Wide Area Networks (WAN) are used for long distance communications.

Multiplexing is the technology of combining multiple communication channels on a single path.

Telecommunication evolution:

• Copper line = analog signal
• T1 line = 24 conversations (1.544 Mbps)
• T3 line = 28 T1 (44.736 Mbps)
• Fiber-optics and SONET (50 Mbps)
• ATM over SONET

Optical Carrier (OC) lines:

• OC-1 = 51.84 Mbps
• OC-2 = 155.52 Mbps
• OC-3 = 622.08 Mbps

Europe uses SDH (Synchronous Digital Hierarchy) instead of SONET:

• E1 = 2.048 Mbps
• E3 = 34.368 Mbps

A dedicated link or leased line or point-to-point link is single pre-established link for a WAN communication. T-Carriers are dedicated links using PCM (Pulse Code Modulation) and TDM (Time Division Multiplexing):

• T1 = 24 voice channels (0.064 Mbps)
• T2 = 96 voice channels (1.544 Mbps)
• T3 = 672 voice channels (6.312 Mbps)
• T4 = 4032 voice channels (274.760 Mbps)

Other multiplexing technologies are STDM (Statistical Time Division Multiplexing) and Frequency Division Multiplexing.

WAN technologies are:

• CSU/DSU (Channel Service Unit / Data Service Unit): is used to connect LAN to WAN over telephone lines.
• Circuit switching (ISDN): a channel is set up on demand and remains as long as the communication take place
• Packet switching (Internet, X.25, Frame Relay): offers multiple paths to the destination, each packet going it's own way
• Frame Relay uses packet switching at data link layer. Companies pay for a bandwidth: CIR (Commited Information Rate). It has a DTE (Data Terminal Equipment) to connect to the company and a DCE (Data Circuit-Terminating Equipment) to connect to the Frame Relay cloud.
• Virtual Circuits
• Permanent Virtual Circuits (PVC): are programmed with dedicated bandwidth and remains
• Switched Virtual Circuits (SVC): a circuit is built on demand, then destroyed (teleconferencing)
• X.25 is similar to Frame Relay but is older technology and not so efficient
• ATM (Asynchronous Transfer Mode) uses a cell-switching method (each cell is 53 bytes) and is connection oriented. Very fast and efficient, can provide QoS and can be used in LAN also
• QoS (Quality of Service) are necessary for some applications like videoconferencing. Several services exist:
• Constant Bit Rate (CBR) is connection-oriented (voice, video)
• Variable Bit Rate (VBR) connection-oriented is better for delay-sensitive applications
• Unspecified Bit Rat (UBR) connectionless with no control
• Available Bit Rate (ABR) connection-oriented available bandwidth is given
• QoS levels:
• Best-effort service
• Differentiated service (better than best-effort)
• Guaranteed service (ensure bandwidth)
• SMDS (Switched Multimegabit Data Service) was used to extend company's LAN over long distance. Is replaced with Frame Relay
• SDLC (Synchronous Data Link Control) is used for communication between hosts in SNA (System Network Architecture)
• HDLC (High-Level Data Link Control) is an extension of SDLC and has multiple implementation
• HSSI (High-Speed Serial Interface) is used to connect routers to high-speed communication services (ATM or Frame Relay), it works at physical layer

Multiservice Access Technologies are used to combine several type of technologies (voice, data...):

• PSTN (Public Switched Telephone Network) is used for standard phone systems
• VoIP (Voice over IP) uses data network to carry out voice. It uses SIP (Session Initiation Protocol) that create and release voice sessions. Delays is an issue (jittering) and isynchronous networks (guarantee continuous bandwidth) are necessary. Components are:
• IP telephony device (smart telephone)
• Call-processing manager (sets up calls)
• Voicemail system (message storage)
• Voice gateway (carries packets in and out)

Introducing VoIP is challenging for security, all systems must be patched, firewalls must be used, authentication, monitoring, encryption...

H.323 is a standard that deals with video, real-time audio. H.323 gateways connect to different systems (terminal, circuit-based to packet based) is used for communication between old and new technology.

Remote Access connections are:

• Dial-Up and RAS (Remote Access Server): the user dials a RAS and authenticate (with RADIUS for example). The RAS can then call-back the user for security reasons and identify it's Caller-ID. Strong authentication is required because remote access bypass the firewall entry point. Wardialing is used by attacker to try every phone number and testing for remote access (modems)
• ISDN (Integrated Services Digital Circuit) uses the copper telephone lines but is digital and brings more possibilities like full-duplex, BRI (Basic Rate Interface, 144 Kbps) with 2 B channels for data and 1 D for call setup, PRI (Primary Rate Interface, 1.544 Mbps) with 23 B channels and 1 D, BISDN (Broadband ISDN), DDR (Dial-on Demand Routing) allows connection to WAN
• DSL (Digital Subscriber Line) is high-speed connection over phone lines (up to 52 Mbps). It uses the low and high frequencies not used in human voice but available on the line. It uses symmetric (same speed up and down) or asymmetric services. Because the connection is permanent it is a big security issue!
• SDSL (Symmetrical)
• ADSL (Asymmetrical)
• IDSL (ISDN) suited for longer distances
• HDSL (High-bit-rate) 1.544 Mbps, requires two pairs
• Cable modems uses the television cable for connecting to the Internet (up to 50 Mbps)
• PPP (Point to Point Protocol) replaces SLIP (Serial Line Internet Protocol), is an encapsulation protocol and allows TCP/IP to be carried out in phone lines and connect to a PoP (Point of Presence). To authenticate PPP uses:
• PAP (Password Authentication Protocol): the user enters credentials sent in cleartext to the server
• CHAP (Challenge Handshake Authentication Protocol): uses challenge/response, so no pasword is transmitted
• EAP (Extensible Authentication Protocol): extends the authentication to third party (Kerberos, token based, OTP)
• VPN (Virtual Private Network) builds a tunnel over the Internet for the communication between the user and the company. Encryption is used, user and server negotiate the encryption method. Tunneling protocols uses encryption and encapsulation (encapsulate one protocol into another) and are:
• PPTP from Microsoft uses MPPE (Microsoft Point-to-Point Encryption) with MS-CHAP or EAP-TLS. The PPP frame is encapsulated with GRE header and IP header. But it can only be routed in IP networks (not ATM or Frame Relay)
• L2TP provides PPTP but also for other networks (replaces L2F, Layer 2 forwarding). It has no authentication or encryption, so it requires IPSec. It supports RADIUS and TACACS+
• IPSec uses more than one security protocol (ESP and AH), has iterated tunneling (tunnel in the tunnel)