440 likes | 910 Vues
Serial ways to Internet Ksenija Furman Jug ARNES ksenija.furman@arnes.si Serial Communications The goal of our session Agenda General overview Theoretical fundaments Practice ? ? ? ? Connecting to Internet Why? How? Costs? Overview Dial-up Provider perspective User perspective
 
                
                E N D
Serial ways to Internet Ksenija Furman Jug ARNES ksenija.furman@arnes.si Serial Communications, CEENet Workshop '97, Zagreb, August '97
Serial Communications • The goal of our session • Agenda • General overview • Theoretical fundaments • Practice Serial Communications, CEENet Workshop '97, Zagreb, August '97
? ? ? ? Connecting to Internet • Why? • How? • Costs? Serial Communications, CEENet Workshop '97, Zagreb, August '97
Overview • Dial-up • Provider perspective • User perspective • Dial-out host • Dial-out LAN • Leased lines Serial Communications, CEENet Workshop '97, Zagreb, August '97
Serial Serial data pipes Internet user Internet service provider Serial Communications, CEENet Workshop '97, Zagreb, August '97
How? • Dial-Up • Leased line • Public Data Services (X.25,Frame Relay, ATM,..) Serial Communications, CEENet Workshop '97, Zagreb, August '97
Serial • Dial-up • Provider perspective • User perspective • Dial-out host • Dial-out LAN • Leased lines Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dial-up • Technology type • POTS - Plain Old Telephone System • ISDN - Integrated Services Digital Network • Type of services • host • LAN Serial Communications, CEENet Workshop '97, Zagreb, August '97
Internet Dial-up host Provider’s Access Server Asynchronous modem User’s PC POTS Asynchronous modem
Internet Dial-up LAN Provider’s Access Sever Asynchronous modems LAN POTS Router Asynchronous modem
Serial • Dial-up • Provider perspective • User perspective • Dial-out host • Dial-out LAN • Leased lines Serial Communications, CEENet Workshop '97, Zagreb, August '97
Provider perspective • Choose the equipment • Form a user database • Create a security mechanism • Create an IP addressing scheme • Select the routing scheme for LAN Serial Communications, CEENet Workshop '97, Zagreb, August '97
Choosing equipment - POTS (cont.) • Sufficient number of telephone lines • geographical distribution helps decrease calling costs • number of users per line • Asynchronous modems • modem management (SNMP) • software upgradable Serial Communications, CEENet Workshop '97, Zagreb, August '97
Choosing equipment - POTS (cont.) • Access server • protocols (SLIP/PPP) • terminal services • users database • security tools • IP routing • management (SNMP) • filters Serial Communications, CEENet Workshop '97, Zagreb, August '97
User database • on the Access Server • on a special host Serial Communications, CEENet Workshop '97, Zagreb, August '97
Security mechanism • DIAL-UP - a big security thread • Authentication, Authorization, Accounting • Security servers (TACACS+, RADIUS,..) Serial Communications, CEENet Workshop '97, Zagreb, August '97
TACACS+ based on TCP encrypts all data separated AAA more complex open for future extensions RADIUS based on UDP encrypts only challenge responses supported by more vendors TACACS+/RADIUS Serial Communications, CEENet Workshop '97, Zagreb, August '97
Authentication • Each user having a “good” password • Users forced to change password • One time passwords • Login procedure • PPP authentication (PAP, CHAP) • Caller Line Identification (ISDN) Serial Communications, CEENet Workshop '97, Zagreb, August '97
Authorization • Who is allowed to do what Serial Communications, CEENet Workshop '97, Zagreb, August '97
User Accounting • In case of dynamic addressing helps to trace intruders • For charging Serial Communications, CEENet Workshop '97, Zagreb, August '97
IP addressing scheme - Dial-in host • Dynamic address allocation • saves address space • users can not be always reachable at same IP address • IP address dedicated per user • “impossible” with large number of users • useful for some services Serial Communications, CEENet Workshop '97, Zagreb, August '97
IP addressing scheme - Dial-in LAN • Addresses on LAN side • registered IP addresses • IP masquerading - using private address space Serial Communications, CEENet Workshop '97, Zagreb, August '97
Routing scheme for LAN • Static routing • dedicated address on PPP side to which a static route is pointing • Dynamic routing • filter routing information to disable advertisement of invalid routes Serial Communications, CEENet Workshop '97, Zagreb, August '97
Static routing Network: 193.225.219.0 193.225.220.6 User’s router Provider’s Access Server Static route for 193.225.219.0 Default route pointing to the asynchronous interface to address 193.225.220.6 Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dynamic routing Network: 193.225.219.0 User’s router Provider’s Access Server Enable routing protocol on both interfaces Serial Communications, CEENet Workshop '97, Zagreb, August '97
Serial • Dial-up • Provider perspective • User perspective • Dial-out host • Dial-out LAN • Leased lines Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dial-out host • Get the account • inform yourself about number of users per modem, types of services and charging • Choose equipment • Take care about the password Serial Communications, CEENet Workshop '97, Zagreb, August '97
Choosing equipment - Dial-out host - POTS • Asynchronous modem • the compatibility to provider modems • latest standard • PC Serial Communications, CEENet Workshop '97, Zagreb, August '97
Choosing equipment - Dial-out LAN - POTS (cont.) • Asynchronous modem • compatibility with providers modems • latest standard • Dial on Demand Router • commercial • dedicated box for higher price • reliable and easy to manage Serial Communications, CEENet Workshop '97, Zagreb, August '97
Choosing equipment - Dial-out LAN - POTS (cont.) • PC with DOS, Linux, WIN NT,.. • non-dedicated box for lower price • also usable for Internet server • less reliable, more complex to manage • Features • Dial on Demand Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dial-out host - types of services • Low cost - accessible to anyone • Telnet access • less friendly user interface Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dial-out host - types of services • PPP/SLIP • Complete individual Internet connectivity • user friendly client software • e-mail: • POP server Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dial-out host - types of services • Internet servers • not convenient • you need a fixed IP address and dialing in both directions • provider can offer an host for users homepages Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dial-out LAN - types of services (cont.) • PPP/SLIP • Full connectivity for LAN on demand • Low cost • E-mail: • UUCP Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dial-out LAN - types of services (cont.) • SMTP demon with spooler • at time of activation of line, mail has to be transferred to destination LAN • Internet servers • not convenient • you need a fixed IP address and dialing in both directions Serial Communications, CEENet Workshop '97, Zagreb, August '97
Dial on Demand • Define interesting packets • Define idle-timers Serial Communications, CEENet Workshop '97, Zagreb, August '97
Serial • Dial-up • Providers perspective • Users perspective • Dial-out host • Dial-out LAN • Leased lines Serial Communications, CEENet Workshop '97, Zagreb, August '97
Leased Line Characteristics • Higher cost • Full time connectivity • convenient for Internet servers Serial Communications, CEENet Workshop '97, Zagreb, August '97
Internet Leased line Provider’s router LAN Synchronous modem Leasedline Synchronous modem Router
Provider perspective • Establish geographically distributed points of presence • Offer ports (synchronous, asynchronous) • Establish routing for user’s IP subnets • Using different types of modems according to: • distance • speed Serial Communications, CEENet Workshop '97, Zagreb, August '97
User perspective (cont.) • Register IP addresses • Select appropriate router • number and type of ports according to network topology • protocols • routing protocols • manageable Serial Communications, CEENet Workshop '97, Zagreb, August '97
User perspective (cont.) • security mechanism • Establish e-mail, DNS,WWW servers • no problem with full time connectivity Serial Communications, CEENet Workshop '97, Zagreb, August '97
Security • DONT’T LET THE WHOLE WORLD TO ENTER YOUR DOOR! • Use security mechanisms • firewalls of different types Serial Communications, CEENet Workshop '97, Zagreb, August '97