CHP5 last Part

1
CHP-5 last Part

• PBX

2
Private Branch Exchanges

• A PBX is just a privately owned, smaller version
  but similar in function to a public exchange.
• A PBX is exclusively used by the organization and
  physically located on the organizations
  premises.
• Provides an interface between users and the
  shared network (PSTN).
• Additional services offered by a PBX allow users
  to use their phones more efficiently and
  effectively.
• Medium to large organizations can save a lot of
  money by using a PBX.

3
PBX Architecture

• PBX overall functionality and added features are
  controlled by software programs running on
  specialized computers within the PBX area
  sometimes referred to as the PBX CPU, stored
  program control, or common control area.
• User phones are connected to PBX via slide-in
  modules or cards known as line cards, port cards,
  or station cards.
• Connection of PBX to outside world is
  accomplished via Trunk cards.
• Starting with an open chassis or cabinet with
  power supply and backbone, cards can be added to
  increase PBX capacity either for the user
  extensions or outside connections.
• Additional cabinets can be cascaded for
  expandability.

4
PBX Physical Architecture
5
PBX Technology Analysis

• PBX features and services tend to fall into three
  categories
• provide users with flexible usage of PBX
  resources.
• provide for data/ voice integration.
• control and monitor the use of those PBX
  resources.

6
1. Flexible Usage - Voice Based Features and
Services

• Common features Conference calling, Call
  forwarding /divert, Redialing, Call transfer,
  Speed dialing, Call hold, Hunting, etc.
• Least Cost Routing Selecting lowest price long
  distance carriers.
• Automatic Call distribution Incoming calls are
  routed directly to certain extensions without
  going through a central switchboard.
• Call pickup Allows a user to pickup or answer
  another users phone without forwarding.
• Paging Ability to use paging speakers in a
  building.

7
2. Data/Voice Integration Features and Services

• Data is transmitted either
• through the PBX via a dedicated connection OR
• a hybrid voice/data phone is used to transmit
  both voice and data simultaneously over a single
  connection.
• Features
• ISDN (Integrated Services Digital Network)
  support, T-1 / E-1 interfaces support (codecs
  included or not), Data interfaces, modem pooling,
  printer sharing, file sharing, video
  conferencing, etc.

8
3. Control and Monitoring Features and Services

• Basic (e.g.)
• Limiting access to outside lines from certain
  extensions.
• Advanced
• Call accounting system program run on a separate
  PC directly connected to the PBX.
• Process within the PBX known as Station Message
  Detail Recording (SMDR) where an individual
  detail record is generated for each call.
• Used for spotting abuse, both incoming and
  outgoing calls can be tracked.
• Allocating phone usage on a departmental basis.

9
Call Accounting Systems Installation
10
Auxiliary Voice Related Services

• Auxiliary add-on device that provides the
  following services
• Automated attendant
• Voice mail
• Voice response units (VRU), e.g., Interactive
  voice response (IVR).
• Voice processor e.g. speech recognition
• Voice server a LAN based server that stores, and
  delivers digitized voice messages. Used with
  voice mail system.
• Music / ads on hold

11
Computer Telephony Integration (CTI)

• CTI seeks to integrate the computer and the
  telephone to enable increased productivity not
  otherwise possible by using the two devices in a
  non-integrated fashion.
• CTI is not a single application, but an
  ever-widening array of possibilities spawned by
  the integration of telephony and computing.

12
Computer Telephony Integration (CTI)

• CTI attempts to integrate the two most common
  productivity devices, the phone and the computer
  to increase productivity.
• Examples of the integration
• Call control allows users to control their
  telephone functions through their computer,
  on-line phone books, on-line display and
  processing of voice mail.
• Interactive Voice Response E.g., IVR systems
  used by banks, carriers, etc.
• Unified massages Voice mail, e-mail, faxes,
  pager messages to be displayed on a single
  graphical screen. Then can be forwarded, replied,
  deleted, etc.

13
CTI Architectures

• CTI is commonly implemented in one of the
  following three architectures
• PBX-to-host interfaces (Integration of PBX with
  mainframe, minicomputers, etc. for call center
  and office automation applications)
• Desktop CTI
• Client/server CTI

14
C T I Architecture 1 - PBX to host interfaces
3270 emulation is a communications standard that
allows a remote terminal such as a Windows, or
Mac OS to communicate with an IBM or
IBM-compatible mainframe. 3270 emulation allows
full access to mainframe applications.
15
C T I Architecture2 - Desktop CTI
16
C T I Architecture 3 - Client/Server C T I
17
Chapter 6

• Wide Area Networking Concepts, Architectures, and
  Services

18
Objectives

• Study WAN switching Circuit and Packet switching
• Study the concepts of different WAN transmissions
  and services
• Local Loop transmissions alternatives
• POTS
• ISDN
• ADSL (xDSL)
• Cable TV
• WAN architecture and services
• X.25
• Frame Relay
• SMDS
• ATM (cell-relay ATM)
• Broadband ISDN

19
Basic Principles of WAN

• Technical concepts the two basic principles
  involved in sharing a single data link among
  multiple sessions are
• Packetizing the segmenting of data transmission
  between devices into structured blocks or packets
  of data.
• Multiplexing takes packetized data from
  multiple sources and sends over a single wide
  area connection.

20
A. Dedicated Multiple Wide Area System-to-System
Connections

• Dedicated point to point connections

21
B. Single Wide Area Link Shared to Provide
Multiple System-to-System Connections

• Single shared WAN link

22
Broadband Transmission

• T-1
• SONET (Synchronous Optical NETwork)

23
T-1

• It is the standard high capacity digital
  transmission service in America ? 1.544 Mbps
• In other parts of the world the standard is E-1 ?
  2.048 Mbps
• T-1 is divided into twenty four 64K channels.
  Each of which is known as DS-0. Some may be used
  for voice and some for data.
• Each channel consists of group of 8-bits known as
  time slot. Each time slot represents one voice
  sample or a byte of data to be transmitted.

24
SONET (Synchronous Optical Network)

• SONET is an optical transmission service
  delivering multiple channels of data from various
  sources using periodic framing or TDM.
• Much like T-1 service, but with higher capacity
  due to the following
• uses fiber optics.
• uses slightly different framing technique.
• SONET in North America, SDH (Synchronous Digital
  Hierarchy) in the rest of the world. SDH is
  growing in popularity and is currently the main
  concern with SONET now being considered as the
  variation.

25
SONET's OC (Optical Carrier) Standards
Digital Service
Transmission Rate
Level
OC-1
51.84
Mbps
OC-3
155.52
Mbps
OC-9
466.56
Mbps
OC-12
622.08
Mbps
OC-18
933.12
Mbps
SONET/SDH card
OC-24
1.244
Gbps
OC-36
1.866
Gbps
OC-48
2.488
Gbps
26
Switched Network Services Hierarchy
27
X.25

• A popular standard for packet-switching networks.
  The X.25 standard was approved by the CCITT (now
  the ITU) in 1976 (30 yrs).
• It defines the interface between Data Terminal
  Equipment (DTE) and any packet-switched network.
• It is a layer 3 protocol stack OSI Reference
  Model. The aim is to produce packets in a
  standard format acceptable by any X.25 compliant
  public network.
• It provides transparency to other upper 4-7
  layers.

28
Error Detection and Correction

• X.25 and Frame Relay use CRC for error detection
  on point-to-point basis.
• While X.25 uses Discrete ARQ for error
  correction Frame Relay does not use
  point-to-point error correction, it simply
  discards the frame.
• By removing this point-to-point overhead, Frame
  Relay can offer speeds of T-1 and T-3 while X.25
  is limited to 9.6 Kbps.

29
ATM can be WAN technology

• Asynchronous Transfer Mode (ATM) is a cell relay
  (or switching) architecture and standard.
• Fast Packet Switching methodology
• A fixed packet size (cell) makes fast switching
  possible, and makes it different from Frame Relay
• ATM is well suited to data, voice, and digital
  video transmissions, because of predictable
  delivery time.
• ATM standards are still emerging, so many
  incompatibilities currently exist.

30
Chapter 12

• Network Security

31
Business Impact

• Impact on business when network security is
  violated by on-line thieves ?
• According to federal law enforcement estimates in
  USA, more than 10 billion worth of data is
  stolen annually in the US only.
• In a single incident, 60,000 credit and calling
  card numbers were stolen.
• 50 of computer crimes are committed by a
  companys current or ex-employees.

32
Security Policy Development Life Cycle

• A method for the development of a comprehensive
  network security policy is known as SPDLC.

33
Identification of Business-related security issues

• Security requirement assessment.
• What do we have to lose?
• What do we have worth stealing?
• Where are the security holes in our business
  processes?
• How much can we afford to lose?
• How much can we afford to spend on network
  security?

34
Security vs. Productivity Balance
35
Security vs. Productivity Balance
36
Security vs. Productivity Balance
37
Security vs. Productivity Balance

• How to define the balance between security and
  productivity?
• Identify assets
• Identify threats
• Identify vulnerabilities
• Consider the risks
• Identify risk domains
• Take protective measures

38
Data/Information Classification

• Unclassified/Public
• Information having no restrictions as to storage,
  transmission, or distribution.
• Sensitive
• Information whose release could not cause damage
  to corporation but could cause potential
  embarrassment or measurable harm to individuals,
  e.g. salaries benefits of employees.
• Confidential
• Information whose release could cause measurable
  damage to the corporation, e.g. corporate
  strategic plans, contracts.

39
Data/Information Classification

• Secret
• Information whose release could cause serious
  damage to a corporation. E.g., trade secrets,
  engineering diagrams, etc.
• Top secret
• Information whose release could cause severe or
  permanent damage. Release of such information
  could literally put a company out of business.
  Secret formulas for key products would be
  considered top secret.

40
Protective measures

• There might exist multiple vulnerabilities
  (paths) between a given asset and a given threat
• So multiple protective measures need to be
  established between given threat/asset
  combinations
• Major categories of potential protective measures
• Virus protection
• Firewalls
• Authentication
• Encryption
• Intrusion Detection

41
Virus Protection

• Virus protection is often the first area of
  network security addressed by individuals or
  corporations.
• A comprehensive virus protection plan must
  combine policy, people, processes, and technology
  to be effective.
• Too often, virus protection is thought to be a
  technology-based quick fix.

42
Virus Protection

• Most common microcomputer security violation.
• 90 of the organizations surveyed with 500 or
  more PCs experience at least one virus incident
  per month.
• Complete recovery from a virus infections costs
  and average of 8300 and over a period of 22
  working days.
• In Jan 1998, there were over 16,000 known
  viruses, with as many as 200 new viruses
  appearing per month.

43
Virus Categories

• Virus symptoms, methods of infection, and
  outbreak mechanisms can vary widely, but all
  viruses share a few common behaviors.
• Most viruses work by infecting other legitimate
  programs and causing them to become destructive
  or disrupt the system.
• Most viruses use some type of replication method
  to get the virus to spread and infect other
  programs, systems, or networks.
• Most viruses need some sort of trigger or
  activation mechanism to set them off. Viruses may
  remain dormant and undetected for long periods.

44
Virus Categories

• Some viruses have a delayed action, which is
  sometimes called a bomb. E.g., a virus might
  display a message on a specific day or wait until
  it has infected a certain number of hosts.
• Two main types
• Time bombs A time bomb occurs during a
  particular date or time.
• Logic bombs A logic bomb occurs when the user of
  a computer takes an action that triggers the
  bomb. E.g., run a file, etc.

45
AS Antivirus Technology

• Virus Scanning is the primary method for
  successful detection and removal.
• Software most often works off a library of known
  viruses.
• Purchase antivirus software which updates virus
  signatures at least twice per month.
• Typically, vendors update virus signatures files
  every 4 hours, with hourly updates expected in
  near future.

46
Firewalls

• When a company links to the Internet, a two-way
  access point, out of as well as into that
  companys confidential information is created.
• To prevent unauthorized access from the Internet
  to companys confidential data, firewall is
  deployed.
• Firewall runs on dedicated server that is
  connected to, but outside of, the corporate
  network.
• All network packets are filtered/examined for
  authorized access.
• Firewall provides a layer of isolation between
  inside network and the outside network.

47
Firewalls

• Does it provide full protection? No !!
• Dial-up modems access remains uncontrolled or
  unmonitored.
• Incorrectly implemented firewalls may introduce
  new loop-holes.

48
Firewall Architectures

• No standards for firewall functionality,
  architectures, or interoperability.
• As a result, user must be especially aware of how
  firewalls work to evaluate potential firewall
  technology purchase.
• Three architectures
• Packet Filtering
• Application Gateways
• Circuit-level Gateways
• Internal Firewalls