| |
|
|
|
|
|
Wide Area Network (WAN)
A WAN (Wide Area Network) is an extended network that connects multiple LANs to one another over great geographic distances.
Switched circuits connect Wide Area Network (WAN) locations on circuits that can be initiated when needed and terminated when communication is complete. This works much like a normal telephone line works for voice communication.
A Wide Area Network (WAN) Interface Card (WIC) is a card (circuit board) that fits into a router and serves as the physical interface to an access circuit connecting to the WAN.
A Wide Area Network (WAN) operates in the same way as a LAN in that WAN technology defines the frame format to be used and each computer connected to a switch is allocated a physical address that allows many WANs to use hierarchical addressing which simplifies forwarding that divides an address into two parts, one identifying the packet switch and the other the computer connected to that switch.
WAN optimization allows you to make positive business changes, like bringing your storage, backups, or servers into a central location for better control and security.
Physical security in frame relay and IP VPN service provider core node sites is similar. Service providers generally adhere to stringent physical security policies because they recognize that anyone with the right equipment and physical access to a switch or router can capture network data. At the network core, Frame Relay switches and IP VPN routers are usually housed in physically secure facilities accessible only to the service provider’s authorized technical staff.
On a Frame Relay Wide Area Network (WAN), Frame Relay Permanent Virtual Circuits (PVCs) create fixed point-to-point connections between ports that are connected to Frame Relay Access Devices (FRADs). Users have access to only their own FRADs. Frame relay customers cannot establish or change PVCs by manipulating their FRADs. Only the service provider can implement PVCs. PVCs are created between Data Link Connection Identifiers (DLCIs) that act as network addresses. DLCIs are defined by service provider and create the permanent part of the virtual circuit. Once established by the service provider, the customer cannot modify or cross-connect the PVC to another PVC. For example, site A can only talk to sites B and C only if the DLCI of site A is mapped by the service provider to the DLCI of sites B and C.
IP VPNs are highly secure in protecting data across the network by using encryption. However, IP VPNs must take security measures not required at layer 2 to turn layer 3 (any-to-any) IP routing open user groups into closed IP VPN user groups.
Regardless of the security and privacy afforded by IPSec, digital certificates, and firewalls for data across the network, every router on one customer’s IP VPN has the potential to access every other customer router on the IP VPN via TCP/IP, which has many well-documented security flaws such as vulnerability to Denial of Service (DoS) attacks, firewall holes that may allow intruders to tunnel illegitimate traffic into or out of corporate networks, etc. Unlike frame relay networks, IP VPNs are inherently vulnerable to the risk of a user on one customer network using a router to access another customer router across the network. Vulnerability reports post new security threats to firewalls, routers, and other VPN equipment on a daily basis as VPNs are hacked. No similar problem exists for frame relay networks.
|
|
| |
|
|
|
|
