Wireless Internet Broadband

Questions and Answers

What type of radio spectrum is used to send/receive data via wireless technology?

• Licensed
• Unlicensed (correct)
• Regulated
• Exclusive

What is needed to connect to a municipal Wi-Fi network?

• Wireless modem (correct)
• Ethernet cable
• Wired modem
• Satellite dish

What does the acronym LTE stand for?

• Local Terminal Exchange
• Long-Term Evolution (correct)
• Long Term Enterprise
• Limited Technical Extension

Where are satellite internet services typically used?

Rural areas (C)

What is the primary installation requirement for satellite internet?

Clear view toward the equator (A)

What IEEE standard is WiMAX described in?

802.16 (D)

What is needed to access a WiMAX network?

WiMAX receiver (A)

What is a key function of a VPN?

Data encryption (B)

What is a primary benefit of using VPNs for organizations?

Cost savings (C)

In a site-to-site VPN, where are the configurations typically set?

Routers (D)

What is a characteristic of single-homed ISP connectivity?

No redundancy (D)

What benefits does dual-homed ISP connectivity provide?

Redundancy and load balancing (A)

What is a primary advantage of multihomed ISP connectivity?

Increased redundancy (C)

Which ISP connectivity option is described as the most resilient?

Dual-multihomed (A)

What is a disadvantage of cable broadband services?

Shared bandwidth (C)

What is a limitation of DSL broadband, relative to the ISP?

Distance sensitivity (A)

With what type of installation is Fiber-to-the-Home associated?

Fiber optic (A)

What determines if Municipal Wi-Fi is a viable option?

Availability and range (C)

Why is traffic on a VPN encrypted?

To keep the data confidential (A)

What type of device is a Cisco Adaptive Security Appliance (ASA)?

Firewall (C)

What is Cisco AnyConnect?

Software application (C)

What feature do modern VPNs support for network traffic?

Encryption (D)

What do VPN terminating devices create?

Secure tunnels (A)

A remote-access VPN is dynamically created to establish a secure connection between a client and what?

VPN terminating device (D)

What type of VPN connection is secured using a web browser SSL connection?

Clientless (B)

What protocol is the newer version of SSL?

TLS (C)

When is IPsec considered the superior choice over SSL?

When security is an issue (C)

Which of the following are Site-to-site VPNs used to connect?

Networks (D)

What is Generic Routing Encapsulation (GRE)?

A VPN tunneling protocol (A)

What type of access can mobile users securely have using remote-access VPNs?

Secure access to company email (C)

What feature do VPNs provide to ensure data remains protected from unauthorized access?

Advanced encryption (A)

What is a key characteristic of WiMAX technology?

Cell phone-like coverage (C)

What problem does coverage cause for wireless broadband?

Coverage is often an issue (C)

What data communication option does Satellite internet provide?

Two-way (upload and download) (A)

Where do users have to be located to access a WiMAX network?

30 miles (A)

What type of data is encrypted on a VPN?

Company Data (A)

What does VPN ensure?

Network data remains private (C)

How is VPN used to add multiple users into a network?

Easy to add new Users (D)

What is GRE?

Site-Site VPN (A)

What kind protocol is used for passenger?

All of the Above (D)

What is required to access satellite internet services?

Satellite dish and two modems (B)

What is the purpose of VPN tunnels?

To create virtual connections for VPNs (C)

What technology has largely replaced WiMAX for mobile access?

LTE (B)

What is the connection secured with in a clientless VPN connection?

Web browser SSL (D)

Which broadband option involves bandwidth being shared among users, often causing slower speeds during peak hours?

Cable (C)

Flashcards

Wireless Technology

Uses unlicensed radio spectrum to transmit and receive data.

Municipal Wi-Fi

Wireless networks setup by cities, providing free or low-cost internet access.

Cellular Service

Wireless WAN technology connecting users and remote locations.

3G/4G/5G Wireless

3rd, 4th and now 5th generations of mobile wireless tech.

LTE (Long-Term Evolution)

Part of 4G, a newer, faster mobile technology.

Satellite Internet

Internet access in rural areas via satellite dish.

WiMAX

Technology providing high-speed broadband with wireless access.

VPN (Virtual Private Network)

Technology for secure remote access to a corporate WAN.

VPN Cost Savings

Connects remote offices using the global internet.

VPN Security

Enhanced security using encryption and authentication.

VPN Scalability

Easily add new users through Internet Service Providers.

VPN Compatibility

Compatible with DSL and cable broadband.

Site-to-Site VPN

Configured on routers, clients unaware of encryption.

Remote Access VPN

User initiates a secure connection, like HTTPS.

Single-Homed

ISP connectivity with a single connection, lowest redundancy.

Dual-Homed

ISP connectivity via 2 links: redundancy & load balancing.

Multihomed

ISP connectivity with multiple connections to different ISPs.

Dual-Multihomed

Most resilient topology: redundant links to multiple ISPs.

Cable Drawbacks

Shared bandwidth cable upstream rates are slow during peak hours.

DSL Drawbacks

Limited bandwidth and distance-sensitive upload rates.

Fiber-to-the-Home

Requires direct fiber installation for home internet.

Cellular/Mobile Issues

Coverage is a major consideration with limited bandwidth.

Municipal Wi-Fi Issues

Mesh Wi-Fi not always available, range can be issue.

Satellite Issues

Expensive with limited capacity per subscriber.

Virtual Private Network (VPN)

Creates private connections across public networks.

Cisco AnyConnect

Software establishes client-based VPN connection.

VPN Security Benefits

Enhanced VPN security with encryption and security.

VPN Scalability Benefits

Add users without significant infrastructure changes.

Site-to-Site VPN

VPN gateways have preconfigured connection information.

Remote-Access VPN

Dynamically creates a secure client-to-device connection.

Enterprise VPNs

Site-to-site and remote access VPNs are managed by the enterprise.

Service Provider VPNs

Service provider creates and manages site-to-site VPNs.

Remote-Access VPNs

Remote access and secure enterprise connectivity.

Clientless VPN connection

Secured browser connection with SSL to protect HTTP traffic.

Client-based VPN connection

VPN client software installed on remote user devices.

SSL VPNs Use TLS

Connects with Transport Layer Security; newer SSL version.

IPsec vs. SSL

IPsec supports all IP-based apps; SSL supports web and file sharing.

IPsec vs. SSL Authentication

IPsec uses two-way authentication; SSL uses one or two-way.

IPsec vs. SSL Key Lengths

IPsec uses key's from 56 to 256; SSL uses keys from 40 to 256.

Connection Complexity

IPsec requires VPN client; SSL only requires a web browser.

Site-to-Site IPsec VPNs

Connects networks via untrusted internet; traffic is unencrypted.

GRE over IPsec

Non-secure site-to-site VPN tunneling that encapsulates network protocols.

Passenger protocol

The encapsulate packet; can be IPv4, IPv6, or a router update.

Carrier protocol

Carrier Protocol encapsulates the passenger packets.

Transport protocol

The protocols actual used and need to forward package.

Study Notes

Wireless Internet-Based Broadband

• Wireless technology uses the unlicensed radio spectrum for sending and receiving data.
• The unlicensed spectrum is accessible to anyone with wireless tech and a wireless router.
• Wireless access was initially limited by local transmission range, usually within 100 feet of a wireless router with a wired internet connection.
• Municipal Wi-Fi networks in cities often provide high-speed internet access for free or at a reduced cost.
• Some municipal Wi-Fi networks cater exclusively to city employees such as police and firefighters, enabling them to perform specific job functions remotely.
• Subscribers connect to municipal Wi-Fi using a wireless modem, which offers a more powerful radio and directional antenna compared to standard wireless adapters.
• Service providers may offer the required equipment at no cost or for a fee, similar to DSL or cable modems.
• Cellular service represents another wireless WAN technology used for connecting remote sites and users where other WAN access methods are unavailable.
• Users of smartphones and tablets can utilize cellular data for email, web browsing, app downloads, and video streaming.
• Various devices, including phones, computers, and routers, utilize radio waves to connect to the internet via cellular technology, communicating through nearby mobile phone towers.
• The provider's antenna is larger and situated on a tower within miles of the phone, while devices have smaller radio antennas.

3G/4G/5G Wireless Technologies

• These are abbreviations for 3rd, 4th, and the emerging 5th generation mobile wireless technologies, and they support wireless internet access.
• 4G bandwidths support download speeds of up to 450 Mbps and upload speeds of up to 100 Mbps.
• The emerging 5G standard is expected to deliver speeds from 100 Mbps to 10 Gbps and faster.

Long-Term Evolution (LTE)

• LTE represents a newer, faster technology as part of the fourth generation (4G) technology.

Satellite Internet

• Typically used in rural or remote locations where cable and DSL are unavailable.
• Satellite internet access necessitates a satellite dish, two modems (uplink and downlink), and coaxial cables connecting the dish and modem.
• A router links to a satellite dish directed toward a service provider satellite, positioned in geosynchronous orbit in space.
• Signals travel approximately 35,786 kilometers (22,236 miles) to the satellite and back.
• A clear view towards the equator, where most orbiting satellites are located, is a primary installation requirement due to potential signal interference from trees and heavy rain.
• Satellite internet provides two-way data communication for uploads and downloads.
• Upload speeds are about one-tenth of download speeds, which range from 5 Mbps to 25 Mbps.

WiMAX (Worldwide Interoperability for Microwave Access)

• Emerging recently and defined by IEEE standard 802.16.
• WiMAX offers high-speed broadband service with wireless access, delivering extensive coverage akin to a cellular network rather than localized Wi-Fi hotspots.
• WiMAX functions similarly to Wi-Fi but faster, spanning greater distances, and serving more users.
• Users must subscribe to an ISP with a WiMAX tower within 30 miles of their location to access a WiMAX network.
• This also involves acquiring a WiMAX receiver along with a specific encryption code to gain access to the base station.
• LTE, cable, or DSL for fixed access have largely replaced WiMAX for mobile access.

VPN Technology

• Security concerns emerge when remote office workers or teleworkers utilize broadband services to access the corporate WAN through the internet.
• Broadband services offer Virtual Private Network (VPN) connections to a network device at the corporate site to address these concerns.
• A VPN is an encrypted connection between private networks via a public network.
• Instead of a dedicated Layer 2, VPNs use virtual connections known as VPN tunnels.
• VPN tunnels are routed through the internet, connecting the company’s private network with the remote user or site.

Benefits of using VPN

• Cost savings: VPNs enable organizations to connect remote offices and remote users to the main corporate site using the global internet, eliminating the need for dedicated WAN links and modem banks.
• Security: VPNs offer high security using advanced encryption and authentication protocols, safeguarding data from unauthorized access.
• Scalability: VPNs utilize the internet infrastructure within ISPs and devices, enabling easy addition of new users and large amount corporations can add large amounts of capacity without adding significant infrastructure.
• Compatibility with broadband: VPN technology is supported by broadband services like DSL and cable, enabling mobile workers and telecommuters to use their high-speed home internet to access corporate networks.
• Cost effective: High-speed broadband connections of business-grade offer a cost-effective solution for connecting remote offices.
• Site-to-site VPNs: VPN settings configured on routers with clients unaware their data is encrypted.
• Remote Access: User initiates remote access with HTTPS or VPN client software.

ISP Connectivity Options

Single-Homed ISP Connectivity

• Organizations use in cases where internet access is not crucial to their operations.
• Employs a single link, providing no redundancy, making it the least expensive option.

Dual-Homed ISP Connectivity

• Dual-homed ISP connectivity: organizations use in situations where internet access is somewhat crucial.
• The client connects to the same ISP using two links, providing both redundancy and load balancing.
• In case of one link failing, the remaining link carries the traffic.
• When both links are functional, traffic load is balanced between them.
• The organization loses internet connectivity if the ISP experiences an outage.

Multihomed ISP Connectivity

• It is used by organizations when internet access is crucial.
• The client connects to two different ISPs.
• It increases redundancy and enables load-balancing but can be expensive.

Dual-Multihomed ISP Connectivity

• It is the most resilient topology.
• The client connects with redundant links to multiple ISPs.
• Provides the most redundancy possible.
• It is the most expensive option.

Broadband Solutions Compared

• Fiber-optic cable: The ideal broadband solution that is directly connected to the client network,
• Locations may have only one option like cable or DSL, or broadband wireless.
• Cable: Shared bandwidth which results in slow upstream data rates during peak usage.
• DSL: Limited bandwidth with distance sensitivity; lower upload rate proportionately.
• Fiber-to-the-Home: Fiber installation directly installed at the home.
• Cellular/Mobile: Coverage issues and limited bandwidth in smaller offices.
• Municipal Wi-Fi: Most municipalities do not have a mesh Wi-Fi network
• Satellite: High costs and limited capacity per subscriber, suitable when no other options available.

Virtual Private Network

• To secure network traffic between sites and users, use virtual private networks (VPNs).
• Creates end-to-end private network connections.
• Transfers information within a private network but is transported through a public network encrypted to keep the data confidential.
• Cisco Adaptive Security Appliance (ASA) firewall helps organizations provide secure, high-performance connectivity.
• VPNs and always-on access for remote branches and mobile users and SOHO (small office home office.
• VPNenabled router can provide VPN connectivity back to the corporate main site.
• Cisco AnyConnect is software that remote workers can use for VPN connection with the main site.

VPN Benefits

• Support encryption through Internet Protocol Security (IPsec) and Secure Sockets Layer (SSL) VPNs to secure network traffic between sites.
• Cost Savings: cost-effective, high-bandwidth technologies, organizations use VPNs to reduce connectivity costs while increasing remote connection bandwidth.
• Security: high-level security through encryption and authentication protocols protect data.
• Scalability: using the internet, making it easy to add new users and VPNs can be implemented across a wide variety of WAN link options.
• Site-to-Site VPN: VPN terminating devices, also called VPN gateways, are preconfigured with information to establish a secure tunnel VPN traffic is only encrypted between these devices.
• Remote-Access VPN: A remote-access VPN is dynamically created to establish a secure connection between a client and a VPN terminating device.

Enterprise and Service Provider VPNs

• Enterprise VPNs enterprise-managed are a common solution for securing enterprise traffic across the internet.
• Site-to-site and remote access VPNs are created and managed through IPsec and SSL VPNs.
• Service Provider VPNs provider services managed over provider network.
• The provider uses Multiprotocol Label Switching (MPLS) at Layer 2 or Layer 3 to create secure channels between an enterprise’s sites effectively segregating traffic from other customers.

Remote Access VPNs

• Remote-access VPNs enable remote and mobile users to securely connect to the enterprise through an encrypted tunnel
• Replicate enterprise security access, including e-mail and network apps
• Allow contractors and partners limited access to servers, web pages, or files

Types of VPN Connections

Clientless VPN connection

• Secured using a web browser SSL connection.
• SSL protects HTTP traffic (HTTPS).
• Also protects email protocols such as IMAP and POP3.
• HTTPS employs HTTP using an SSL tunnel.
• HTTP data exchanged after SSL connection.

Client-based VPN connection

• VPN client software such as Cisco AnyConnect Secure Mobility Client (install on user’s device).
• Authentication to destination VPN gateway
• Authorized users access applications and corporate files.

SSL VPNs

• When connecting to VPN gateways use Transport Layer Security (TLS).
• TLS is newer version of SSL (expressed as SSL/TLS).
• SSL uses public key infrastructure and digital certificates to authenticate peers.
• Both IPsec and SSL VPN technologies accessing networks and resources and depend on access types of IT processes.

Comparing IPSec and SSL Remote Access

Applications Supported

• IPsec: Supports all IP-based applications.
• SSL: Limited to file sharing and web-based Apps.

Authentication strength

• IPsec: Strong with 2-way authentication via shared keys or digital certificates.
• SSL: Moderate using one- or two-way authentication.

Encryption Strength

• IPsec: Strong, with key lengths ranging from 56 to 256 bits.
• SSL: Moderate to Strong with key lengths ranging from 40 to 256 bits.

Connection Complexity

• IPsec: Medium, requires a preinstalled VPN client.
• SSL: Low, only requiring a web browser.

Site-to-Site IPsec VPNs

• Connect networks across an untrusted network, and hosts send/receive unencrypted TCP/IP traffic through terminating device (VPN gateway).
• A VPN gateway is a router or firewall.
• Cisco Adaptive Security Appliance (ASA) is a standalone firewall.
• Combines firewall, VPN concentrator, intrusion prevention into software.
• VPN gateway encapsulates and encrypts outbound traffic sent through a VPN tunnel over the internet.

GRE over IPsec

• Generic Routing Encapsulation is a non-secure site-to-site VPN tunneling protocol that encapsulates various network layer protocols.
• Supports multicast and broadcast traffic for routing protocols, but lacks encryption.
• Standard IPsec VPN can only create secure tunnels for unicast traffic routing protocols; do not exchange routing information over an IPsec VPN.
• Tunnel terms include passenger protocol, carrier protocol, and transport protocol.
• Transport protocol forwards packaets.
• Passenger protocol is encapsulated by GRE.
• Carrier Protocol encapsulates the original packet