LAN (Local Area Network)

LAN
LAN stands for Local Area Network. It's a group of computers which all belong to the
same organisation, and which are linked within a small geographic area using a network,
often with the same technology (the most widespread being Ethernet).
A local area network is a network in its simplest form. Data transfer speeds over a local
area network can reach up to 10 Mbps (such as for an Ethernet network) and 1 Gbps (as
with FDDI or Gigabit Ethernet). A local area network can reach as many as 100, or even
1000, users.
By expanding the definition of a LAN to the services that it provides, two different
operating modes can be defined:

In a "peer-to-peer" network (P2P for short), in which communication is carried

out from one computer to another, without a central computer, and where each
computer has the same role.
in a "client/server" environment, in which a central computer provides network
services to users.

Peer-to-peer networking
Article Table of contents

Introduction to peer-to-peer architecture

In contrast to client-server networks there is no dedicated server in peer-to-peer
architecture . Thus each computer in such a network is part server and part client. This
means that each computer on the network is free to share its own resources. A computer
which is connected to a printer may even share the printer so that all other computers may
access it over the network.

Disadvantages of peer-to-peer architecture

Peer-to-peer networks have many disadvantages:

this system is not centralised, making administration difficult

lack of security
no link in the network is reliable

Therefore, peer-to-peer networks are only useful for a small number of computers
(generally about 10), and only suitable for applications that do not require a high level of
security (it is not advisable in a business network containing sensitive data).

Advantages of peer-to-peer architecture

Nonetheless, peer-to-peer architecture does have several advantages:

reduced cost (the costs involved in such a network are hardware, cabling and
maintenance )
well tested simplicity

Installing a peer-to-peer network

Peer-to-peer networks do not require the same levels of performance and security as
dedicated server networks require. One can therefore use Windows NT Workstation,
Windows for Workgroups or Windows 95, as all of these operating systems contain all
the functionalities required for a peer-to-peer network.
Setting up such a network involves standard procedures:

Computers are located in the user's office

Each user is his own administrator and sets his own security
Connected using simple and straightforward cabling

This architecture is generally sufficient for environments with the following

specifications:
Less than 10 users
All users are located in the same geographic area
Security is not critical
There are no major expansion plans for the company nor the network in the near
future

Administering a peer-to-peer network

The peer-to-peer network addresses the needs of a small company but may turn out to be
inadequate in certain environments. The following items should be addressed prior to
choosing a type of network: this is what is known as "Administration":
1.
2.
3.
4.

User management and security management

Making resources available
Maintenance of applications and data
Installing and upgrading user applications

In a peer-to-peer network there is no administrator. Each user administers his own

computer. However all users may share their resources as they wish (data in shared
folders, printers, fax adapters, etc.).

Security concepts
Minimal security policy involves protecting a resource with a password. Peer-to-peer
network users set their own security, and as all shares may be found on all computers it is
difficult to control things centrally. This also poses a problem for global network security,
as some users do not secure their resources at all.

Metropolitan Area Network (MAN)

MANs (Metropolitan Area Networks) connect multiple geographically nearby LANs to
one another (over an area of up to a few dozen kilometres) at high speeds. Thus, a MAN
lets two remote nodes communicate as if they were part of the same local area network.
A MAN is made from switches or routers connected to one another with high-speed links
(usually fibre optic cables).

Wide Area Network (WAN)

A WAN (Wide Area Network) connects multiple LANs to one another over great
geographic distances, the size of a country or continent.
The speed available on a WAN varies depending on the cost of the connections (which
increases with distance) and may be low.
WANs operate using routers, which can "choose" the most appropriate path for data to
take to reach a network node.

VPN - Virtual Private Networks

Article Table of contents

The concept of virtual private networks

Local area networks (LANs) are the internal networks of organisations, meaning
connections between the machines that belong to a particular organisation. These
networks are becoming more and more frequently connected to the Internet, using
interconnection equipment. Very often, companies have a need to communicate over the
Internet with subsidiaries, customers, or even staff who may be geographically distant.
However, data transmitted through the Internet is much more vulnerable than when it is
travelling over an organisation's internal network, as the path taken is not defined in
advance, which means that the data has to go through a public network infrastructure
belonging to different entities. For this reason, it is not impossible that somewhere along
the line, a nosy user might listen to the network or even hijack this signal. Therefore,
information which is sensitive for an organisation or business should not be sent under
such conditions.
The first solution to fulfill this need for secure communications involves linking remote
networks using dedicated lines. However, as most businesses aren't able to link two
remote local area networks with a dedicated line, it is sometimes necessary to use the
Internet as a transmission medium.
A good compromise involves using the Internet as a transmission medium with a
tunneling protocol, which means that the data is encapsulated before being sent in an
encrypted manner. The term Virtual Private Network (VPN for short) is used to refer to
the network artificially created in this way.
This network is said to be virtual because it links two "physical" networks (local area
networks) using an unreliable connection (the Internet), and private because only
computers which belong to a local area network on one end of the VPN or the other can
"see" the data.
The VPN system, then, can provide a secure connection at a lower cost, as all that is
needed is the hardware on either end. On the other hand, it cannot ensure a quality of
service comparable to a leased line, as the physical network is public and therefore not
guaranteed.

Operation of a VPN
A virtual private network relies on a protocol called a tunneling protocol; that is, a
protocol that encrypts the data which runs from one end of the VPN to the other.

The word "tunnel" is used to symbolise the fact that, between the moment the data enters
the VPN and when it leaves, it is encrypted, and therefore incomprehensible to anyone
not located at either end of the VPN, as if the data were travelling through a tunnel. In a
two-machine VPN, the VPN client is the part which encrypts and decrypts the data on the
user's end, and the VPN server (or more often remote access server) is the element that
decrypts the data on the organisation's end.
That way, whenever a user needs to access the virtual private network, his/her request is
transmitted unencrypted to the gateway system, which connects to the remote network
using the public network's infrastructure as an intermediary, then transmits the request in
an encrypted manner. The remote computer then provides the data to the VPN server on
its network, which sends the reply encrypted. When the user's VPN client receives the
data, it is decrypted, and finally sent to the user.

Tunneling protocols
The main tunneling protocols are:

PPTP (Point-to-Point Tunneling Protocol) is a layer 2 protocol developed by

Microsoft, 3Com, Ascend, US Robotics and ECI Telematics.
L2F (Layer Two Forwarding) is a layer 2 protocol developed by Cisco, Northern
Telecom and Shiva. It is now nearly obsolete.
L2TP (Layer Two Tunneling Protocol), the outcome of work by the IETF (RFC
2661), brings together the features of PPTP and L2F. It is a layer 2 protocol based
on PPP.
IPSec is a layer 3 protocol created by the IETF that can send encrypted data for IP
networks.

The PPTP protocol

The principle of PPTP (Point To Point Tunneling Protocol) involves creating frames with
the protocol PPP and encapsulating them using an IP datagram.

Thus, with this kind of connection, remote machines on two local area networks are
connected with a point to point connection (including an authentication/encryption
system), and the packet is sent within an IP datagram.

This way, the local area network's data (as well as the addresses of the machines found in
the message's header) is encapsulated within a PPP message, which is itself encapsulated
within an IP message.

The L2TP protocol

L2TP is a standard tunneling protocol (standardised in an RFC) which is very similar to
PPTP. L2TP encapsulates PPP frames, which are themselves encapsulating other
protocols (such as IP, IPX or NetBIOS).

The IPSec protocol

IPSec is a protocol defined by the IETF which is used to make data transfers secure on
the network layer. It is actually a protocol which makes security improvements to the IP
protocol in order to ensure the privacy, integrity, and authentication of data sent.
IPSec is based around three modules:

IP Authentication Header (AH), which involves integrity, authentication and

protection from replay attacks on packets.
Encapsulating Security Payload (ESP), which defines packet encryption. ESP
provides privacy, integrity, authentication and protection against replay attacks.
Security Association (SA) which defines key exchange and security settings. SAs
include all information on how to process IP packets (the AH and/or ESP
protocols, tunnel or transportation mode, the security algorithms used by the
protocols, the keys used, etc.) The key exchange is done either manually or with
the exchange protocol IKE (most of the time), which enables both parties to hear
one another.

intranet