DOCSLIB.ORG

8.1. Network Location Profile

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

8.1. Network Location Profile A network location profile is a classification assigned to a network connection that identifies the connection type. Security settings, firewall settings, and enabled services can then be automatically configured on the connection based on the profile (or location) type. Both Windows Vista/7/10 and Windows Server 2008/2012/2016 support network profiles. The following table lists the network profile types. Location Description The Domain network location is used automatically when the Domain computer is connected to an Active Directory domain. Security settings are controlled through Group Policy. A Public network is an untrusted network (such as when you are in an airport or library). Default settings keep your computer from being visible (Network Discovery is turned off) or sharing files. When connecting to a public network, consider the following: To avoid viruses, malicious hackers, and unwanted software, you should have up‐to‐date firewall and antivirus software installed Public and running on your computer. When you connect to an unsecured wireless network, all that you do on the Internet can be monitored by someone with the correct equipment, including: o Web sites you visit. o Online documents you work on. o Usernames and passwords you use. A Private network is a trusted local area network, such as a home or office network. Network Discovery is enabled by default. Even in a Private private network situation you should have up‐to‐date firewall and antivirus software enabled on your computer. Windows automatically assigns the profile type for a connection, and you can manually specify the profile or control it through the local security policy or Group Policy. Configure profile settings manually for a connection through the Network and Sharing Center. Enforce settings in the local security policy or Group Policy through settings in the Network List Manager Policies. o Use the Identifying Networks setting to identify which profile is assigned to a connection while the operating system is still trying to classify the connection type. For example, you can apply Private or Public network settings to these networks until a classification has been assigned by Windows. o Use the Unidentified Networks setting to configure the location type to use when a network cannot be automatically classified. o Use the All Networks setting to configure whether users can manually change the network name, location designation, or network icon. o In addition to these global settings, each known network (such as a domain) will have an entry. You can control the name, and whether users can modify the name or the icon. © Sergey Gorokhod MCT/MCSE/MCITP/MCTS/MCSA/CCSE/CCSA/CCNA/A+® E‐mail: [email protected] Mob: (+972) 526848757 8.2. Wireless LAN Configuration When implementing a wireless LAN, you have two choices for designing the network topology: Configuration Description An infrastructure wireless network employs an access point (AP), also referred to as a wireless access point (WAP), that functions like a hub on an Ethernet network. With an infrastructure network: The network uses a physical star topology. You can easily add hosts without increasing administrative Infrastructure efforts (scalable). The AP can be easily connected to a wired network, allowing clients to access both wired and wireless hosts. The placement and configuration of APs require planning to implement effectively. You should implement an infrastructure network for all but the smallest of wireless networks. An ad hoc network works in peer‐to‐peer mode without an AP. Instead, the wireless NICs in each host communicate directly with one another. An ad hoc network: Uses a physical mesh topology. Ad Hoc Is cheap and easy to set up. Cannot handle more than four hosts. Requires special modifications to reach wired networks. You will typically only use an ad hoc network to create a direct, temporary connection between two hosts. You should be aware of the following identifiers used with wireless networks: Identifier Description The Service Set Identifier (SSID), also called the network name, groups wireless devices together into the same logical network. Service Set All devices on the same network must have the same SSID. Identifier Configure both the access point and each client computer (SSID) with the same SSID. The SSID is a 32‐bit value that is inserted into each frame. The Basic Service Set Identifier (BSSID) is a 48‐bit value that identifies an access point (AP) in an infrastructure network or a Basic Service host in an ad hoc network. The BSSID allows devices to find a Set Identifier specific AP on a network with multiple access points, and is used (BSSID) by computers to keep track of APs when roaming on a network with multiple access points. Most wireless networks can transmit on one of multiple channels. When configuring the channel: On the AP, accept the default channel or change it to one of your choice. Choose a channel that is not used by any other wireless transmitting devices (such as phones or other APs). When configuring multiple APs on a network, configure each AP to use a different channel but with the same SSID (Service Set Identifier). On the NIC, the channel is typically detected automatically and is configured to match the channel used by the AP. On some NICs you can also set the channel to a specific channel. When doing so, use the same channel on which the AP transmits. © Sergey Gorokhod MCT/MCSE/MCITP/MCTS/MCSA/CCSE/CCSA/CCNA/A+® E‐mail: [email protected] Mob: (+972) 526848757 8.3. Wireless Security Authentication on a wireless network is provided by one of the following methods. Method Description Open authentication requires that clients provide a MAC address to connect to the wireless network. Access can be controlled on a limited Open basis by performing MAC address filtering where devices whose addresses are listed can connect. Because MAC addresses are easily spoofed, this provides little practical security. Shared secret authentication, also called pre‐shared key Shared authentication, configures clients and access points with a shared key secret (or password). Only devices with the correct shared key can connect to the wireless network. 802.1x is an authentication standard for wired Ethernet networks that allows for user authentication. The 802.1x standards have been adapted for use in wireless networks to provide secure authentication. 802.1x authentication requires the following components: A RADIUS server to centralize user account and authentication information. A centralized database for user authentication is required to allow wireless clients to roam between cells but authenticate using the same account information. A PKI for issuing certificates. At a minimum, the RADIUS server 802.1x must have a server certificate. To support mutual authentication, each client must also have a certificate. 802.1x supports Extensible Authentication Protocols (EAP) that allow for a wide range of authentication options including: MD5 TLS (uses certificates for client authentication) MS‐CHAP v2 (uses passwords for client authentication) PEAP (Protected EAP) LEAP TTLS Note: When using PEAP, choose PEAP‐EAP‐TLS to use certificates, and PEAP‐EAP‐MSCHAP to use usernames and passwords for authentication. Security for wireless networking is provided from the following implementations: Method Description WEP is an optional component of the 802.11 specifications. WEP was designed to provide wireless connections with the same security as cable connections. WEP: Uses Rivest Cipher 4 (RC4) with a 40‐bit key and 24‐bit initialization vector (IV) for encryption. (Most implementations now use a 104‐bit key.) Uses CRC‐32 for data integrity applied to the data only (not the header). Supports open, shared key, and (recently) 802.1x authentication. Note: When configured for shared key authentication, WEP uses the WEP key as the shared secret. Wired Requires that keys be manually configured on each device. Equivalent Privacy (WEP) WEP has the following weaknesses: CRC‐32 is susceptible to bit‐flipping attacks, where modifications in the frame result in the same hash value. It uses a weak implementation of RC4 encryption. The short initialization vector results in quick reuse of the initialization vector. This allows hackers to easily crack the key. It is vulnerable to replay attacks. Using the WEP key for shared secret authentication exposes the shared key to attack, effectively decreasing the security of WEP. (Ironically, open authentication with WEP is more secure than shared key authentication.) WPA is the implementation name for wireless security based on initial 802.11i drafts. It was intended as an intermediate measure to take the place of WEP while a fully secured system named 802.11i (WPA2) was prepared. WPA: Uses the Temporal Key Integrity Protocol (TKIP) protocol. Uses RC4 with a 128‐bit key and a 48‐bit initialization vector (IV) for encryption. Uses the Message Integrity Check (MIC) algorithm (also called Michael) for data integrity applied to both the data and the header. Supports both Pre‐Shared Key (referred to as WPA‐PSK or WPA Personal) and 802.1x (referred to as WPA Enterprise) Wi‐Fi authentication. (Use WPA‐Personal for home or small Protected office networks that do not have a domain controller, Access (WPA) RADIUS server, or PKI required by 802.1x authentication. Use WPA when you have a domain controller and a RADIUS server that is a domain member.) Was designed such that it could be implemented on most existing wireless hardware through a firmware update. WPA attempts to address the weaknesses of WEP in the following ways: Encryption key and initialization vectors were increased. TKIP provides for dynamic key rotation which also helps protect against IV reuse. IVs are sequenced to prevent against replay attacks. WPA2 is the implementation name for wireless security that adheres to the 802.11i specifications.
Recommended publications
  • Lab Report: 7.1.6 Configure Windows Defender

    Lab Report: 7.1.6 Configure Windows Defender

    Lab Report: 7.1.6 Configure Windows Defender Your Performance Your Score: 0 of 6 (0%) Pass Status: Not Passed Elapsed Time: 12 seconds Required Score: 100% Task Summary Perform a full scan once per week Hide Details Perform the scan on Saturday Perform the scan at midnight (12:00 am) Perform a full system scan Check for updates before scanning Configure default actions to take Hide Details Remove severe alert items Remove high alert items Remove medium alert items Allow low alert items Apply recommended actions to items detected during a scan Configure advanced options Hide Details Scan email Scan removable drives Display items from all users of this computer Perform a quick scan Explanation In this lab, your task is to configure Windows Defender as follows: Automatic scanning setting: Frequency: Saturday Approximate time: 12:00 am Type: Full scan (A quick scan checks the areas of the computer that spyware is likely to affect, and a full scan checks all files and programs on the computer) Check for updated definitions before scanning: Enabled Default actions settings: Severe alert items: Remove High alert items: Remove Medium alert items: Remove Low alert items: Allow Apply recommended actions: Enabled Advanced settings: Scan email: Enabled Scan removable drives: Enabled Administrator settings: Display items from all users of this computer: Enabled Complete this lab as follows: 1. Right-click Start > Control Panel. 2. In the top right corner under View by, select Small icons from the drop-down list. 3. Select Windows Defender. 4. Select Tools. 5. Under Settings, select Options. 6. Make sure Automatically scan my computer (recommended) is selected to allow Windows Defender to scan the computer automatically.
  • Efficient, Dos-Resistant, Secure Key Exchange

    Efficient, Dos-Resistant, Secure Key Exchange

    Efficient, DoS-Resistant, Secure Key Exchange for Internet Protocols∗ William Aiello Steven M. Bellovin Matt Blaze AT&T Labs Research AT&T Labs Research AT&T Labs Research [email protected] [email protected] [email protected] Ran Canetti John Ioannidis Angelos D. Keromytis IBM T.J. Watson Research Center AT&T Labs Research Columbia University [email protected] [email protected] [email protected] Omer Reingold AT&T Labs Research [email protected] Categories and Subject Descriptors While it might be possible to “patch” the IKE protocol to fix C.2.0 [Security and Protection]: Key Agreement Protocols some of these problems, it may be perferable to construct a new protocol that more narrorwly addresses the requirements “from the ground up.” We set out to engineer a new key exchange protocol General Terms specifically for Internet security applications. We call our new pro- Security, Reliability, Standardization tocol “JFK,” which stands for “Just Fast Keying.” Keywords 1.1 Design Goals We seek a protocol with the following characteristics: Cryptography, Denial of Service Attacks Security: No one other than the participants may have access to ABSTRACT the generated key. We describe JFK, a new key exchange protocol, primarily designed PFS: It must approach Perfect Forward Secrecy. for use in the IP Security Architecture. It is simple, efficient, and secure; we sketch a proof of the latter property. JFK also has a Privacy: It must preserve the privacy of the initiator and/or re- number of novel engineering parameters that permit a variety of sponder, insofar as possible.
  • When Using the Wireless Function with a Windows Vista Computer 3. Computer Network Settings 1. Projector Settings 2. Computer IP

    When Using the Wireless Function with a Windows Vista Computer 3. Computer Network Settings 1. Projector Settings 2. Computer IP

    2. Computer IP address settings When using the wireless function with a Windows Vista computer 1 Select [Start] → [Network]. “Wireless Manager mobile edition 3.0”, which is stored on the CD-ROM that is provided, does not work when using the wireless function with a Windows Vista computer. “Wireless Manager mobile edition 3.0a” is a version that is compatible with Windows Vista. Use this version by downloading and installing it from the URL below. However, please be aware it will still not be possible to use the functions described below. URL: http://panasonic.co.jp/pavc/global/projector/download/ 2 Select [Network and Sharing Center]. Functions that cannot be used: • Easy wireless set up (automatic set up of the wireless network) • Sound transmission • Wireless prompter (secondary display transmission) • Selective area transmission • Check with your system administrator before performing the network settings with the procedures below. Select [Manage network connections]. If network settings have already been made for using the computer in a wireless 3 environment for a different purpose, and after changing the settings as described in these instructions you want to go back to using the computer for the original purpose, then remember to return the network settings to their previous condition. • See “Wireless Function Edition”, the Operating Instructions in the provided CD-ROM, for details on the projector network settings and the wireless function. 1. Projector settings 4 Right click the mouse and open the Select [MENU] → [WIRELESS] → [NETWORK], and change to [USER1]. Wireless Network Connection Properties. Default settings of USER1 DHCP OFF IP ADDRESS 192.168.10.100 SUBNETMASK 255.255.255.0 SSID Panasonic Projector MODE ADHOC Enter [TCP/IPv4] as the setting and press 5 [OK].
  • Network Access Control and Cloud Security

    Network Access Control and Cloud Security

    Network Access Control and Cloud Security Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-17/ Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 16-1 Overview 1. Network Access Control (NAC) 2. RADIUS 3. Extensible Authentication Protocol (EAP) 4. EAP over LAN (EAPOL) 5. 802.1X 6. Cloud Security These slides are based partly on Lawrie Brown’s slides supplied with William Stallings’s book “Cryptography and Network Security: Principles and Practice,” 7th Ed, 2017. Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 16-2 Network Access Control (NAC) AAA: Authentication: Is the user legit? Supplicant Authenticator Authentication Server Authorization: What is he allowed to do? Accounting: Keep track of usage Components: Supplicant: User Authenticator: Network edge device Authentication Server: Remote Access Server (RAS) or Policy Server Backend policy and access control Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 16-3 Network Access Enforcement Methods IEEE 802.1X used in Ethernet, WiFi Firewall DHCP Management VPN VLANs Washington University in St. Louis http://www.cse.wustl.edu/~jain/cse571-17/ ©2017 Raj Jain 16-4 RADIUS Remote Authentication Dial-In User Service Central point for Authorization, Accounting, and Auditing data ⇒ AAA server Network Access servers get authentication info from RADIUS servers Allows RADIUS Proxy Servers ⇒ ISP roaming alliances Uses UDP: In case of server failure, the request must be re-sent to backup ⇒ Application level retransmission required TCP takes too long to indicate failure Proxy RADIUS RADIUS Network Remote Access User Customer Access ISP Net Server Network Server Ref: http://en.wikipedia.org/wiki/RADIUS Washington University in St.
  • Application Notes for Avaya IP Office Telephony Infrastructure in A

    Application Notes for Avaya IP Office Telephony Infrastructure in A

    Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office Telephony Infrastructure in a Converged VoIP and Data Network using Hewlett Packard Networking Switches configured with 802.1X Authentication - Issue 1.0 Abstract The IEEE 802.1X standard defines a client-server based network access control (NAC) and authentication protocol that restricts unauthorized clients from connecting to a Local Area Network (LAN) through publicly accessible ports. 802.1X provides a means of authenticating and authorizing users attached to a LAN port and of preventing access to that port in cases where the authentication process fails. Hewlett Packard (HP) Networking switches support 802.1X as authenticators and Avaya IP Telephones support 802.1X as supplicants. These Application Notes provides the steps necessary to configure 802.1X on the HP Networking switches for an Avaya IP Telephone with an attached PC. Linux FreeRADIUS is used as the authentication server. Information in these Application Notes has been obtained through DevConnect compliance testing and additional technical discussions. Testing was conducted via the DevConnect Program at the Avaya Solution and Interoperability Test Lab. RDC; Reviewed: Solution & Interoperability Test Lab Application Notes 1 of 21 SPOC 10/18/2012 ©2012 Avaya Inc. All Rights Reserved. HP_IPO80_8021X 1. Introduction The 802.1X protocol is an IEEE standard for media-level network access control (NAC), offering the capability to permit or deny network connectivity, control LAN access, and apply traffic policy, based on user or machine identity. 802.1X consists of three components (or entities): Supplicant – a port access entity (PAE) that requests access to the network.
  • Mitigating Service Account Credential Theft on Windows

    Mitigating Service Account Credential Theft on Windows

    Mitigating Service Account Credential Theft on Windows Reducing the risk of automated authentication against untrusted endpoints Version 1.0.0 Last Updated: 2014-09-16 Mitigating Service Account Credential Theft on Windows Disclaimer This document is for informational purposes only. The authors make no warranties, express, implied, or statutory as to the information in the document. This document is provided "as-is". Information and views expressed in this document, including URLs and other Internet website references, may change without notice. You bear the risk of using it. This document is provided under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Authors HD Moore Joe Bialek Ashwath Murthy Rapid7 Microsoft Palo Alto Networks Contents Executive Summary ................................................................................................................................................................ 1 Introduction ............................................................................................................................................................................ 2 Attacks .................................................................................................................................................................................... 2 Kerberos .............................................................................................................................................................................
  • Windows Server Security Best Practices

    Windows Server Security Best Practices

    Windows Server Security – Best Practices v.3.0.5 Windows Server Security Best Practices Revised – February 7, 2020 Version 2.0.0 ______________________________________________________________________________________ Page 1 of 10 Windows Server Security – Best Practices v.3.0.5 Initial Document Created by: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised by: 2019 Windows Server Security Best Practices Committee Revision Date: February 7, 2020 Version Number: 2.0.0 Acknowledgments The final release document is a collaborative work between the following committee members: Freddie Lewis Khushbu Desai Theodore McDonald Tanya Sootes Usage The ever-changing nature of information technology prevents this document from being entirely inclusive but should serve as a general guideline. This document is not intended to supersede or replace policy. Please feel free to query the Windows Server Team ([email protected]) or the Systems Administrator Group ([email protected]) for additional guidance. ______________________________________________________________________________________ Page 2 of 10 Windows Server Security – Best Practices v.3.0.5 Table of Contents Initial Document 2 Revision 2 Acknowledgments 2 Usage 2 1. Security Best Practices 5 1.1. User Environment 5 1.1.1. Server Account Control 5 1.1.2. Administrator and Equivalents 5 1.1.3. Delegating Control 5 1.1.4. Password Policy 5 1.2. File and Print Serving 5 1.2.1. Folder and NTFS Permissions 5 1.2.2. Print Management 6 1.3. Remote Access 6 1.3.1. Remote Desktop 6 1.3.2. Off-Campus Access 6 1.4. OS Configuration and Maintenance 6 1.4.1.
  • Lecture 12: Security Systems Using Public Keys 11.1 PGP 11.2 SSL/TLS 11.3 IPSEC Stallings: Ch 16,17

    Lecture 12: Security Systems Using Public Keys 11.1 PGP 11.2 SSL/TLS 11.3 IPSEC Stallings: Ch 16,17

    T-79.4501 Cryptography and Data Security Lecture 12: Security systems using public keys 11.1 PGP 11.2 SSL/TLS 11.3 IPSEC Stallings: Ch 16,17 1 Pretty Good Privacy • Email encryption program • Bottom–up approach to the distribution of trust • Each user acts as his/her own CA and signs the public keys of other users • User can accept authenticity of a public key based on recommendation by a third trusted user • RSA public key encryption used for distribution of session keys *) • Digital signatures produced by RSA or DSA signature algorithms • Hash functions are MD5 and SHA-1 • Symmetric encryption performed using IDEA in CFB mode (self- synchronising stream cipher) • Public keys held in ”Key-ring” • Revocation of public keys is a problem *) A data encryption protocol, where the data is encrypted using symmetric encryption, and the symmetric encryption key is encrypted using public key encryption, is called as ”hybrid encryption” 2 1 Secure Sockets Layer /Transport Layer Security • SSL (by Netscape) adds security to the TCP level of the Internet Protocol stack • Reliable end-to-end service. • TLS developed by IETF is basically equivalent to SSL v 3.1 Structure: SSL SSL Change SSL Handshake Cipher Spec Alert HTTP Protocol Protocol Protocol SSL Record Protocol TCP IP • Hypertext Transfer Protocol (Web client/server interaction) can operate on top of SSL (https://...) 3 SSL Record Protocol Application data fragment compressed fragment MAC added encrypted SSL record header appended 4 2 SSL Record Protocol Crypto • The MAC is similar to HMAC (indeed, an early version of HMAC) with the difference that OPAD and IPAD fields are concatenated to the key data (not xored as in HMAC).
  • Architectures for Broadband Residential IP Services Over CATV Networks Enrique J

    Architectures for Broadband Residential IP Services Over CATV Networks Enrique J

    12 Architectures for Broadband Residential IP Services Over CATV Networks Enrique J. Hernandez-Valencia, Bell Laboratories, USA Abstract The current state of the art in digital broadband access technologies to support emerging telecommunications services makes imminent the introduction of interac- tive broadband services — including data, video and the Internet — into the resi- dential market. Over the last few years, much attention has been paid to the development of media access control protocols for cable TV networks that will allow the immediate support of broadband data services as the first step toward enhanced communications services for residential users. Here we review some of the architectural options that must be carefully considered in order to deliver IP ser- vices to such users in an efficient yet flexible manner. uture residential cable data services are expected to • Support for data forwarding/routing services, including IP deliver Internet access, work-at-home applications, Address Resolution Protocol (ARP) and the Internet Con- small business access, local area network LAN-LAN trol Message Protocol (ICMP) interconnect, and LAN emulation services over cable • Host address configuration TV (CATV) networks. These services are anticipated as a • Subscription FFnatural extension to the residential consumer market of the • Security data networking capabilities in the business sector today [1]. In addition, any proposed access architecture for broad- Although related residential Internet Protocol (IP) services band residential data services will be expected to support are already being trialed in the marketplace, substantive existing IP services such as the Dynamic Host Configuration standardization efforts in this area did not materialize until Protocol [6], Domain Name System [8], IP Multicasting and quite recently.
  • System Requirements

    System Requirements

    Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files, release notes, and the latest version of the applicable user documentation, which are available from the Trend Micro website at: http://docs.trendmicro.com/en-us/enterprise/officescan.aspx Trend Micro, the Trend Micro t-ball logo, and OfficeScan are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. Copyright © 2017 Trend Micro Incorporated. All rights reserved. Release Date: October 2017 Protected by U.S. Patent No. 5,623,600; 5,889,943; 5,951,698; 6,119,165 Table of Contents Chapter 1: OfficeScan Server Installations Fresh Installations on Windows Server 2008 R2 Platforms .............................................................................................................................................................................. 1-2 Fresh Installations on Windows Server 2012 Platforms ..................................................................................................................................................................................... 1-3 Fresh Installations on Windows Server 2016 Platforms ..................................................................................................................................................................................... 1-4 Fresh Installations
  • Migrating Active Directory to Windows Server 2012 R2

    Migrating Active Directory to Windows Server 2012 R2

    Windows Server 2012 R2 Migrating Active Directory to Windows Server 2012 R2 Hands-on lab In this lab, you will complete a migration of a Windows Server 2008 R2 domain environment to Windows Server 2012 R2 with no downtime to clients. All roles currently held including FSMO, DHCP and DNS will be transferred to enable the Windows Server 2008 R2 domain controller to be retired. Produced by HynesITe, Inc. Version 1.0 12/15/2013 This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
  • Telecommunication Services Engineering Lab Roch H. Glitho

    Telecommunication Services Engineering Lab Roch H. Glitho

    Telecommunication Services Engineering Lab 1 Roch H. Glitho Telecommunication Services Engineering Lab Layering in next generation networks Services ( value-added services) also called application / services . Services (Basic service) also called call/session Transport (Below IP + IP + transport layer) also called bearer 2 Roch H. Glitho Telecommunication Services Engineering Lab Layering in next generation networks Infrastructural, application, middleware and baseware services Services NGN Resources service Service Service . management functions control functions Transport Transport s e management functions control functions c r NGN u o s transport e R Transfer functional area 3 Roch H. Glitho Telecommunication Services Engineering Lab Layering in UMTS UMTS (Universal Mobile Telecommunication Systems) - An example of 3G system: - Evolution of GSM - Use of WCDMA - Largest footprint - Another example of 3G system - Evolution of CDMA -One - Use of WCDMA, but a version incompatible with UMTS - Dwindling footprint 4 Roch H. Glitho Telecommunication Services Engineering Lab Layering in UMTS UMTS (Universal Mobile Telecommunication Systems) - UMTS transport: - TCP - IP - Below IP - WCDMA - Bandwidth (Peak rate: single digit Mbits/s – usually lower than 2) 5 Roch H. Glitho Telecommunication Services Engineering Lab Layering in UMTS UMTS (Universal Mobile Telecommunication Systems) - UMTS Service: - IP Multimedia Subsystem (IMS) - Basic service (call / session or control layer) - Value added services (value added service or service layer) - Focus