Wireless Internet & Broadband Technologies

Questions and Answers

Wireless technology uses which spectrum to send data?

• Microwave spectrum
• Licensed radio spectrum
• Unlicensed radio spectrum (correct)
• Infrared spectrum

What is a typical limitation of older wireless access?

• Requirement to be within the transmission range of a router (correct)
• Requirement for licensed spectrum
• Unlimited range
• High cost

What is the purpose of municipal Wi-Fi networks?

• To provide free or low-cost internet access within a city (correct)
• To control traffic lights
• To broadcast television signals
• To monitor weather conditions

What is needed to connect to a municipal Wi-Fi network?

A wireless modem (C)

What is the function of cellular service?

To connect users and remote locations wirelessly (C)

What do 3G, 4G, and 5G refer to?

Generations of mobile wireless technology (C)

What is the typical download bandwidth of 4G?

Up to 450 Mbps (D)

What is the minimum download bandwidth that the 5G standard should support?

100 Mbps (D)

What does LTE stand for?

Long-Term Evolution (A)

In what areas is satellite internet typically used?

Rural or remote locations (C)

What is needed to access satellite internet services?

A satellite dish (B)

What can affect the reception of satellite internet?

Trees and heavy rain (A)

What is the main purpose of WiMAX?

To provide high-speed broadband service with wireless access (B)

How does WiMAX operate in comparison to Wi-Fi?

At higher speeds and over greater distances (D)

What is needed to access a WiMAX network?

A WiMAX receiver and encryption code (D)

What has largely replaced WiMAX for mobile access?

LTE (C)

What do broadband services provide to address security concerns?

Virtual Private Networks (VPNs) (B)

What is a VPN?

An encrypted connection between private networks over a public network (D)

Which of the following is a benefit of using a VPN?

Improved cost savings (C)

How do VPNs enhance security?

By using advanced encryption and authentication protocols (C)

Which option describes a site-to-site VPN?

VPN settings are configured on routers. (D)

What action defines remote access in VPNs?

The user is aware and initiates the connection. (C)

What is a characteristic of single-homed ISP connectivity?

No redundancy (B)

When is single-homed ISP connectivity suitable?

When internet access is not crucial (D)

What does dual-homed ISP connectivity provide?

Both redundancy and load balancing (A)

What is a disadvantage of dual-homed ISP connectivity?

Internet outage if the ISP fails (C)

What is a key feature of multihomed ISP connectivity?

Connection to two different ISPs (D)

What benefit does multihomed ISP connectivity offer?

Increased redundancy and load balancing (D)

What is a drawback of multihomed ISP connectivity?

Expensiveness (B)

Which ISP connectivity topology is the most resilient?

Dual-multihomed (C)

Which ISP configuration is the most expensive?

Dual-Multi-Homed (C)

What is a disadvantage of cable internet connections?

Shared bandwidth (C)

What is a limitation of DSL internet?

Distance sensitivity (A)

With which internet option is coverage often an issue, even within a small office?

Cellular/Mobile (D)

Which internet option requires fiber installation directly to a residence?

Fiber-to-the-Home (A)

Which internet option is typically used when there are no other available choices?

Satellite (C)

What is the main purpose of using a VPN?

To secure network traffic between sites and users (D)

What term describes how a VPN protects data?

By encrypting the data (B)

What functionality does the Cisco Adaptive Security Appliance (ASA) provide?

Secure, high performance connectivity, including VPNs (D)

What is Cisco AnyConnect used for?

Establishing client-based VPN connections (A)

Modern VPNs support which security encryption features?

IPsec and SSL (B)

What is a key characteristic of Site-to-Site VPNs?

VPN gateways are preconfigured (A)

What is a key feature of remote-access VPN?

Dynamic creation (A)

Which broadband internet option may have slower upstream rates during peak hours due to shared bandwidth?

Cable (A)

What is the primary reason for using VPNs?

To provide a solution for connecting remote offices and users securely (C)

What is the purpose of 'SSL' in clientless VPN connections?

To secure the connection (C)

What is the function of a VPN gateway in a site-to-site VPN?

To encrypt and decrypt traffic (C)

Which type of ISP connectivity is the least expensive and provides no redundancy?

Single-homed (D)

Flashcards

Wireless technology

Uses unlicensed radio spectrum to transmit and receive data.

Municipal Wi-Fi

Wireless networks set up by cities, offering free or low-cost internet access.

Cellular data

Wireless WAN technology that allows users to connect to the internet.

3G/4G/5G Wireless

Wireless technology standards (3rd, 4th, 5th generation) supporting mobile internet access.

Long-Term Evolution (LTE)

Newer, faster technology as part of the 4th generation (4G) technology.

Satellite Internet

Internet access via satellite dish, modems, and coaxial cables, for rural or remote areas.

WiMAX

Technology described in IEEE standard 802.16 that provides high-speed broadband service with wireless access.

VPN Technology

Encryption technology to provide secure access to a corporate WAN over the internet.

VPN

Encrypted connection between private networks over a public network like the internet.

Site-to-site VPN

VPN type where settings are configured on routers, encrypting data without client awareness.

Remote Access VPN

VPN type initiated by the user for secure remote access.

Single-homed ISP

Organization uses only one ISP to connect to the internet.

Dual-homed ISP

Organization connects to the same ISP using two links providing redundancy and load balancing.

Multihomed ISP

An organization uses connects to two different ISPs for increased redundancy and load-balancing.

Dual-multihomed ISP

The client connects with two redundant links to multiple ISPs.

Fiber-to-the-Home

This requires fiber installation directly to the home.

Cellular/Mobile

Wireless coverage with bandwidth that is often limited.

Satellite Internet

Expensive option with limited capacity per subscriber, often as last resort.

Virtual Private Network

Uses virtual private networs to create secure, end-to-end private network connections.

Cisco ASA Firewall

A firewall that helps organizations with high security and always on access.

Cisco AnyConnect

Software that remote workers can use to establish client-based VPN connections.

VPN Scalability

Use the internet, easy to add new users without adding infrastructure.

VPN Compatibility

VPN connections can be implemented across WAN options and can take advantage of highspeed connections.

Site-to-Site VPN

VPN's are preconfigured with secure tunnel information between sites. VPN traffic is encrypted between devices.

Remote-Access VPN

A VPB is dynamically created from the connection of a VPN Terminating Device. SSL VPNs are used when checking bank information.

Remote-Access VPNs

This lets remote and mobile users securely connect to the enterprise through an encrypted tunnel.

Clientless VPN connections

The connections secured using a web browser's SSL connections. Mostly used to protect HTTP traffic (HTTPS).

Client-based VPN connection

VPN client software such as cisco AnyConnect that is installed on a remote users device.

Transport Layer Security (TLS)

The newest version of SSL and expressed as SSL/TLS

IPsec Applications

Only allows the applications with IP addresses to be supported.

IPsec Authentication

The use of two to way authentication with shared keys and security certifications.

SSL Data integrity.

Low level encryption of bits to secure key lengths and protect data.

SSL Applications

Provides limited features like web-based applications but does not affect file security.

Connection Options.

The uses of a device for specific purposes with specified limitations.

Site-to-site IPsec VPNS

Creates an untrusted network across the internet in the VPN ending sending and receiving data.

VPN Gateway Device.

A device firewall is designed to protect the VPN and the network connected to it.

Cisco Adaptive Security Appliance (ASA)

A firewall that has built in protection and intrusion prevention system for VPN Gateways and Networks.

VPN Traffic

The VPN Gateway encrypts and encapsulates outbound traffic through the VPN Tunnel at the destination.

GRE over IPsec.

A non-secure site-to-site tunneling protocol that encapsulates all network layer protocols with multicast and broadcast traffic.

Carrier protocol

GRE is the carrier protocol the encapsulates the passenger protocol.

Transport protocol

This is the actual protocol used to forward data.

GRE over IPsec VPN

Uses IPv4 and IPv6 packets and has OSPF routing information. Does not support Multicast transport traffic.

Passenger protocol

This is the original packet that is encapsulated by GRE, this also includes router information.

Study Notes

Wireless Internet-Based Broadband

• Wireless technology can send and receive data via the unlicensed radio spectrum.
• Anyone with a wireless router and technology can use this unlicensed spectrum.
• Wireless access was limited to the transmission range of a wireless router or modem, typically under 100 feet, until recently.

Municipal Wi-Fi

• Many cities are establishing municipal wireless networks.
• Municipal Wi-Fi networks offer high-speed internet access at no cost or at a significantly reduced price point.
• Some networks are for city use only, enabling remote work for police, fire departments, and city employees.
• Connecting to municipal Wi-Fi typically requires a wireless modem with a stronger radio and directional antenna than standard wireless adapters.
• Service providers offer the necessary equipment for free or for a fee, similar to DSL or cable modems.

Cellular Technology

• Cellular service is a wireless WAN technology used where other WAN access technologies are unavailable.
• Smartphones and tablets can use cellular data for typical internet activities.
• Radio waves communicate to a nearby mobile phone tower from devices using cellular technology.
• Small radio antenna is in a device, with the provider having a larger antenna on a tower within miles.

3G/4G/5G Wireless

• These are abbreviations for 3rd generation, 4th generation, and the emerging 5th generation mobile wireless technologies
• These technologies support wireless internet access.
• 4G standards support bandwidths up to 450 Mbps download and 100 Mbps upload.
• The emerging 5G standard supports 100 Mbps to 10 Gbps and beyond

Long-Term Evolution (LTE)

• Refers to a newer, faster technology
• Part of 4G technology.

Satellite Internet

• Typically used by rural users or in remote locations where cable and DSL are not available.
• Accessing satellite requires a satellite dish, two modems (uplink and downlink), and coaxial cables between the dish and modem.
• A router connects to a satellite dish pointed at a service provider satellite.
• Signals travel to and from a satellite in geosynchronous orbit, approximately 35,786 kilometers (22,236 miles).

Installation of satellite internet

• Requires a clear view toward the equator, where most orbiting satellites are located.
• Trees and heavy rains may negatively affect signal reception.
• Satellite internet offers two-way data communications for uploads and downloads.
• Upload speeds are about one-tenth of download speeds.
• Download speeds range from 5 Mbps to 25 Mbps.

WiMAX

• Worldwide Interoperability for Microwave Access (WiMAX), a new technology and is just beginning to come into use.
• It is described in IEEE standard 802.16.
• WiMAX provides high-speed broadband service with wireless access and broad coverage.
• It offers coverage similar to a cell phone network, differing from Wi-Fi hotspots.
• WiMAX operates like Wi-Fi but with higher speeds, greater range, and more users.
• It uses a network of WiMAX towers, similar to cell phone towers.
• To access WiMAX, users must subscribe to an ISP with a WiMAX tower within 30 miles of their location.
• WiMAX access requires a WiMAX receiver and a special encryption code to access the base station.
• WiMAX has largely been replaced by LTE for mobile access and cable, or DSL for fixed access.

VPN Technology

• Security risks arise when remote workers use broadband to access the corporate WAN over the internet.
• To address security, broadband services provide Virtual Private Network (VPN) connections to a network device at the corporate site.

VPN Basics

• A VPN is an encrypted connection between private networks over a public network like the internet.
• Instead of a dedicated Layer 2 connection (e.g., a leased line), a VPN uses virtual connections called VPN tunnels.
• VPN tunnels route data through the internet from the company's private network to the remote site or employee host.
• Security is a key benefit of using VPN.

Cost savings of VPN

• VPN enables organizations to use the global internet to connect remote offices and remote users to the main corporate site.
• Reduces the need for expensive, dedicated WAN links and modem banks.

Security in VPN

• VPN provides high security using advanced encryption and authentication to protect data from unauthorized access.

Scalability in VPN

• It is easy to add new users because VPNs use the internet infrastructure within ISPs and devices.
• Corporations can add large amounts of capacity without adding significant infrastructure.

Compatibility with broadband technology

• VPN technology is supported by broadband service providers like DSL and cable.
• VPNs allow telecommuters to utilize home high-speed internet services to access corporate networks.

Further Points on VPNs

• Business-grade, high-speed broadband connections offer a cost-effective solution for connecting remote offices.
• VPNs are implemented as Site-to-site VPN, and Remote Access.

Site-to-site VPN

• VPN settings are configured on routers, data is encrypted without the client's awareness.

Remote Access

• Remote Access connection requires the user to initiate the connection.
• This can be done by using HTTPS in a browser or by using VPN client software.

Single-homed ISP Connectivity

• Involves using one link for internet access
• Deployed when internet access is not critical.
• It is the least expensive of the connectivity solutions
• Provides no redundancy.

Dual-homed ISP Connectivity

• Uses two links to connect to the same ISP for internet access.
• Offers redundancy and load balancing.
• Both links can balance traffic when working properly.
• It connects to the same ISP using two links
• The organization loses connectivity if the ISP has an outage.

Multihomed ISP Connectivity

• Client connects to internet via two different ISPs.
• Offers redundancy and load balancing.
• Potentially more expensive.

Dual-multihomed ISP Connectivity

• Client connects to multiple ISPs using redundant links.
• It's the most resilient topology, providing maximum redundancy.
• Most costly option.

Broadband Solution Comparison

• Every broadband solution comes with advantages and disadvantages.
• A direct fiber-optic cable connection to the client network is an ideal solution
• Due to the limited option, some locations only offer cable or DSL, and some have broadband wireless only.

Cable

• Bandwidth is shared by users, causing upstream data rates to be slower during peak usage due to over-subscription.

DSL

• Bandwidth is limited by distance from the ISP central office.
• Upload rates are proportionally lower than download rates.

Fiber-to-the-Home

• Requires direct fiber installation to the home.

Cellular/Mobile

• Coverage issues may occur, even in small offices or home offices, where bandwidth is limited

Municipal Wi-Fi

• Few municipalities have a mesh Wi-Fi network deployed.
• A viable option for those in range if available.

Satellite

• Expensive and provides limited capacity per subscriber.
• Typically, in areas where no other option is available.

Virtual Private Network

• VPNs secure network traffic between sites and users by creating end-to-end private connections.
• A VPN carries information within a private network over a public network.
• Traffic is encrypted to keep data confidential.

VPN Use Cases

• Enterprises often use VPNs, managed from their main site, to connect remote sites and users to network resources.
• Cisco Adaptive Security Appliance (ASA) firewalls offer secure, high-performance connectivity, including VPNs.
• Cisco ASA firewalls are useful for remote branches and mobile users.
• SOHO (small office/home office) can use a VPN-enabled router to provide VPN connectivity back to the corporate main site.

Cisco AnyConnect

• It's software for remote workers to establish client-based VPN connections with the main site.

Modern VPNs

• They now support encryption features like Internet Protocol Security (IPsec) and Secure Sockets Layer (SSL) VPNs to secure network traffic between sites.
  • Benefits include cost savings and security.

Costs Savings with VPN

• Organizations can reduce costs and increase remote connection bandwidth by using cost-effective, high-bandwidth technologies

Security with VPN

• VPNs employ advanced encryption and authentication to protect data, offering the highest level of available security.

Scalability

• It's easy to add new users because organizations can use the internet without significant infrastructure additions

Compatibility

• VPNs can be implemented across various WAN link options, including broadband technologies.
• Remote workers can use high-speed connections to securely access corporate networks.

Site-to-Site VPN

• Created when VPN terminating devices i.e VPN gateways, are preconfigured with information to establish a secure tunnel.
• VPN traffic is only encrypted between these devices.
• Internal hosts are unaware of VPN usage

Remote-Access VPN

• Dynamically created to secure a connection between a client and a VPN terminating device.
• A remote access SSL VPN when checking banking information online, for example.

Enterprise VPNs

• A common solution for securing enterprise traffic across the internet.
• Site-to-site and remote access VPNs are created and managed by the enterprise using both IPsec and SSL VPNs.

Service Provider VPNs

• Created and managed over the provider network.
• The provider uses Multiprotocol Label Switching (MPLS) at Layer 2 or Layer 3 to create secure channels between a customer's sites.
• MPLS is a routing technology to create virtual paths between sites which segregates traffic and prevent mingling.
• Legacy solutions include Frame Relay and Asynchronous Transfer Mode (ATM) VPNs.

Remote Access VPNs Enable Encrypted Tunnels

• They enable connections for remote, mobile workers to securely connect and replicate enterprise security access to include email and network applications.
• Remote-access VPNs also allow contractors and partners to gain limited access.

Flexibility of Access

• Access can be granted to specific servers, pages, or files as needed
• Productivity without compromising security.

Clientless VPN connection

• Web browser SSL connection secures the connection.
• SSL protects HTTP traffic, HTTPS, and email protocols, IMAP and POP3.
• HTTPS is HTTP using an SSL tunnel.
• The SSL connection is established first, followed by the exchange of HTTP data.

Client-based VPN connection

• VPN client software, such as Cisco AnyConnect Secure Mobility Client, must be installed on the user’s end device.
• Users initiate the VPN connection using the VPN client, and then authenticate to the VPN gateway.
• Authenticated remote users gain access to corporate files and applications.

SSL VPNs & TLS

• When a client negotiates an SSL VPN connection with the VPN gateway, it connects using Transport Layer Security (TLS).
• TLS is a newer version of SSL, and expressed as SSL/TLS.
• Public key infrastructure and digital certificates are used by SSL to authenticate peers.

IPsec Versus SSL VPN

• Both technologies grant access to virtually any network application or resource.
• IPsec is preferable when security is the primary concern.
• Use SSL if support and deployment ease.
• The type of VPN method implemented is based on user access requirements and IT processes.

IPsec & SSL Remote Access Deployments

• A comparison IPsec and SSL remote access configurations can be seen in a table

IPsec Applications Supported

• Supports all IP-based applications.

SSL Applications Supported

• SSL supports only web-based applications and file sharing.

IPsec Authentication Strength

• Uses two-way authentication with shared keys or digital certificates.

SSL Authentication Strength

• One-way or two-way authentication is used.

IPsec Encryption Strength

• Key lengths are used from 56 bits to 256 bits.

SSL Encryption Strength

• Key lengths are used from 40 bits to 256 bits.

IPsec Connection Complexity

• Requires a VPN client pre-installed on a host.

SSL Connection Complexity

• SSL only requires only a web browser on a host.

Connection Option IPsec

• Limited to specific-configuration devices only can connect.

Connection Option SSL

• Device that had web browser, and only device that web browser can connect.

Site-to-Site IPsec VPNs:

• Connect networks across another untrusted network such as the internet.
• End hosts send and receive normal unencrypted TCP/IP traffic through a VPN terminating device.
• The VPN terminating is typically a VPN gateway, which can be a router or a firewall.
• A Cisco Adaptive Security Appliance (ASA) combines firewall, VPN concentrator, and intrusion prevention functionality into one software image.

VPN Gateway Actions

• Encapsulates and encrypts outbound traffic.
• Sends traffic through a VPN tunnel over the internet to a VPN gateway at the target site.
• Upon receipt, receiving VPN gateway strips the headers, decrypts the content, and relays the packet toward the target host inside its private network

Site-to-site VPNs Typically

• Site-to-site VPNs are created and secured using IP security (IPsec). Can be created using GRE over IPsec as well.

Generic Routing Encapsulation (GRE)

• A non-secure site-to-site VPN tunneling protocol.
• It can encapsulate various network layer protocols.
• Can support multicast and broadcast traffic which may be necessary if the organization requires routing protocols to operate over a VPN.
• It does not by default support encryption, so it doesn't provide a secure VPN tunnel.

IPsec VPN non GRE

• Can only create secure tunnels for unicast traffic and not multicast traffic. Therefore, routing protocols will not exchange routing information over an IPsec VPN.

GRE/IPsec Encapsulation

• Terms to describe the encapsulation are passenger protocol, carrier protocol, and transport protocol.

Passenger Protocol

• The original packet that is to be encapsulated by GRE.
• It can be an IPv4 or IPv6 packet, a router update, and more.

Carrier Protocol

• GRE is the carrier protocol that encapsulates the original passenger packet.

Transport Protocol

• Protocol that will be used forward the packet.
• Can be IPv4 or IPv6.
• Branch and HQ would like to exchange OSPF routing information over an IPsec VPN and uses GRE over IPsec, OSPF packets will encapsulated.