Wide Area Networks
Establishing connectivity over long distances require specific technical infrastructure.
A. Dial-up Networking, DSL, Cable Internet, Wi-Max are some of the popular choices across home users, small & medium businesses for Internet access.
B. ISDN, Leased Lines are considered for medium to large office networks & service providers.
Wide Area Networks are used for establishing connectivity between LAN(s) across different locations and/or for providing access to the Internet.
Equipment used in WAN vary depending on requirements, costs & feasibility.
Internet connectivity using a Dial-up modem
- Users connect to remote networks by dialing a number provided by the office; customers gain access to the Internet by dialing a number provided by the ISP.
- Typical speeds around 56 Kbps.
- Either phone or modem can be used at one time, not both at the same time.
- Popular for Internet Access and remote office network setups till early 2000’s.
- RAS (Remote Access Servers): Server Software, For accepting incoming connections.
- DUN (Dial Up Networking): Client Software, for connecting to RAS.
- Uses PPP (Point-to-Point Protocol) or SLIP (Serial Line Internet Protocol).
- Internet connectivity is usually shared through 3rdparty software during that time.
- Mostly replaced by Broadband technologies like DSL, Cable, etc. (in some countries Dial Up technology is still used).
Note: SLIP requires IP before connectivity, unlike PPP. PPP supersedes SLIP and PPP supports use of other protocols such as NETBEUI, IPX/SPX & DHCP environments.
MODEM (Modulator Demodulator)
- Simple device for connecting to remote networks using telephone networks.
- Available as Internal modems (for personal computers) & external models
- Converts Digital-to-Analog & Analog-to-Digital signals.
Internal Dial-Up MODEM
External Dial-Up MODEM
USB Dial-Up MODEM
- Internal Modems are inserted in PCI / PCIe slots.
- External Modems are connected through Serial Ports & USB ports.
Note: Do NOT confuse “Dial Up Modems” with DSL/Cable Modems.
- ISDN (Integrated Services Digital Network) set of standards for digital transmission over PSTN.
- Used by companies for High speed, reliable & stable Internet connectivity.
- ISDN requires specific hardware which is quite expensive.
- ISDN is usually offered as:
- Basic Rate Interface: 2 B Channels (64 Kbps) + 1 D Channel (16 Kbps) =128 Kbps total
- Primary Rate Interface: 23 B Channels (64 Kbps) + 1 D Channel (64 Kbps) = 1.5 Mbps total
Note: PRI/BRI implementations & plans vary country to country.
- “Leased Lines” refers to dedicated direct connections between ISP & Consumer, ensuring connectivity all the time.
- Usually expensive and require special hardware for network connectivity.
Internet connectivity using a DSL modem, DSL filter used for separating voice & data
- Digital Subscriber Line, widely popular forhigh speed Internet Access.
- Uses different frequencies for data & voice (hence the term “broadband”), allowing telephone & Internet usage at the same time.
- DSLAM used at service provider & DSL filter at customer’s premises to split voice and data lines.
- Uses PPPoE (Point-to-Point Protocol Over Ethernet).
Note: DSL networks are “always connected”, unlike in Dial-up networks where connectivity is available until user disconnects.
DSL implementations vary depending on country & provider, through technologies like:
- ADSL (Asymmetric DSL)
- Download & Upload speeds are different.
- Example: 10 Mbps download / 256 Kbps upload.
- SDSL (Symmetric DSL)
- Downloads & Uploads are at same speeds.
- Example: 10 Mbps download / 10 Mbps upload.
- Popular, simple & easy to use device, typically used to share Internet connectivity.
- DSL modems usually have one RJ-11 (WAN) for connecting to the ISP and, one or more RJ-45 (LAN) ports for LAN connectivity.
- May have additional features like Wi-Fi, Printer Sharing, USB ports, etc. depending on the model.
DSL MODEM, 1 WAN Port / 4 LAN Ports + WI-FI
HDSL ITU G.991.1 a.k.a. DS1
SHDSL ITU G.991.2
ADSL (G.dmt) ITU G.992.1
ADSL2 ITU G.992.3
ADSL2+ ITU G.992.5
VDSL ITU G.993.1
VDSL2 ITU G.993.2
VDSL2 ITU G.993.2
Internet connectivity using a Cable modem
- Uses cable television infrastructure for Internet access (broadband).
- Usually has one CO-AXIAL connector (WAN) & one RJ-45 (LAN) Port.
- Co-Axial for connecting to ISP and RJ-45 port for connecting to LAN port (usually a computer).
- Follows DOCSIS (Data Over Cable Service Interface Specification) standards.
DOCSIS 3.1 Full Duplex
Internet connectivity using WiMAX setup
- Worldwide interoperability for Microwave Access.
- Wireless Internet Access, alternate to DSL or Cable.
- “Last Mile” solution (where cable network access is NOT possible at all).
- Follows IEEE 802.16 Standard.
- Range up to 50 KM.
- Speed up to 70Mbit/s (depending on implementation & service provider).
WiMax Dish Antenna
WiMax Parabollic Antenna
- Network Address Translation (NAT) – Process of remapping IP addresses.
- Popular example is when an Internet connection is shared (Private to Public & Public to Private IP are remapped in IP address header).
- Implemented through Software or Hardware.
- Widely implemented in SOHO Routers, Internet Sharing & Metering Software, etc.
NAT Device has:
- WAN Interface: For connecting to outside world through DSL, Cable, Dial-Up, etc. (Public IP).
- LAN Interface: For providing connectivity to devices such as desktops, laptops, etc. (Private IP).
NAT – A. One Public IP & B. Multiple Private IPs
Typically only one Public IP address is assigned by an ISP for every Internet connection; public IP address provided by the ISP is assigned to the WAN port of a Router. Private IP addresses are assigned by the Router to clients connected to it (through wired or Wi-Fi).
ISP assigns public IP 220.127.116.11.
Router’s LAN IP is set as 192.168.1.1.
Router’s DHCP range is set as 192.168.1.2 to 192.168.1.254.
Router assigns IP addresses to it’s clients from the DHCP pool.
- 168.1.2 sends a request to 18.104.22.168
- LAN interface on the Router assigned with IP 192.168.1.1 receives the request
- NAT software on the Router replaces 192.168.1.2 with 22.214.171.124 and sends the request to 126.96.36.199
- 1.3.4 replies to 188.8.131.52
- NAT software replaces 184.108.40.206 with 192.168.1.1 based on its NAT table
- Reply sent to 192.168.1.2 from 192.168.1.1
Firewall in a router & Software Firewall on computers
- Protects computers & networks (Network Level).
- Controls incoming & outgoing network traffic.
- Works based on predefined rules, analyzes packets and allows/rejects.
- Essential to keep out unwanted traffic or users outside of a network or computer.
- Hardware or Software based.
- Some Operating Systems, Anti-Virus & NAT software include firewall as a feature.
- Personal Firewall
- Designed for controlling network traffic on a single computer.
- Personal firewalls are usually configured automatically, require technical expertise for finer control.
- Enterprise Firewall
- Designed for controlling traffic across network of computers.
- Enterprise firewalls require specific technical expertise based on the model.
- Personal Firewall
Note: Firewall is NOT an Anti-Virus Software; Firewall protects only network traffic.
Note: It is recommended to keep one personal firewall active, if there are multiple software firewalls installed on a computer to avoid firewall conflicts.
Manage Windows Firewall Settings
Tip: Microsoft Windows applies different firewall policies according to the network type; domain (for domain environments), public (hotspots, restaurants, etc.) & private (office or home network). Users may switch to different profiles as required by just selecting the type of network (in turn appropriate firewall profile is applied); profiles may be modified according to user’s preference, for example allow specific applications only on an office network and block all other applications thereby increasing security measures.
- View status of current profile:
- CMD > netsh advfirewall show currentprofile
Output listing currently active profile (based on currently logged on user account)
- View status of Private Network:
- CMD > netsh advfirewall show privateprofile
Output listing settings applicable for a private (LAN) network
- View status of Public Network:
- CMD > netsh advfirewall show publicprofile
Output listing settings applicable for a public (Internet) network
- View status of Windows Firewall for all connections
- CMD > netsh advfirewall show allprofiles state
Output displaying status of Windows Firewall
- View list of Applications & Services and, their status in Windows Firewall Profiles
- CMD > netsh advfirewall firewall show rule name=all
Output listing application & service status in Windows Firewall
- Store all details in a Text file:
- CMD > netsh advfirewall firewall show rule name=all > C:\Log.txt
Store output in text file
- View Text File:
- CMD > notepad C:\LOG.TXT
Open text file using Notepad
- Enable logging in Windows Firewall for allowed software
- CMD > netsh advfirewall set currentprofile logging allowedconnections enable
Input to enable logging for allowed connections
- Open Log File in a text editor to view: C:\Windows\System32\LogFiles\Firewall\pfirewall.log
- DISABLE logging in Windows Firewall
- CMD > netsh advfirewall set currentprofile logging allowedconnections disable
Input to disable logging for allowed connections, if enabled earlier
- Add a program to Windows Firewall using Port Number
- CMD > netsh advfirewall firewall add rule name=”RULENAME” dir=in action=allow protocol=tcp localport=portnumber
C:\netsh advfirewall firewall add rule name=”My web server” dir=in action=allow protocol=tcp localport=8080
Sample input to add an exception using Port number
- Remove a program from Windows Firewall
- CMD > netsh advfirewall firewall delete rule name=”RULENAME”
Input for deleting a rule, output with confirmation
- Add an exception by using an executable
- CMD > netsh advfirewall firewall add rule name=”RULENAME” dir=in action=allow program=”path\program.exe” enable=yes
Input to add an executable to Windows Firewall
- Reset Windows Firewall to default settings
- CMD > netsh advfirewall reset
Input to reset Windows Firewall
- View complete details:
- CMD > netsh advfirewall show allprofiles
Firewall status for all connections
- Turn Off Firewall for Private Network:
- CMD > netsh advfirewall set privateprofile state off
Input to disable firewall for private profile
- Turn Off Firewall for Public Network:
- CMD >netsh advfirewall set publicprofile state off
Input to disable firewall for public profile
- Turn Off Firewall Both Networks:
- CMD > netsh advfirewall set allprofiles state off
Input to disable firewall for both private & public profiles
- Turn On Firewall for Private Network:
- CMD > netsh advfirewall set privateprofile state on
Input to enable firewall for private profile
- Turn On Firewall for Public Network:
- CMD >netsh advfirewall set publicprofile state on
Input to enable firewall for public profile
- Turn On Firewall for Both Networks:
- CMD > netsh advfirewall set allprofiles state on
Input to enable firewall for both private & public profiles
- View Firewall Settings (GUI)
- START > RUN > FIREWALL.CPL
- Add/remove programs or services to Windows Firewall
- Select “Allow an app or feature through Windows Firewall” from left menu
Application & Service List in Windows Firewall
- To add an application, Select “Change settings”
- If the application / service is already in this list, then check under “Private”, “Public” or Both (depending on requirements)
- If the application / service is NOT listed, then select “Allow Another app…”
Add a program to exception list in Windows Firewall
- Select “Network types…”, check “Private”, “Public” or both as required
- Select “Browse…”, select the program
- Select “Add“& Select “OK“
- To change firewall settings
- To Disable Firewall, Select “Turn Windows Firewall on or off”
- Disable Firewall for Private Networks
- Select “Turn Off Windows Firewall (not recommended)”
- Disable Firewall for Public Networks
- Select “Turn Off Windows Firewall (not recommended)”
- Enable Firewall, Select “Turn on Windows Firewall” under respective networks
- For finer control (requires technical expertise), select “Advanced Settings” from Windows Firewall
Note: Since this topic is advanced, this is not covered further.