is part of the fourth generation (4G) technology.

Satellite Internet

Used in remote areas, needs dish, modems (uplink/downlink), and cables.

WiMAX

High-speed broadband service that offers wide coverage like a cell phone network via IEEE 802.16.

VPN Technology: Security risks

Security risks when a remote worker uses broadband to access a corporate WAN over the internet.

Virtual Private Networks Function

Provide secure connections to a network device, often at the corporate site, to address security concerns using VPN tunnels.

VPN Security

VPNs provide high security using encryption and authentication protocols protecting data from unauthorized access.

VPN Scalability

Because VPNs use the internet infrastructure within ISPs, it is easy to add new users and capacity.

Site-to-site VPN

VPN settings configured on routers, clients unaware data is encrypted.

Remote Access VPN

User initiates a connection. e.g., using HTTPS. Or, user runs VPN client software to connect and authenticate.

Single-homed

ISP connectivity: Client connects through a single ISP link, providing no redundancy and representing the least expensive option.

Dual-homed

ISP connectivity: The client connects to the same ISP using two links for redundancy and load balancing.

Multihomed

The client connects to two different ISPs providing increased redundancy and enabling load-balancing.

Dual-multihomed

The most resilient topology, using redundant links to multiple ISPs, is the most expensive option.

Fiber-to-the-Home

Requires direct fiber installation to the home.

Cellular/Mobile broadband

Often has coverage issues and potentially limited bandwidth.

Municipal Wi-Fi

May not be widely deployed; viability depends on availability and range.

Satellite broadband

Expensive, offers limited capacity per person. Often needed where there are no other options.

Virtual Private Network (VPN)

Uses virtual networks (VPNs) to create private network connections that encrypt data over public networks.

Cisco AnyConnect

Software that remote workers use to establish a client-based VPN connection.

VPN Costs Savings

Cost-effective, high bandwidth that reduces connectivity costs while increasing bandwidth.

VPN Scalability

VPN enables security and ease of user addition

Site-to-site VPN

VPN terminating devices, or gateways, establish a secure tunnel when information is preconfigured.

Remote-Access VPN

VPN created dynamically to secure Client-Device communication.

VPN Management

VPNs can be managed and deployed as Enterprise or Service Provider managed.

Enterprise VPNs

A common solution for securing enterprise traffic across the internet.

Service Provider VPNs

Created and managed by the provider over their network, often using MPLS for secure channels.

Remote-Access VPN

Let mobile and remote users connect to the enterprise securely, creating an encrypted tunnel.

Clientless VPN connection

Secured web browser SSL connection and protects HTTP traffic (HTTPS) and email protocols like IMAP and POP3.

Client-based VPN connection

Requires install of client software. User starts VPN with the client, then authenticates.

SSL VPN & TLS

SSL VPN negotiates the connection using Transport Layer Security (TLS); TLS is the newer version of SSL.

SSL Authentication

Uses public key infrastructure and digital certificates to verify users.

Site-to-Site IPsec VPNs

Secure connections for networks by sending and receiving unencrypted TCP/IP traffic through a device.

GRE over IPsec

A non-secure VPN tunneling protocol that encapsulates various network layer protocols.

Passenger protocol

Is the original packet encapsulated by GRE; could be IPv4/IPv6 packet.

Carrier protocol

It Encapsulates the original passenger packet within the GRE protocol.

Transport protocol

The protocol to forward the encapsulated data, such as IPv4 or IPv6.

Study Notes

Wireless Internet Based Broadband

• Wireless technology transmits and receives data using the unlicensed radio spectrum.
• The unlicensed spectrum is accessible using a wireless router and wireless technology enabled devices
• Previously, wireless access was limited to a local transmission range of approximately 100 feet from a wireless router or modem with a wired internet connection.
• Municipal Wi-Fi networks are being implemented in cities to provide free or low cost, high speed internet access.
• Subscribers connect to municipal Wi-Fi using a wireless modem with a stronger radio and directional antenna compared to standard adapters.
• Service providers often offer free equipment or charge a fee similar to DSL or cable modems.
• Cellular service is a wireless WAN tech for connecting users and remote locations where other WAN access is unavailable
• Smartphones and tablets use cellular data for email, web browsing, apps, and video streaming.
• Phones, tablets, laptops, and routers can access the internet via cellular technology.
• Communication happens through a nearby mobile phone tower via radio waves.
• Devices have small radio antennas, providers use larger antennas on towers within miles of the device.

3G/4G/5G Wireless

• Abbreviations for 3rd, 4th and 5th generation wireless technologies that support wireless internet access.
• 4G standards support bandwidths up to 450 Mbps download and 100 Mbps upload.
• Emerging 5G standard should support 100 Mbps to 10 Gbps and beyond.

Long-Term Evolution (LTE)

• A newer and faster 4G technology.

Satellite Internet

• Typically used in rural/remote area
• Requires: a satellite dish, two modems (uplink/downlink), and coaxial cables.
• A router connects to a service provider satellite via a satellite dish in geosynchronous orbit.
• Signals travel about 35,786 kilometers (22,236 miles) to the satellite and back.
• The antenna must have a clear view toward the equator where orbiting satellites are located.
• Trees and heavy rain can impact signal reception.
• Satellite internet provides two-way data communications.
• Upload speeds are ~1/10 of download speeds.
• Download speeds are between 5 Mbps and 25 Mbps.

WiMAX (Worldwide Interoperability for Microwave Access)

• A new technology using IEEE standard 802.16.
• Provides high-speed broadband wireless access with broad coverage which is similar to a cell phone network, not Wi-Fi hotspots.
• Operates similarly to Wi-Fi, but faster, over greater distances and users.
• It uses a network of cell-tower like WiMAX towers.
• Access requires subscribing to an ISP within 30 miles of a WiMAX tower, a WiMAX receiver, and an encryption code.
• WiMAX has been replaced by LTE for mobile access and cable/DSL for fixed access.

VPN Technology

• Security risks arise when teleworkers or remote office workers use broadband to access the corporate WAN over the internet.
• Broadband services offer Virtual Private Network (VPN) connections to a network device at the corporate site to address security concerns.
• A VPN is an encrypted connection between private networks using VPN tunnels.
• It transmits over a public network like the internet, rather than a dedicated Layer 2 connection.
• VPN traffic is routed through the internet from the company's private network to a remote worker.

Benefits of VPNs:

• Cost savings, enabling organizations to use the internet for remote connections rather than expensive dedicated WAN links.
• Security through encryption and authentication protocols that protect data.
• Scalability, due to using the internet infrastructure.
• Compatibility with broadband technology such as DSL and cable.
• Business-grade broadband connections are a cost-effective way to connect remote offices.

Common VPN Implementations:

• Site-to-site VPN configures VPN settings on routers, so clients are unaware of encryption.
• Remote access VPN is initiated by the user like using HTTPS in a browser or a VPN client.

ISP Connectivity Options

• Single-homed ISP connectivity is used when internet access isn't very important.
• A client connect to the ISP using only one link.
• The topology offers no redundancy at the lowest cost.
• Dual-homed ISP connectivity is used when internet access is somewhat crucial.
• The client links to one ISP via two connections providing redundancy and load balancing.
• If one link fails, the other can carry traffic and the load can be balanced across operational links.
• However, the organization loses internet connectivity if the ISP has an outage.
• Multihomed ISP connectivity is used when internet access is crucial.
• The client connects to 2 ISPs improving redundancy using load balancing at a higher cost.
• Dual-Multihomed is the most reliable setup
• The client uses redundant links to connect to multiple ISPs.
• It offers the best redundancy, but is the most expensive option.

Broadband Solution Comparison

• All broadband options have advantages and disadvantages.
• The best solution is direct fiber optic cable to client network.
• Locations might have only cable or DSL
• Some locations only have broadband wireless options
• Factors include cable, bandwidth sharing leads to slower upload speeds during busy times in over-subscribed area
• DSL is distance sensitive, it has limited bandwidth, and lower upload speed.
• Fiber-to-the-Home requires installation of fiber directly to the home.
• Cellular/Mobile coverage is an issue even in a small office, where bandwidth is limited.
• Municipal Wi-Fi availability is limited, viable if available and in range.
• Satellite is expensive, offers limited capacity/user, used if no other option is available.

Virtual Private Network

• VPNs secure network traffic between sites/users, creating end-to-end private connections.
• A VPN is a private network over a public network (i.e. the internet).
• Data is encrypted for confidentiality during transit across the public network.
• Cisco Adaptive Security Appliance (ASA) firewall provides secure, high-performance connectivity including VPNs and always-on access for remote branches and mobile users
• SOHO means: small office home office - A VPN-enabled router offers VPN back to the cooperate site.

Cisco AnyConnect:

• Software that remote workers use to establish a client-based VPN connection with the main site.
• Modern VPNs now support encrypted features, such as Internet Protocol Security (IPsec) and Secure Sockets Layer (SSL) VPNs to secure network traffic between sites.
• Reduced connectivity through cost effective high-bandwidth technologies
• High-level security, protection from unauthorized access.
• Easy to add new users.
• VPNs are implemented across many WAN links/ broadband lines

Site-to-Site VPNs

• Created using VPN terminating devices (VPN gateways)
• Preconfigured information to establish a secure tunnel.
• Only VPN traffic is encrypted.
• Internal hosts have no knowledge that a VPN is being used.

Remote-Access VPN

• Dynamically establishes a secure connection between a client and a VPN terminating device.
• A remote access SSL VPN is used when checking banking information online.

VPNs

• Can be managed and deployed as enterprise and service provider VPNs.
• VPNs for securing enterprise traffic across the internet
• Site-to-site and remote access VPNs are created and managed using IPsec and SSL VPNs.
• Service provider managed VPNs are made and monitored over a provider network
• Multiprotocol Label Switching (MPLS) is used on layer 2/3 to create secure paths between sites.
• MPLS is routing technology for virtual paths through site.
• Legacy solutions include Frame Relay and Asynchronous Transfer Mode(ATM) VPNs.

Types of VPNs

• Remote-access VPNs provide a solution for remote access to many reasons
• Remote and mobile users connect securely due to the encrypted tunnel.
• This allows remote users to replicate their enterprise security access to email/network applications
• Remote access VPNs provide controlled access to specific sites when needed for partners/contracts

Clientless VPN Connection

• Connect via web browser SSL connections.
• SSL protects HTTP traffic (HTTPS) and email protocols (IMAP/POP3).
• HTTPS is HTTP using an SSL tunnel.
• The SSL connection is established first, then HTTP data is exchanged.

Client-Based VPN Connection

• VPN client software is installed on the remote user's device such as using Cisco AnyConnect Secure Mobility Client.
• Users must initiate the VPN connection and authenticate to the VPN gateway.
• Remote users can access corporate files the have been authenticated.

SSL VPNs

• A client negotiates a SSL VPN connection with VPN gateway and connects using Transport Layer Security (TLS).
• TLS is the newer version of SSL and is sometimes expressed as SSL/TLS.
• SSL authentication of connected users via the public key infrastructure and digital certificates to authenticate peers.
• VPN technologies such as IPsec and SSL will offer access to virtually any network access/resource.
• If security is the primary concern, use IPsec or if support/deployment is preferred use SSL
• Selection is made on organization needs.

IPsec and SSL Remote Access Deployments

• IPsec has extensive application support, strong authentication (two-way authentication) uses 55+ bit length encryption. The medium complexity that requires client pre-installation
• SSL has limited application support, moderate authentication (one/two way authentication), moderate/strong with 40+ bit length medium only uses web browser can connect

Site-to-Site IPsec VPNs

• Used to connect networks throughout the internet.
• TCP/IP is unencrypted traffic.
• A VPN terminating point is usually a gateway in device/router/firewall.
• Examples of devices include a Cisco Adaptive Security Appliance
• VPN Gateway protects traffic
• Encrypts outside bound traffic.
• It then sends the traffic through a VPN tunnel over the internet to VPN gateway (Destination)
• Receiving VPN gateway strips the headers, decrypts content, and sends packet towards the target.

GRE over IPsec

• Generic Routing Encapsulation (GRE) is a site-to-site VPN tunneling protocol that isn't secured.
• It can encapsulate network layer protocols (including unicast and multicast which might be needed.)
• Doesn't support encryption and does not provide a true VPN secured/tunnel.

IPsec VPN

• It can only secure tunnel for unicast traffic
• Routing protocol will not exchange routing information over an IPsec VPN.
• Passenger protocol is for the first packet to encapsulate by GRE.
• For example an IPv4/IPv6 packet might be transported with a router update.
• Carrier protocol encapsulates the original packet.
• GRE is a protocol that encapsulates passenger packet
• Transport protocol's will actually be used to forward the packet could be IPv4 or IPv6