This opening segment explains the needs of private networks connected to the internet and the technology that is most commonly used to create that bridge.
- In 1981, Internet Protocol version 4 was introduced with an addressing system that could, in theory, provide over four billion addresses on the public network, the internet. It seemed like a lot at the time, but the explosion of the internet proved to be much bigger than that. According to several different sources, there are anywhere between 7.5 and 8 billion people on this planet in 2019. While the addresses in IP version 4 can't be duplicated. And some parts of the world, may not have internet enabled devices in every single hand. Other parts of the world are more than making up for it, with laptops, tablets, smartphones, home computers, work computers, and so on. Bottom line, there aren't enough addresses on this public network to go around. The solution to this limitation was the creation of private networks. If you had 20 devices in a home or 200 devices in a workplace, you could group these together behind some type of router, and this private network is able to share a single address on the public network. The technology that makes this possible is Network Address Translation or NAT. NAT doesn't require a lot of overhead to work, it's the primary function of inexpensive routers that people purchase for their homes everyday. It works like this: one port of the router is configured with a public address, it probably receives this address from a phone company or a cable, TV and internet provider. That address is a public address and part of the four billion available. And it's part of what you pay for with your internet service. There's another interface that's configured with a private address. Private addresses should always come from one of the approved ranges, to avoid conflict on the public internet. The ranges set aside for private use are 10. Anything And this is great for very large networks. 172.16 through 172.31 gives you a range of moderate size networks that are good for medium to moderately large networks. And 192.168.0 or any number between 0 and 254 inclusive could be used. This is the smaller range and the most common in most home and small business networks. In the interface with that private address is connected to a switch with some hardwired ethernet ports and maybe a Wifi connection. The router that you may have purchased from a local electronics or department store, groups much of this picture inside one box. So you don't really have to think about it. With this type of configuration, you could connect a large number of devices to the switch or to the wireless network to allow them to communicate freely amongst themselves and then share the public network or internet connection when they need to. And that's the other benefit to NAT, in addition to the growing of devices that need to access the internet. This allows communication in the private network to remain private. For example, if I wanted to print my tax returns to the local network printer in my home or if I wanted to access proprietary data on a file server within my office, this security feature within these private networks becomes very important. The separation and the joining of public and private networks will be a primary focus throughout this course. And that is just one of the ways to separate and join the two.
- NAT implementation
- Site-to-site and remote access VPNs
- VPN connections to the cloud
- Planning a site-to-site VPN
- NPS configuration
- Using RADIUS to secure remote access
- NPS templates
- Applying connection-specific policies