This is the third part on Securing Your WHS & Network.
In this part we explain the different types of Internet service provider or ISP interface, service, and equipment that are normally used by home and small business networks. We explain the different types of Internet service provided by cable, telephone, and satellite companies.
It is important to note that we do not engage in an in-depth identification of the threats and vulnerabilities that one may expect to encounter with managing a network and having a constant connection to the Internet. Rather, we feel that it is important to identify and explain each component of the network. This section will expose characteristics like the impact that performance plays with the access and delivery of Internet content. This information is intended to form a basis that will be used in the remaining parts of our series to identify in detail the threats and vulnerabilities and methods to manage and mitigate them.
The Internet Service Provider or ISP is the company that provides a connection to the Internet. The type of connection, wiring, and speed vary by the ISP. The cable companies use the same cable used for television service to deliver Internet service. They can also offer telephone service with the same cable. Telephone companies use the same pair of copper telephone wire or a fiber optic (FiOS) cable for both telephone and Internet service. FiOS subscribers can also subscribe to television service.
The typical transmission method used for residential Internet service is called asymmetric. This means that the upload speed is much slower than the download speed. The major difference with each of the three types of service is speed and whether the service is shared with other subscribers located in the surrounding community.
The ISP usually limits the type of traffic for subscribers of residential service. They do not permit subscribers to host websites, email, or other business-related traffic. Also IP or Internet protocol addresses are not permanently assigned but are "leased" by using dynamic host configuration protocol or DHCP. This means that it is possible that the home subscriber can receive a new IP address each time they establish a connection to the Internet. This may happen when there is a loss of connectivity to the Internet or that the ISP interface device is turned off. We will discuss DHCP in more detail in later blogs.
Coaxial or coax cable is used mainly by cable companies to deliver television, telephone, and Internet service to their subscribers. Some cable companies may use fiber optic cable to deliver their service to the community but a coax cable is used to connect the subscribers. The cable consists of a solid center core of copper that is first surrounded by an insulating layer. This layer is surrounded by a metallic shield which is covered by a plastic outer jacket.
Each end of the coax cable has a female RG-6 connector. One end of the cable is connected to the male connector of the cable modem and the other end is connected to the cable company. This is an example of the typical cable modem.
The transmission method used by the cable company to transmit and receive Internet traffic is usually asymmetric; however, they are capable of transmitting in symmetric mode, or the same upload and download speed.
When Internet service was first offered, the cable companies assigned each subscriber a fixed IP address and used symmetrical mode. They quickly realized that many subscribers set up web, ftp, and mail servers, thus generating a considerable amount of Internet traffic. They soon changed to assigning IP addresses dynamically by using DHCP and limited the upload speed to between 192 to 384Kbit/s (thousand bits per second). Download speeds can range in excess of 1Mbit/s (million bits per second). Some cable systems are implementing higher download speeds for a short duration. This is called burst mode where speeds that can approach 20Mbit/s can be achieved for a short time.
The true speed a cable Internet subscriber can expect is dependent on the amount of Internet activity generated by other subscribers in the nearby community. During times when there is high demand for Internet activity, each subscriber may experience slower upload and download speeds. This is because cable companies group communities as a branch of their network and the total throughput assigned to the community is constrained. The effect is the same when a network hub is used. Network traffic between computers connected to the hub is very fast and efficient, but the traffic between the hub and other network devices beyond the hub is limited.
Residential service constrains what a subscriber can do with their Internet connection. Some limit the amount a subscriber can download per month. Usually subscribers are restricted from hosting websites, email servers, and other services like FTP or file transfer protocol. We will discuss these protocols in future blogs.
The cable ISPs are not able to provide business class service in residential neighborhoods. This is because their implementation of providing Internet access is based on a branch or hub technique. Business and residential service cannot be comingled on the branch. Therefore; small businesses that are operated from the home are limited to residential class service.
The local telephone company provides telephone service to subscribers by connecting one pair of copper wire between the subscriber and central office. They provide the electrical power necessary to hear the dial tone, the ring, and the conversation. This service is called POTS or plain old telephone service and has been the basic service since 1874 when the telephone was invented.
Originally the only way a computer user could connect to another computer was by using an analog modem. The user would instruct the modem to place a call to another computer. The modem on the other computer would answer the call and proceed to exchange data.
The maximum speed that a modem can support is 56Kbit/s for downloads and 33.6Kbit/s for uploads. While the computer is using the modem, the telephone line could not support the simultaneous use of voice and data.
An analog modem can be external, internal, or USB. All three types perform the same function to establish a connection to another computer by dialing a telephone number. An external modem uses a RS-232 serial cable to connect to the serial port on the computer. A RJ-11 telephone wire is connected to a telephone jack and the modem. An internal modem is an add-in card that is inserted in an empty PCI slot on the motherboard or can be part of the motherboard of most laptop computers. A USB modem connects directly to a USB port on the computer. The following are examples of analog modems.
Prior to the 1990's, the only alternative to achieve higher speed or to support both voice and data had been to subscribe to ISDN or T1 service. ISDN or integrated services digital network is based on POTS technology where the public telephone network is used to make the data connection. The method of connecting to another computer is similar to that used by modems. The telephone company charges are based on the duration of the connection.
ISDN is capable of upload and down data speeds of 128Kbit/s. The advantage of ISDN is that the same line can support the simultaneous use of voice and data; however, the data rate decreases to 64Kbit/s during the voice call. It is possible to increase the overall speed by adding up to two ISDN lines to achieve 384Kbit/s. Using a method called bonding, the data traffic is split across each line so that more data can be transferred.
The cost of subscribing to ISDN service prior to the 1990's was relatively expensive but cost is decreasing and still used today when no other alternative is available or where high quality is required. The ISDN service is very reliable and the speed of ISDN service is high-quality and constant during the entire connection. ISDN is commonly used by radio stations when they provide on-site coverage of sporting events or remote broadcasting of talk shows.
T1 is a data service that is capable of upload and download speeds of 1.544Mbit/s. This service is used primarily by large businesses because of the high monthly cost. Originally costing over $1,200 per month, T1 service now ranges from $300 to $400 per month.
Telephone companies offered DSL or digital subscriber line service in the late 1990s. The most common service is asymmetric or ADSL. As with Internet service provided by cable companies, the download speed is faster than the upload speed. Symmetric or SDSL is available but at a significantly higher cost per month.
DSL service is generally limited to a maximum speed of 3Mbit/s and significantly decreases when the distance between the subscriber and the central office exceeds 10,000 lineal feet of telephone wire. The advantage is that DSL is relatively inexpensive and can support simultaneous use of voice and data. In addition, other than distance, the actual speed of DSL service is not reduced by other subscribers in the community. This is because DSL is based on telephone technology and the equipment used at the central office has the capacity to support each subscriber.
The DSL ISPs are able to provide business class service in residential neighborhoods. Business class service includes higher speeds, symmetric service, static IP assignment, and no restriction on web publishing and email hosting. Therefore, small businesses that are operated from the home have more choices available to support their business needs.
Below is a DSL modem/router that has RJ-45 ports for up to four network devices and computers. The device can be configured as a wireless access point to support a wireless network.
One company is using a fiber to the premise network or FiOS that delivers voice, video, and data. As the network is expanded, current POTS subscribers are encouraged to switch their service from the copper twisted pair to fiber optic. The only difference is that since fiber optic cable only sends voice and data using light, there is no physical electrical connection between the subscriber and the central office. All power is provided by the subscriber.
There are two devices that are used to deliver FiOS service. An ONT or optical network terminal is installed on the outside of the building. This device converts the signal carried by the fiber optic cable to copper wire based telephone and data connections. A twisted copper pair of wire for each telephone line is connected between the ONT and the telephone network interface device or NID. The NID is the where the customer connects the wiring from inside the building to the telephone system.
A FiOS router is located inside the subscriber's building. It has four RJ-45 ports and a wireless access point for FiOS Internet based on IP addresses that are dynamically assigned. It also has a male RG-6 terminal for FiOS television service. The ONT and FiOS router are connected to each other by a RJ-45 cable.
Subscription to voice, video, and data service is independent of each other. FiOS analog and digital television content is delivered using the same technology used by traditional cable systems. Additional content including widgets, television guide, and pay per view is delivered as IP or as Internet content.
Normally residential FiOS Internet service uses Internet addresses or IPs that are dynamically assigned by the FiOS provider. We explain in greater detail Internet and IP addresses in later parts of this series.
In my case, I run my company from my house and I host my own SMTP email, my company's website, the website for my son's Boy Scout Troop, and websites for my clients. I am a subscriber of the small business package that gives me 2Mbit/s upload, 15Mbit/s download, and five static IPs. Also, the business, fax, and personal telephone lines are converted to FiOS. I did this well over 2 ½ years ago and have not experienced any outages. Prior to subscribing to FiOS, I subscribed to SDSL that was far more expensive, slower, and suffered from constant outages.
When I subscribed to FiOS TV I had to have a second fiber optic cable and ONT installed because FiOS TV uses DHCP for some of the features. They could not use the ONT for my static IPs for the TV service. I have the Actiontec router but it is only used for TV service.
The following shows the two FiOS ONTs that are used to provide static IP Internet access for the business and television service for the home.
Wireless telephone companies have offered mobile broadband service since 2003. The technology is based on providing a high-speed wireless connection the Internet to devices that are not used at a fixed location. The service is delivered by broadcasting signals by wide-area cellular networks. Some networks are capable of delivering speeds of 100Kbit/s upload and 7.2Mbit/s download; however, actual data speed is reduced by electrical interference, objects that block the signal, and the speed in which you are traveling. The type and speed of the connection varies depending of the availability of service. For example, in areas where 3G is not available, the modem will "fall back" or connect to services that are available and the connection speed is adjusted accordingly.
Mobile broadband may be a cost effective solution for people who live in remote areas where high-speed alternatives are not available or are too costly. The majority of mobile broadband users include users of 3G or third generation hand-held computing devices like the iPhone or Blackberry.
Below is an example of wireless modems and broadband router. The router can be used only for a specific provider, Sprint in this case, and uses either a PC Card or USB wireless modem. The type of modem and service subscription determines the speed of the Internet connection. This broadband router can be used as a primary way to connect your network to the Internet. Or it can be used as a backup connection incase the primary ISP service is unavailable.
The majority of ISPs that provide satellite service are companies that are dedicated to providing Internet access. Some providers of satellite based television content can provide Internet access. Satellite Internet service permits connectivity to virtually anyone anywhere on the planet. The service is based on broadcasting data to a satellite and the satellite forwards the data to its destination. A small ½ meter satellite dish is located at the subscriber's home or business. The satellite ISP transmits data signals to a satellite and the satellite rebroadcasts them to the subscriber.
Original implementations of satellite Internet service required that an analog modem be used to send requests to the Internet. This resulted in great dissatisfaction with subscribers because the telephone line was in use during the Internet session. The technology evolved to where a request for Internet content can be broadcast from the subscriber's satellite dish to the satellite.
The method used to connect the satellite to the network is similar to the method used by cable companies. A satellite modem is used to bridge the connection between the RG-6 coax cable from the dish and the RJ-45 private network router. Subscribers can expect approximately 512Kbit/s download and 64Kbit/s upload speeds. Subscribers are charged a monthly fee plus a fee that is based on the amount of data that is transmitted. In some instances when the amount of downloads is determined by the ISP as being excessive, the download speed can be reduced. Satellite Internet service is used in extreme rural areas where access to other high speed options are not available. The following is an example of a satellite connection.
We recommend subscribing to FiOS if it is available. Otherwise, select an ISP that is cost efficient, provides uninterrupted service, and upload and download speeds that are suitable to your needs.
An ISP Risk Assessment Guide is attached to this blog. The guide helps to identify threats or vulnerabilities and methods to prevent or mitigate them. The Threat and Risk Assessment Worksheet can be used to document threat areas that apply to your environment.
This concludes Part 3 of Securing Your WHS & Network. We hope that this information helps to identify criteria that can be used to compare ISP service offerings. Speed, cost, functionality, and reliability become important factors as the WHS is used to expand your reach to the Internet.
Part 4 of Securing Your WHS & Network starts a very detailed analysis of the network topologies and devices as they relate to the identification and management of threats and vulnerabilities. It relies on the basic understanding that we have presented in Parts 1 through 3. We expand the risk analysis worksheet that has been presented so far.
In the meantime, we invite your comments and to participate in a discussion in response to this blog.
My friends call me paranoid but I am really enjoying your blog posts. I feel as if we just got our tools set aside and we are about to get our hands on the good stuff.
You are corrrect. Parts 1 - 3 are needed to provide the background for the rest of the series.
Stay tuned. There are a total of 17 parts to this series.
This blog is really great. Thank you
Do you guys not have 4G wireless? only 3G I guess?
4G is the next logical step and wireless will continue to evolve as an alternative to "wired" ISP services. Are you using 4G?
Tele2 Sweden my telephone service provider is already testing 4G in my area. My current equipment does not support it but they will be sending new phones and IPv6 support. Wide spread usage is expected by 2010 and another company Telenor Sweden is working on it too. I think the U.S.A. is too big and slow to move to 4G fast? Sweden is tiny and it's easy.