Computer Networks Group Presentation_2
-
Upload
authenticv3 -
Category
Documents
-
view
224 -
download
0
Transcript of Computer Networks Group Presentation_2
-
7/31/2019 Computer Networks Group Presentation_2
1/43
Year 02 - Semester 01
-
7/31/2019 Computer Networks Group Presentation_2
2/43
Dinushka W.A.J.S. Kulatunga K.M.M. Pathirana A.P.P.M. Bandaranayake W.M.H.
Uyangoda A.I. Senarathne S.A.D.P. Jayasinghe M.R. Amarasinghe R.W.H.R. Samarasinghe K.G.
-
7/31/2019 Computer Networks Group Presentation_2
3/43
CONTENT
Site details Need for a network
Firewalls
Network overview
Mobitel firewall structure
Virtual Switching system
Connecting Over Internet
Mobitel WAN
-
7/31/2019 Computer Networks Group Presentation_2
4/43
CONTENT CONT.
MAN Varieties of MAN
MPLS
Cables and devices Level structure
Vulnerabilities and suggestions
-
7/31/2019 Computer Networks Group Presentation_2
5/43
SITE DETAILS
Location : Sri Lanka Mobitel Telecom (Pvt.) Ltd. Guidance Officer : Mr. Saman Perera
Address: Department Of Information System,
Sri Lanka Telecom Mobitel,Colombo 02.
-
7/31/2019 Computer Networks Group Presentation_2
6/43
WHY DOES MOBITEL NEED A
NETWORKING SYSTEM?
Billing
Internet Service Provision
Managing Service Providers
Railway Ticketing
Other Services
-
7/31/2019 Computer Networks Group Presentation_2
7/43
PROVIDE DIFFERENT USERS
DIFFERENT PRIVILEGES
Mobitel Branches
Data centers
Service providers
-
7/31/2019 Computer Networks Group Presentation_2
8/43
-
7/31/2019 Computer Networks Group Presentation_2
9/43
FIRE WALLS CONT.
Many personalcomputer operating systems includesoftware-based firewalls to protect againstthreats from the public Internet.Many routers that pass data between
networks contain firewall components and,conversely, many firewalls can performbasic routing functions.
Example : firewall system in windows
-
7/31/2019 Computer Networks Group Presentation_2
10/43
FIRST GENERATION: PACKET FILTER
Packet filters act by inspecting the "packets"which transfer between computers on theInternet
It stores no information on connection "state It filters each packet based only on information
contained in the packet itself Packet filtering firewalls work mainly on the
first three layers of the OSI (which means mostof the work is done between the network andphysical layers)
-
7/31/2019 Computer Networks Group Presentation_2
11/43
SECOND GENERATION:
"STATEFUL" FILTERS
Operate up to layer 4
It records all connections passingthrough it determines whether a packetis the start of a new connection, a partof an existing connection, or not part ofany connection
-
7/31/2019 Computer Networks Group Presentation_2
12/43
THIRD GENERATION: APPLICATION
LAYER
The key benefit of application layer filtering is that itcan "understand" certain applications and protocols(such as File Transfer Protocol, DNS, or webbrowsing), and it can detect if an unwanted protocolis sneaking through on a non-standard port or if aprotocol is being abused in any harmful way.
The existing deep packet inspection functionality ofmodern firewalls can be shared by Intrusion-
prevention Systems (IPS).
-
7/31/2019 Computer Networks Group Presentation_2
13/43
DIFFERENT TYPES OF FIREWALLS
Network layer or packet filters G1 Application-layer Proxies
-responding to input packets(connection requests, for example) in themanner of an application, while blocking otherpackets.
Network address translation-Hiding the addresses of protected
devices
-
7/31/2019 Computer Networks Group Presentation_2
14/43
MOBITEL NETWORK OVERVIEW
-
7/31/2019 Computer Networks Group Presentation_2
15/43
FIREWALLS
-
7/31/2019 Computer Networks Group Presentation_2
16/43
PERIMETER FIREWALL
Secondary Firewall
-
7/31/2019 Computer Networks Group Presentation_2
17/43
DUTIES OF PRIMARY FIREWALL
Layer 2 firewall (network layer firewall) 8 direct connections are used in this
firewall
Connection 3 and 4 for mobitel.lk users
Service providers are connected into thisfirewall
Railway ticketing system also
functioning through this
-
7/31/2019 Computer Networks Group Presentation_2
18/43
SECONDARY FIREWALL
Perimeter Firewall
-
7/31/2019 Computer Networks Group Presentation_2
19/43
SECONDARY FIREWALL CONT.
All data processing systems and WAN
Intranet
Internet users Billing processes
-
7/31/2019 Computer Networks Group Presentation_2
20/43
VIRTUAL SWITCHING SYSTEM
-
7/31/2019 Computer Networks Group Presentation_2
21/43
VIRTUAL SWITCHING SYSTEM C
Two equipment system
Directs the network traffic
Hundreds of servers reserved
-
7/31/2019 Computer Networks Group Presentation_2
22/43
CONNECTING A PARTNER OVE
INTERNET INTO THE SYSTEM
The partner connects into the firewall.
Firewall decides the privileges that are
given to partners.
With those privileges they are allowed toaccess relevant information
-
7/31/2019 Computer Networks Group Presentation_2
23/43
MOBITEL WAN
MOBITEL WIDE AREA
-
7/31/2019 Computer Networks Group Presentation_2
24/43
MOBITEL WIDE AREA
NETWORK Consists a Metro Ethernet Network
10GHz bandwidth
128 Kbps to 2 Mbps speed
MRTG to monitor
-
7/31/2019 Computer Networks Group Presentation_2
25/43
-
7/31/2019 Computer Networks Group Presentation_2
26/43
METROPOLITAN AREA
-
7/31/2019 Computer Networks Group Presentation_2
27/43
METROPOLITAN AREA
A region consisting of a densely populatedurban core and its less-populatedsurrounding territories
E.g. : Perth, Paris, Mumbai
-
7/31/2019 Computer Networks Group Presentation_2
28/43
METRO ETHERNET
A computer network that coversa metropolitan area
Mobitel use Metro Ethernet to connectbranch offices to their Intranet
-
7/31/2019 Computer Networks Group Presentation_2
29/43
WHY ETHERNET
Less expensivethan SONET/SDH or PDH interface of thesame bandwidth
Supports high bandwidths with finegranularity
Easily connected to the customer networks
-
7/31/2019 Computer Networks Group Presentation_2
30/43
MAN VARIETIES
Pure Ethernet MAN
Uses only layer 2 switches
Simple and cheap design
-
7/31/2019 Computer Networks Group Presentation_2
31/43
PURE ETHERNET MAN
Fragile Less stable
Higher recovery time(SPT)
Traffic engineering is very limited
SONET/SDH BASED ETHERNET
-
7/31/2019 Computer Networks Group Presentation_2
32/43
SONET/SDH-BASED ETHERNET
MANS
Intermediate technology
High level of reliability
Lesser recover time Expensive
-
7/31/2019 Computer Networks Group Presentation_2
33/43
MPLS
MPLS MULTIPROTOCOL LABEL
-
7/31/2019 Computer Networks Group Presentation_2
34/43
MPLS - MULTIPROTOCOL LABEL
SWITCHING
Directs data from one network node tothe next based on short path labelsrather than long network addresses,avoiding complex lookups in a routingtable
-
7/31/2019 Computer Networks Group Presentation_2
35/43
MPLS
Data packets are assigned labels Traffic directs using this label
This allows one to create end-to-endcircuits across any type of transport
medium Layer 2.5 protocol
MPLS works in conjunction with IP and
its routing protocols
-
7/31/2019 Computer Networks Group Presentation_2
36/43
FRAME RELAY VS. MPLS
Cheaper Use Excessive BM
Higher network managing cost
Less manageable
-
7/31/2019 Computer Networks Group Presentation_2
37/43
MPLS-BASED ETHERNET MANS
-
7/31/2019 Computer Networks Group Presentation_2
38/43
CABLES & DEVICES
USAGE OF CABLES
-
7/31/2019 Computer Networks Group Presentation_2
39/43
USAGE OF CABLES
Almost every connection is Fiber Opticsbased connections
For internal communicational purposesUTP cables are used
Fiber used are Multimode Graded indexfiber
Single mode fiber is used tocommunicate with SLT
DEVICES
-
7/31/2019 Computer Networks Group Presentation_2
40/43
DEVICES
CISCO
SUN
LEVEL STRUCTURE
-
7/31/2019 Computer Networks Group Presentation_2
41/43
Level 6Level 5
Level 4
Level 3Level 2
Level 1
Basement
Servers & Hardware
Customer Care
Power Management
LEVEL STRUCTURE
VULNERABILITIES AND
-
7/31/2019 Computer Networks Group Presentation_2
42/43
VULNERABILITIES AND
SUGGESTIONS
Connection with SLT
Receiving data from SLT
Use ASIC, TCAM and CAM-basedswitching for MPLS
Replace perimeter firewall
-
7/31/2019 Computer Networks Group Presentation_2
43/43
THANK YOU