Broadband Access Network is currently the most common access method, so I have studied the design concepts and standards of broadband access networks. I would like to share with you here, hoping to be useful to you. A Broadband Access Network is a transmission medium. It establishes multiple independent network carrier signals on a coaxial cable or fiber-optic cable through different channels. In general, a broadband access network also refers to a high-speed network connection. For example, a broadband Internet connection usually refers to an Internet connection using a cable modem or DSL digital user line. It is called a broadband access network connection, and its speed generally exceeds 1 Mbps and 1 megabits per second ).
A cable modem allows a computer or computer network to connect to the Internet through a cable TV network. A cable modem usually has an Ethernet interface connected to a computer at a rate above 5 Mbps. DSL uses Conventional copper wires for telephone. Compared with cable modem, DSL can provide users with dedicated bandwidth, but its maximum bandwidth is generally lower than the maximum cable modem. There are many DSL types. The following is an introduction:
◆ ADSL: Asymmetric Digital user line. This is a new technology that allows very high bandwidth on standard copper lines. When you install DSL, the local telephone company will add a twisted pair of Network cables to your telephone line. DSL lines can synchronously transmit sound and digital information. Based on the length of the Line, the number of loops, and the quality of the line, ADSL can provide a downlink rate of up to 8 Mbps and a uplink rate of 1 Mbps.
◆ SDSL: A symmetric digital user line that provides the same rate in both upstream and downstream directions.
◆ VDSL: the DSL transmitted through optical fiber. It is a fast version of ADSL. The maximum downlink rate within a short distance can reach 55 Mbps, And the uplink rate can reach 2.3 Mbps.
◆ RADSL: the rate-adaptive DSL means that the line speed can be changed based on the change of the line quality.
◆ IDSL: isdn dsl is a DSL Based on ISDN technology.
Security drawbacks of permanent connections
Broadband access network Internet is booming. It has been reported that in the past five years, China will become the cheapest part of the world's broadband access network. Therefore, achieving permanent connections and online anytime is no longer a distant dream. At the same time, we must understand that a permanent connection to the Internet also means an intrusion threat. In general, broadband introduces two security challenges:
1. The extent of hacker attacks is greatly increased
Permanent connection means that hackers can try to break through the security protection at no time. In addition, permanent connections often use fixed IP addresses, so that hackers can come back to continue their work from time to time.
2. Connecting to other networks through the public network requires higher security
Hackers have powerful tools to scan the Internet to find insecure computers. In fact, it is not surprising that the computers of broadband access users are scanned twice or three times a day. The most common mistake for broadband access users is to enable Windows File Sharing and printer sharing, which allows attackers to access and access the computer. Once hackers control the system, they can steal sensitive information, deliberately destroy files, and even use this computer to launch attacks against other sites, for example, some of the DoS and DDoS attacks launched against websites such as Yahoo and eBay some time ago, an unsuspected Broadband User was initially captured by an authority, his PC is accused of being a hacker used to launch the attack. What a terrible thing! If you already have broadband, you must plan ahead and do a good job of security in advance.
SOHO security issues
SOHO is the Small Office Home Office. SOHO connected to the broadband Internet should have a firewall that allows users to access the Internet and prevents unauthorized access from the outside. To run a Web server, you also need to add more complex security policies to allow external access to only that Web server, rather than other parts of the network. Other security functions include preventing DoS and DDos attacks on the network, and preventing DoS attacks (that is, preventing IP Spoofing) from inside the network ), set URL filter rules to prevent employees from accessing inappropriate Web sites. In fact, the root cause of security is people and publicity. In the past, most enterprises did not care about the security issues caused by their company's connection to the Internet. However, as hackers launch attacks on the company or control the company's PC, people's Security awareness is obviously greatly enhanced. For example, after our colleagues reinstall the system, the first application to be installed will be anti-virus software. Otherwise, they will have no bottom in their hearts.
Now, enterprises have changed the way they buy and manage their own security products, and are more willing to accept the work method that allows middlemen to install and manage security solutions, that is, service outsourcing. This will largely enable users to concentrate on the management layer, rather than trivial technical details.
Extend enterprise security boundaries to branches and Independent Online workers
The most striking use of broadband connections is to allow branches and Independent Online workers Telecommuters to connect to the company's network with high-speed remote access. Bandwidth connections can significantly lower the access charges compared with low-speed dial-up lines, because the latter often requires long-distance calls to connect to the central site.
VPN virtual private network using IPSec Encryption technology) is an important way for enterprises to expand their networks to branches and Independent Online workers. VPN uses a public network such as the Internet as a network transmission channel to Securely connect the company's sites, changed staff, and online independent staff. According to expert analysis, the cost of VPN is about half of that of the dedicated network, which is 1/4 lower than that of Frame Relay. Using VPN for remote access can save the enterprise cost by 30% to 70%. Independent Online workers install VPN customer software on their PCs and create an encrypted channel from the PC to the VPN gateway of the central site to connect to the company's network. However, VPN customer software also has many problems, including:
◆ It is difficult to install and update network software on a large number of remote PCs.
◆ In addition to Windows, Many operating systems lack VPN customer software, such as Linux, Mac, Solaris, and BSDI.
◆ The remote PC used for confidentiality lacks security.
◆ Brings new security breakthroughs. Hackers can conduct U-turn attacks on remote PCs to undermine the company's network security. In a U-turn attack, hackers obtained access to insecure pcs of Independent Online workers and connected them to the company's network through the VPN channel, this allows hackers to make full use of the company's network and threaten the enterprise's security infrastructure.
Broadband Network security solution design skills
If you or your organization has already achieved broadband Internet, we strongly recommend that you consider and adopt the following security solutions:
◆ Firewall: the firewall executes an access control policy between two networks. Firewalls can be software, such as Checkpoint, Symantec, CA, or hardware devices, such as NetScreen, Watchguard, Sonicwall, and Nokia. Home users can use personal firewalls, such as Network ICE and Symantec.
◆ Anti-virus software: today, there is no anti-virus software in one day, and it will not be steadfast in one day. We strongly recommend that you use anti-virus software on the broadband access network, such as Norton, McAfee, TrendMicro, CA, rising, Kingsoft drug overlord, and beixin source VRV.
◆ Encryption: for particularly sensitive communication, you must consider encrypting the communication on the PC. A firewall with VPN protection can protect sensitive data of remote sites and prevent DoS attacks from these computers. VPN and SSL provide security methods for e-commerce transactions. PGP and PKI can be used based on business needs.
◆ Modem security: Sometimes the configuration and verification information of the modem are stored on it, and some are stored on the computer. Therefore, it is best to consult a vendor to determine and protect the information.
◆ Shared Cable Modem connection: the cable network is often shared by multiple users, which allows hackers to monitor information transmission using sniffer. Therefore, determine whether the service provider has upgraded the network and equipment to DOCSIS (based on the cable Data Transmission Service Interface Standard ).
◆ Content Check: interactive technologies such as Java, JavaScript, and ActiveX are an important part of the content site and Email of the broadband access network and are also potential media for hacker attacks. We recommend that you disable these functions in your browser and Email client software.
◆ System Security: there are many factors in this regard, which are listed here.