Download - basic networking.ppt
RISSTechRISSTech
Network FundamentalsNetwork FundamentalsDallas TexasDallas Texas
June 26th 2000June 26th 2000
riss.netriss.net
TechTechRISSRISS
Six Law Enforcement Assistance OrganizationsSix Law Enforcement Assistance Organizations Collectively funded by BJACollectively funded by BJA
single line item (RISS)single line item (RISS) Each region governed by a BoardEach region governed by a Board
Members elected or appointed from membershipMembers elected or appointed from membership Each Board employs a Center DirectorEach Board employs a Center Director Regions must provide “Core” servicesRegions must provide “Core” services
– Each region provides additional servicesEach region provides additional services
Directors Association Directors Association Works with boards to set policy concerning, and Works with boards to set policy concerning, and
fund issues / initiatives common to all regions fund issues / initiatives common to all regions
The Regional Information The Regional Information Sharing System (RISS)Sharing System (RISS)
TechTechRISSRISS
Six Organizations - Six Different SystemsSix Organizations - Six Different Systems The Intelligence Database The Intelligence Database
Core RequirementCore Requirement Submission and Inquiry by membershipSubmission and Inquiry by membership 28 CFR compliant (business rules same)28 CFR compliant (business rules same)
No common database or platformNo common database or platform VAX, Wang, IBM, Intel, MacintoshVAX, Wang, IBM, Intel, Macintosh
– RDB, DB2, RBASE, 4D, Fox-ProRDB, DB2, RBASE, 4D, Fox-Pro
No remote user access to dataNo remote user access to data Access restricted to business hours Access restricted to business hours
The Situation in 1995The Situation in 1995
TechTechRISSRISS
Six Organizations - Six Different SystemsSix Organizations - Six Different Systems Submissions mailed or faxed to center Submissions mailed or faxed to center
entered by center personnelentered by center personnel Inquiry via telephone or faxInquiry via telephone or fax
center personnel “run” subject locallycenter personnel “run” subject locally No remote access to other site databasesNo remote access to other site databases
center personnel telephoned other five centers if center personnel telephoned other five centers if subject was to be “run” nationallysubject was to be “run” nationally
Time consuming labor intensive processTime consuming labor intensive process Center personnel determined possible “Hits”Center personnel determined possible “Hits” Information returned to officer via telephone Information returned to officer via telephone
The Situation in 1995The Situation in 1995
TechTechRISSRISS
Six Organizations - Six Common SystemsSix Organizations - Six Common Systems All deployed VAX hardware All deployed VAX hardware
Dual Servers at five locations Dual Servers at five locations (mainframe CA DOJ)(mainframe CA DOJ)
All deployed a custom application in RDBAll deployed a custom application in RDB each center converted its data each center converted its data
56KB lease lines formed a RISS WAN56KB lease lines formed a RISS WAN center personnel could remotely “run” subjectcenter personnel could remotely “run” subject
Biometrics initially used for authenticationBiometrics initially used for authentication Fingerprint readers (discontinued after short time)Fingerprint readers (discontinued after short time)
Remote officer access Remote officer access required a VAX terminal and a 56KB lease line required a VAX terminal and a 56KB lease line
connection connection
Automation in 1996Automation in 1996
RM IN LAN
W sin LAN
Rissnet II Servers
Cisco 2514 Router
R issnet II Servers
C isco 2514 Router
SD
Fail
ascom TimeplexS ync hrony A ccess Router
Diag R un Power
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LOADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby By pass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST3512
HawkinsData
Center
SD
Fail
ascom TimeplexS ync hrony A ccess Router
Diag R un Power
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LO ADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby By pass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST3512
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LOADERKEY
Alarms Setup C learKey
Mgmt
Secure Stby Bypass Tes t
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST3512
Rocic LAN
Rissnet II Servers
Cisco 2514 Router
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LO ADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby Bypass Test
Secure
Alarms
CIDEC-LSi
EnterSD
Fail
ascom TimeplexS ync hrony A ccess Router
Diag R un Power
SD
T/R NC ST3512
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LO ADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby By pass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
Enable U n-Lock
KEY MGN T MODE
mececomececo
Disable Lock
LOADERKEY
Alarms Setup C learKey
Mgmt
Secure Stby Bypass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST3512
SD
T/R NC ST3512
SD
Fail
ascom TimeplexS ync hrony A cces s R outer
Diag R un Power
M agloclen LAN
Rissnet II Servers
Cisco 2514 RouterSD
Fail
ascom Tim epl exS ynchrony A ccess R outer
Diag Run Power
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LOADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby By pass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST351 2
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LO ADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby By pass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST3512
Nespin LAN
Rissnet II Servers
Cisco 2514 RouterSD
Fai l
ascom Timepl exS ynchrony A cc es s R outer
Diag R un Power
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LO ADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby Bypass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST3512
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LOADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby By pass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST3512
M ocic LAN
Rissnet II Servers
Cisco 2514 Router
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LO ADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby Bypass Test
Secure
Alarms
CIDEC-LSi
EnterSD
Fail
ascomT im eplexS ynchrony A ccess R outer
Diag Run Power
SD
T/R NC ST351 2
SD
Enable U n-Lock
KEY MGN T MODE
mececomececo
Disable Lock
LOADERKEY
Alarms Setup C learKey
Mgmt
Secure Stby Bypass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
Enable Un-Lock
KEY MGNT MODE
mececomececo
Disable Lock
LO ADERKEY
Alarms Setup ClearKey
Mgmt
Secure Stby Bypass Test
Secure
Alarms
CIDEC-LSi
Enter
SD
T/R NC ST351 2
SD
T/R NC ST351 2
SD
Fail
ascom TimeplexS ync hrony A ccess Router
Diag R un Power
TechTechRISSRISS
RISSGang Database RequirementsRISSGang Database Requirements Secure access Secure access
provide law enforcement officers 24 X 7 accessprovide law enforcement officers 24 X 7 access strong mutual authentication (client to server strong mutual authentication (client to server
server to client)server to client) Affordable access (no lease lines)Affordable access (no lease lines)
leverage the Internetleverage the Internet Secure data while in transit (encryption)Secure data while in transit (encryption)
VPN from client desk top to secure server locationVPN from client desk top to secure server location Easy to ManageEasy to Manage
limited resourceslimited resources
RISSGang Initiative in 1996RISSGang Initiative in 1996
TechTechRISSRISS
RISS Intranet / RISSNET II Legacy WANRISS Intranet / RISSNET II Legacy WAN Securely connects the six centersSecurely connects the six centers Leverages “web” technologyLeverages “web” technology Strongly authenticates ALL users Strongly authenticates ALL users Provides remote officers 24 X 7 accessProvides remote officers 24 X 7 access
Intranet access via the InternetIntranet access via the Internet browser interface to the databases (RDB / SQL) browser interface to the databases (RDB / SQL)
Provides client to resource location VPNProvides client to resource location VPN ““resource access” audit trailresource access” audit trail Deployed with limited personnelDeployed with limited personnel
limited fundslimited funds
1997 Deployed Hybrid Network1997 Deployed Hybrid Network
Com m on LAN
IIR Test LAN
SDSD
DTE
NWK
CO NTR OL
115 VAC60 HZ
1/8 AMP
3/16AMP S.B.250 VAC
SD
AUX Console
SD
PORT-2PORT-0
PORT-3PORT-1
LP CN
TD
TC
RD
RC LP CN
TD
TC
RD
RC LP CN
TD
TC
RD
RC LP CN
TD
TC
RD
RC P-3 P-2
P-1 P-0
SD
SERIAL (V2)
PORT-1
PORT-0
DOTXCDIRXCDCDRSTS1TS2LPDCE
P-0 P-1
SD
ETHERNET AUI10Base T
TXRXAUILNKPOLTXRXAUILNKPOL
PORT-1
PORT-0
riss.net
V-O ne F irew all(M O CICW all)
Nespin LAN
W eb Server
W sin LAN
W eb Server
Rissnet II Servers
Magloclen LAN
W eb Server
Rocic LAN
W eb Server
Mocic LAN
W eb Server
Rissgang Server
SDSD
DTE
NWK
CONTR OL
115 VAC60 HZ
1/8 AMP
3/16AMP S.B.250 VAC
SDSD
DTE
NWK
CONTR OL
115 VAC60 HZ
1/8 AMP
3/16AMP S.B.250 VAC
SDSD
DTE
NWK
CO NTR OL
115 VAC60 HZ
1/8 AMP
3/16AMP S.B.250 VAC
SDSD
DTE
NWK
CONTR OL
115 VAC60 HZ
1/8 AMP
3/16AMP S.B.250 VAC
SDSD
DTE
NWK
CO NTR OL
115 VAC60 HZ
1/8 AMP
3/16AMP S.B.250 VAC
SD
Fa il
ascom Tim eplexSynchrony Access Router
D iag R un P ow e r
SD
E nable Un -Loc k
KE Y MG NT MO DE
mececomec eco
Disab le Loc k
LO A D ERKE Y
Alar ms S etup C learK ey
Mgmt
S ecur e Stb y By pa ss Te s t
Se cure
Ala rms
CIDEC-LSi
E nter
SD
T/R NC S T3512
H awk insD ata
C enter
SD
Fa il
ascom Tim eplexSynchrony Access Router
D iag Run P ow e r
SD
En able U n -
L oc k
K E Y M G N T MO DE
mec ecomecec o
D isable L ock
LO A DE R
K EY
Alar ms S etu p Cle arK ey
Mgm t
Secu re St by B y pass T es t
Sec u re
Alar ms
CIDEC-LSi
En ter
SD
T/R NC ST3512
SD
En able Un -
L ock
K E Y M G NT MOD E
mececomececo
D isable L oc k
LO A DE R
K EY
Alar ms S etu p Cle arK ey
Mgm t
Secu re St by B y pass T es t
Sec u re
Alar ms
CIDEC-LSi
En ter
SD
T/R NC ST3512
SD
Fa il
ascom Tim eplexSynchrony Access Router
D iag R un P owe r
SD
E nable Un -Loc k
KE Y MG N T MO DE
mecec omececo
Dis ab le Lock
LO A DERKE Y
Alar ms S etup C learK ey
Mgmt
S ec ur e Stb y Bypa s s Te st
Se cure
Ala rms
CIDEC-LSi
E nter
SD
T/R NC ST
3512
SD
E nable Un -Loc k
KE Y MG NT MO DE
mececomec eco
Disab le Loc k
LO A D ERKE Y
Alar ms S etup C learK ey
Mgmt
S ecur e Stb y By pa ss Te s t
Se cure
Ala rms
CIDEC-LSi
E nter
SD
T/R NC ST
3512
SD
Fa il
ascom Tim eplexSynchrony Access Router
D iag R un P owe r
SD
E nable Un -
Loc k
KE Y MG N T MO DE
mecec omececo
Dis ab le Lock
LO A DER
KE Y
Alar ms S etup C learK ey
Mgmt
S ec ur e Stb y Bypa s s Te st
Se cure
Ala rms
CIDEC-LSi
E nter
SD
T/R NC ST3512
SD
E nable Un -Loc k
KE Y MG NT MO DE
mececomec eco
Disab le Loc k
LO A D ERKE Y
Alar ms S etup C learK ey
Mgmt
S ecur e Stb y By pa ss Te s t
Se cure
Ala rms
CIDEC-LSi
E nter
SD
T/R NC ST3512
SD
E nable Un -
Lock
KE Y MGN T MO DE
mececomececo
Dis ab le Loc k
LOA D ER
KE Y
Alar ms S etup C learK ey
Mgmt
S ecur e Stb y Bypa ss Te s t
Se c ure
Ala rms
CIDEC-LSi
E nterSD
Fa il
ascom Tim eplexSynchrony Access Router
D iag R un P ow e r
SD
T/R NC ST3512
SD
En able U n -L ock
K E Y M G N T MO D E
mec ec omecec o
D is able L ock
LO A DE RK EY
Alar ms S etu p Cle arK ey
Mgm t
Sec u re St by B ypas s T est
Secu re
Alar ms
CIDEC-LSi
En ter
SD
E nable Un -
Lock
KE Y MG N T MO DE
mecec omececo
Dis ab le Lock
LO A D ER
KE Y
Alar ms S etup C learK ey
Mgmt
S ec ur e Stb y Bypa s s Te st
Se c ure
Ala rms
CIDEC-LSi
E nter
SD
T/R NC ST3512
SD
T/R NC ST3512
SD
Fa il
ascom Tim eplexSynchrony Access Router
D iag R un P owe r
SD
E nable Un -Lock
KE Y MG NT MO DE
mececomec eco
Disab le Loc k
LO A D ERKE Y
Alar ms S etup C learK ey
Mgmt
S ecur e Stb y By pa ss Te s t
Se c ure
Ala rms
CIDEC-LSi
E nterSD
Fa i l
asco mTimeplexSynchrony Access Router
D iag R un P ow e r
SD
T/R NC ST3512
SD
En able U n -
L ock
K E Y M GN T MO D E
mececomececo
D is able L oc k
LOA DE R
K EY
Alar ms S etu p Cle arK ey
Mgm t
Sec u re St by B ypas s T est
Secu re
Alar ms
CIDEC-LSi
En ter
SD
E nable Un -
Lock
KE Y MGN T MO DE
mececomececo
Dis ab le Loc k
LOA D ER
KE Y
Alar ms S etup C learK ey
Mgmt
S ecur e Stb y Bypa ss Te s t
Se c ure
Ala rms
CIDEC-LSi
E nter
SD
T/R NC ST3512
SD
T/R NC ST3512
SD
Fa il
ascom Tim eplexSynchrony Access Router
D iag R un P ow e r
SD
Pwr
Col
NETGEAR 10BASE-THUB EN104
Normal/Uplink
Link Rx
1 2 3 4
RISSTech ServiceNetwork
RISSTech LAN
W eb Server
V -O ne F irewa ll(R IS S Techwall
)
SD
Pwr
ColNormal/Uplink
NE TG EAR10BASE-T HUB EN108 Link Rx
1 2 3 4 5 6 7 8
SD
InternetPublic Sw itch
SD
COMM
TYPE AND RATING OF FUSEFUSE
FUSE
1 3 5 7 9 1 3 5 7 9 11
S1 S2
FUSE: T250V-0.5A 120VAC/0.25A TO PROTECT AGAINST RISK OFCAUTION:FIRE, REPLACE ONLY WITH SAME SLOW BLOW
DC POWER
DATA PORT
PORT NET
CTS 206-9
ON
1234 5678 9 101112123 456789
CTS 206-12
ON
D465
D465
SDSD
DTE
NWK
CO NTROL
115 VAC60 HZ
1/8 AMP
3/16AMP S.B.250 VAC
V.35
SD
NETGEAR16 POR T
100 BASE-TX Fast Ethernet Hub
Po we r
1 00 Mbp s F AST
D ata Co ll is i on
Bay Networks
Normal/Upli nk
L ink Rx L ink Rx
9 16
1 8
FE 516
V.35
V-O NE F irew all(W all)
DNSRADIUS
Rm in LAN
W eb ServerRissleads Server
SDSD
DTE
NWK
CO NTR OL
115 VAC60 HZ
1/8 AMP
3/16AMP S.B.250 VAC
V-O ne F irew all(Rm inW all)
TechTechRISSRISS
The RISS IntranetThe RISS Intranet(riss.net)(riss.net)
We Chose :We Chose : Frame Relay Circuits (burst traffic)Frame Relay Circuits (burst traffic) V-One SmartwallV-One Smartwall (BSDI, Gauntlet, Smartgate) (BSDI, Gauntlet, Smartgate) Smart Card Token Storage (external users)Smart Card Token Storage (external users) Dual Tiered Firewall DesignDual Tiered Firewall Design RADIUS (External to Internet Firewall)RADIUS (External to Internet Firewall) Worldcom Frame CircuitsWorldcom Frame Circuits UUNET / Verio Internet Service ProvidersUUNET / Verio Internet Service Providers
TechTechRISSRISS
The RISS Intranet 1997The RISS Intranet 1997(riss.net)(riss.net)
The network provides:The network provides: Secure RISS LAN to LAN ConnectivitySecure RISS LAN to LAN Connectivity User Authentication (internal & external)User Authentication (internal & external) Secure User to Firewall Encryption (2nd tier)Secure User to Firewall Encryption (2nd tier) Fine Grained Access ControlFine Grained Access Control Network Audit Trail (who,where,when)Network Audit Trail (who,where,when) ScalabilityScalability
Radius Server
switch
"WALL"
Router
Public switch877-RISSCop
CSU/DSU
DNS SERVER
Verio ISP
VERIO ROUTER
CSU/DSU
Remote Dial In Devices
riss.net
riss.net access pathways
CSU/DSU
UUNET ISP
UUNET ROUTER
Toll free1 PRI
23 channels
Local access #pending
T-1
T-1
T-1LAN
All riss.net Nodes
Second tierfirewall
switch
LAN
RISSTech siteSecond tier
firewall
TechTechRISSRISS
The RISS IntranetThe RISS Intranet(riss.net)(riss.net)
Why We Chose V-One in 1996Why We Chose V-One in 1996 VPN Technology LeaderVPN Technology Leader Gauntlet Proven Track RecordGauntlet Proven Track Record Hardened BSDI Unix Operating SystemHardened BSDI Unix Operating System Intel Hardware (cost efficient)Intel Hardware (cost efficient) Smart Card Technology LeaderSmart Card Technology Leader Scalable System Scalable System Automated Registration / Key DistributionAutomated Registration / Key Distribution Access Control Provided by SmartwallAccess Control Provided by Smartwall Will Work With Other Authentication DevicesWill Work With Other Authentication Devices Single Vendor SolutionSingle Vendor Solution
TechTechRISSRISS
RISS Intranet 2000RISS Intranet 2000(riss.net)(riss.net)
Present network configurationPresent network configuration RISS nodesRISS nodes HIDTA nodesHIDTA nodes State nodesState nodes Gateway nodesGateway nodes Future expansionFuture expansion 6,180 users as of 6-20-20006,180 users as of 6-20-2000
LAN
Data
Server
LAN
Internet ServiceProvider
Modem
Internet
LAN
LAN
Rissnet II Legacy system
RISSIntelServer
HIDTA Server
WEB Server
LAN
RADIUS DNS
RAD RISSCop
HIDTA Server
NDPIX SWB
LAN
LAN UsersDial Up Users
RISSIntel Gateways
RISS Nodes
HIDTA Nodes
WSIN RISS Node
HIDTA Nodes
256K
WEB Server
riss.net
TechTechRISSRISS
The RISS IntranetThe RISS Intranet(riss.net)(riss.net)
Secure Network Utilizing WEB technologySecure Network Utilizing WEB technology Dual Tiered Firewall DesignDual Tiered Firewall Design Secure Internet AccessSecure Internet Access User Authentication / AuthorizationUser Authentication / Authorization Client to Second Tier Firewall VPNClient to Second Tier Firewall VPN Fine Grained Access ControlFine Grained Access Control LAN to LAN or Server to Server VPNLAN to LAN or Server to Server VPN Detailed LoggingDetailed Logging Dial In User CapabilityDial In User Capability
TechTechRISSRISS
Thank YouThank You
Riley T. BellRiley T. BellManagerManager
Intranet Operations GroupIntranet Operations GroupRegional Information Sharing SystemsRegional Information Sharing Systems
Office of Information TechnologyOffice of Information Technology1610 East Sunshine1610 East Sunshine
Springfield, MO. 65804Springfield, MO. 65804Telephone: (417) 883-4383 ext.. 6001Telephone: (417) 883-4383 ext.. 6001
Fax: (417) 877-8435Fax: (417) [email protected]@risstech.riss.net