Dedicated Access User Guide
Home

Dedicated Access User's Guide

Our Dedicated Access Users Guide is where you will find answers to most questions you may have about Southwestern Bell Internet business solutions. For more information, check out our Required Hardware and Software for dedicated access, Dedicated Services FAQ, and the Classless Inter-Domain Routing (CIDR) overview.

Introduction

Section 1 - Dedicated Access Service
Section 2 - Dedicated Access Options
Section 3 - Address and Domain Name Registration
Section 4 - Dedicated Access Ordering and Timelines
Section 5 - Internet Network Security

Appendix A - Address and Domain Name Registration Survey
Appendix B - Implementation Checklist
Appendix C - Helpful Resources
Glossary of Acronyms


Introduction

Who is Southwestern Bell Internet Services?

Southwestern Bell Internet Services (SBIS) is a wholly owned subsidiary of SBC Communications Inc. SBIS provides customers with a reliable, comprehensive, easy to use range of Internet-related services, including dial-up Internet access for residential and business customers, e-mail services, local news and information, content filtering and search capabilities. Southwestern Bell also offers complete solutions for your business including Dedicated Internet access, equipment, on-site installation, hosting, e-mail.

What is the Internet?

The Internet is a vast worldwide network comprised of thousands of smaller interconnected networks; this worldwide network evolved from a project funded by the U.S. Defense Advanced Research Projects Agency (DARPA). The Internet was originally created to help researchers and scientists exchange information quickly and actually prohibited use of the network for commercial purposes.

Today, the Internet has grown dramatically and its users have expanded from research institutions and scientific laboratories to commercial businesses and consumers. The Internet now includes many for-profit Internet Service Providers such as Southwestern Bell Internet Services. Along with the increase in number of users on the Internet, the quantity of tools that can be used on the Internet has also grown. Now these users on the Internet can not only transfer files in electronic format, they can send messages via electronic mail (e-mail), conduct research using the vast resources of the Internet, hold real-time "talk" sessions with others connected to the Internet and much more.

Southwestern Bell Internet Services receives its customers' network traffic and delivers it either to the destination address or, as needed, to a Global Service Provider who forwards it onto the ultimate destination. In turn, Southwestern Bell Internet Services receives network traffic that is destined for its customers from Global Service Providers and then delivers it to the appropriate location.

The Southwestern Bell Internet Services network is composed of multiple network hubs connected by a high speed Internet backbone network. Each major network hub runs on an FDDI LAN connecting routers and hosts that accept and route Internet Protocol (IP) traffic and provide auxiliary services that make accessing the Internet easier. Today, customers access the Southwestern Bell Internet Services network by connecting to the closest major hub via point-to-point DS1 (T-1), DS3, Dedicated ISDN, Frame Relay or ATM Cell Relay. Each of these major hubs is connected directly to the Internet through an Internet Global Service Provider.

Back to the top

Section 1 - Dedicated Access Service

Table of Contents

What Does Southwestern Bell Internet Services Offer?

Southwestern Bell is proud to offer the most comprehensive and cost-effective business solutions in the industry. Unlike our competitors, Southwestern Bell offers complete solutions for your company's Internet needs.

Our Dedicated Business offering includes:

Our Dial-Up offering includes:

If I Don't Buy Equipment from SBIS, What Do I Need to Connect to the Internet?

Typically, dedicated access customers are connecting a LAN-based configuration to the Internet. Customers need to provide the appropriate standard WAN equipment such as routers and CSU/DSUs. Because the Internet is a TCP/IP based network, customers need to have the TCP/IP protocol stack installed on each host or to translate any proprietary network traffic into TCP/IP through the use of a gateway.

Customers are also responsible for providing, configuring, and supporting any software tools required for accessing the Internet. Below we have provided a short explanation of the most commonly used Internet tools.

Domain Name Service (DNS)

Domain Name Service (DNS), though typically invisible to the user, is the most fundamental tool associated with use of the Internet. The Internet uses the IP protocol and all IP traffic must have a source host address and a destination host address in the form of 207.193.0.0. Unfortunately, these addresses are extremely cumbersome and nearly impossible to remember.

The function of DNS is to map the required IP addresses into more user-friendly, easy-to-remember host names. For example, the IP address of the Southwestern Bell Internet Services mail server could be 207.193.0.0, but its associated host name is swbell.net. DNS allows users to document the correlation between their IP addresses and host names. Each site is responsible for documenting the correlation between their own IP addresses and host names. This information is then propagated to other DNS servers all over the world. Everyone on the Internet relies on this mapping to easily access hosts and resources.

Also, since hosts at a specific site are associated with a specific IP network address, all hosts at that site can be grouped together into a single domain. In this way, a host name such as "compass" can be reused by many Internet sites, as long as they each belong to different domains. To clarify, compass.swbell.net does not correspond to the same IP address as compass.swbell.com, since the domain "swbell.net" is associated with the 207.11.1.0 network and the domain "swbell.com" is associated with the 157.164.4.0 network. Of course, two computers cannot have the same host name if they are part of the same domain.

The DNS for a particular site is provided by one or more hosts running specialized software; these hosts are commonly referred to as name servers or domain name servers. Customers are responsible for providing one primary name server at their location or they can choose to use Southwestern Bell Internet Services' optional Primary DNS service.

As part of our basic service, Southwestern Bell Internet Services offers Dedicated Access customers the option of using one of our name servers as a primary or secondary name server, for one fully qualified domain per customer. There is no additional charge for secondary DNS and a nominal charge for primary DNS services. The advantage of such a configuration is that if the primary name server fails, the Southwestern Bell Internet Services name server can provide the required mapping between host names and IP addresses.

Without a secondary name server, the site would be virtually isolated from the rest of the Internet. Remote users would find hosts at that site to be unresponsive to their host names. Likewise, local users trying to reach any host would be forced to manually enter the destination IP address in place of its host name. Please note that not providing DNS is NOT a security feature; it will not prevent your site from receiving data since the IP addresses for your site can easily be found or guessed.

Electronic Mail System

Electronic mail (e-mail) is an electronic equivalent to a letter delivered by the US Postal Service. However, in its electronic format, mail can be delivered almost instantaneously around the world! The Internet is equivalent to the US Postal Service delivery system and like the US Postal Service there must be a mechanism for getting mail in and out of the delivery system. With the US Postal Service, the sender must take the letter to the nearest post office or mailbox. Once a letter is delivered by the US Postal Service, the receiver must go to their mailbox and retrieve their mail.

Similarly, the sender of e-mail must have a way of both delivering and receiving mail from the delivery system. This is accomplished through the use of individual host e-mail software, mail servers, and mail gateways.

Southwestern Bell Internet Services Dedicated Access customers may provide their own e-mail host software, server and gateway(s), or can choose to purchase these services from SBIS. If customers choose to provide their own e-mail, we strongly recommend that the customer's e-mail system be Simple Mail Transfer Protocol (SMTP) RFC-1123 compliant since this is the predominant e-mail protocol used on the Internet.

Each host must have an e-mail software package installed to generate the actual e-mail messages. The host e-mail software must be configured to forward messages to the local SMTP mail server for delivery.

The local SMTP mail server then determines where to send outgoing messages by looking up the Mail Exchange (MX) record for the top level domain portion of the destination e-mail address. For example, if the destination address of an electronic mail message is help@swbell.net, the latter portion of the address is swbell.net. The SMTP mail server (which may also be referred to as the "mail server", "mail host", "mail spooler", or "mail relay") will check its DNS to obtain the MX record for swbell.net. The mail server would then forward the e-mail message to the IP address indicated in the MX record for swbell.net.

The mail server also accepts incoming mail addressed to its site and delivers the mail to the individual hosts. The mail server may be configured to "spool" incoming mail if an individual host is temporarily unable to receive mail. The mail server stores the messages until the host is again able to accept mail. A spooling facility requires that disk space be reserved on the mail server for this purpose; the more mail a site gets, the more disk space is required. A reasonable configuration is disk space to spool mail for the entire site for three days.

In some environments, a mail gateway is also necessary. A mail gateway's function is to translate e-mail messages from a proprietary format to a standard, SMTP-compliant format. For example, a mail gateway might translate between Macintosh Quickmail and SMTP Internet mail. If you are unsure which mail package your site is using, contact your local system administrator. If you need assistance setting up your e-mail system, you may contact your Internet Application Manager for a list of integration partners.

Network News Server

An electronic news feed provides access to the exchange of information between Usenet news servers around the world. The process of exchanging information between Usenet servers occurs fairly frequently in order that updates and postings to Usenet news groups can be propagated throughout the Internet.

The function of Usenet news is to allow Internet users to exchange ideas about particular subjects ranging from highly technical to political to recreational. Many users find that Usenet news is a valuable resource since specific questions or ideas can be posted to a news group and a response is usually posted fairly rapidly. Internet users tend to monitor news groups that are of specific interest to them; therefore, the likelihood of getting valuable, free information is quite high. Since Usenet is not administered by any one entity, news groups may or may not be moderated. This means that some newsgroups may be considered distasteful, offensive, or inappropriate to certain users.

Southwestern Bell Internet Services currently provides its customers an unrestricted Usenet news feed which consists of ALL of the news groups it receives. It is the customer's responsibility to filter out unwanted news groups.

Customers who want to receive Usenet news must provide a high performance host which can devote a large percentage of resources to processing news. Southwestern Bell Internet Services recommends that dedicated access customers set up their news server on a host with the following minimal characteristics:

Usenet news software must be installed and configured on the news server. InterNetNews (INN) is a free software package that is the defacto standard news server software. While there are other commercially available news software packages, Southwestern Bell Internet Services recommends INN or Netscape News Server for its dedicated access customers. This recommendation may change in the near future with the advent of news server software incorporating Graphical User Interfaces (GUIs) that make configuration and administration of the news server much simpler. Each host also needs to have a news reader installed. Most Web browsers provide a news reader (see "Web Browser" below).

Please note that the configuration and administration of a news server is a complicated issue requiring a high level of systems administration expertise. Southwestern Bell Internet Services can refer you to one of our integration partners if you need assistance in setting up your news server.

Web Browser

A Web browser, such as Netscape Navigator, is a software application that enables individual users to access the Internet with a Graphical User Interface (GUI). These applications make it easy for Internet users to do research, locate specific sites or services, conduct financial transactions and keep up on the news available on the world wide web (www). Most Web browsers also provide facilities for posting and reading Usenet news. Under an agreement with Netscape Communications Corporation, Southwestern Bell Internet Services is authorized to sell Netscape Navigator LAN Edition.

Web Server

More and more organizations are finding it valuable to have a presence on the World Wide Web (WWW). Web servers function as "virtual storefronts" to provide customer service, marketing, advertisements and public relations information to Internet users. Web servers may also be used to provide resources or proprietary information to employees or key partners. A Web server can be easily configured to record the number of hits or connections to each of its Web pages; this information can be used to measure the interest level of the content of the Web pages themselves.

If you want to have a Web server on the Internet, Southwestern Bell Internet Services recommends that your server have at least the following characteristics:

If the load on the Web server is too great, additional servers may be set up to handle additional requests.

Back to the top

Section 2 - Dedicated Access Options

Table of Contents

Transport Options Supported

Southwestern Bell Internet Services supports four dedicated access options: ISDN, Frame Relay, Point to Point private line service and ATM. Access speeds range from 56 Kbps to 6 Mbps. Many customers find that these types of services can reduce their network and equipment cost, as well as providing added flexibility. For example, if a site with a 128 Kbps Frame Relay connection to the Internet suddenly has more users to support, the service can be increased to 384 Kbps or even 1.536 Mbps with minimal effort.

Below is a complete list of transport options supported by Southwestern Bell Internet Services:

  • Lan ISDN: 64 Kbps
  • ATM: 3 Mbps
  • Lan ISDN: 128 Kbps
  • ATM: 5 Mbps
  • Frame Relay: 56/64 Kbps
  • ATM: 10 Mbps
  • Frame Relay: 128 Kbps
  • ATM: 15 Mbps
  • Frame Relay: 256 Kbps
  • ATM: 20 Mbps
  • Frame Relay: 384 Kbps
  • ATM: 30 Mbps
  • Frame Relay: 512 Kbps
  • ATM: 40 Mbps
  • Frame Relay: 768 Kbps
  • Frame Relay: 1.536 Mbps
  • Point to Point DS1: 1.5 Mbps
  • Burstable DS1: 128 Kbps - 1.544 Mbps
  • DS3: 3-45 Mbps
  • Burstable DS-3: 3-45 Mbps

    • Recommended Customer Network Equipment

    Regardless of the data transport service ordered, customers must ensure the network equipment they are using conforms to industry standards. Southwestern Bell Internet Services has tested and approved the standards compliant CSU/DSUs and routers from the following vendors:

    Southwestern Bell Internet Services also offers Access Pack solutions which include customer equipment from Cisco and Ascend.

    Recommended Routing Protocol

    We recommend that Dedicated Access customers set up a static default route in their router that points to the appropriate Southwestern Bell Internet Services hub router. A static route helps avoid the problems associated with dynamic routing protocol interactions. If static routes are not appropriate for your situation (i.e., you have multiple, diverse links to the Internet), Southwestern Bell Internet Services will be happy to discuss a more suitable choice with your local network administrator. Please contact your Internet Application Manager with such concerns.

    Back to the top

    Section 3 - Address and Domain Name Registration

    Table of Contents

    Why Must I Register My Address and Domain Name?

    All Internet IP addresses and Domain Names must be registered to ensure that there are no duplications. If duplications were to occur, there would be a great deal of confusion and inaccessibility due to incorrect host name/IP address mapping and routing errors. Such problems could be extreme and affect many Internet users.

    To avoid this, the Internet Addressing and Numbering Authority (IANA) was established. The IANA has chosen the InterNIC as its service provider, who in turn has contracted with Network Solutions Inc. (NSI) to perform the tasks associated with address and name registration. While this may seem somewhat confusing, the processes are fairly straightforward.

    How Do I Register My Address?

    To receive an InterNIC allocated or registered IP address, the policies of the InterNIC must be followed. Southwestern Bell Internet Services will be happy to assist dedicated access customers with this process. Appendix A includes a survey to be completed by your network administrator so the appropriate information can be passed to the InterNIC in the correct format.

    How Long Will Internet Address Registration Take?

    The length of time required to obtain a InterNIC allocated address depends your specific circumstances. Below are the most common scenarios and their corresponding time lines. It should be noted that the re-addressing of the local network cannot begin until the Internet address assignment process is completed by the InterNIC.

    No Previously Assigned Internet IP Address

    Southwestern Bell Internet Services should be able to allocate an IP address out of its existing address block within two weeks. If your addressing requirements are very large or unique, addresses may have to be obtained directly from the InterNIC. This process could take eight weeks depending on how busy the InterNIC is at the time.

    Previously Assigned Internet Address to be "transferred" to Southwestern Bell Internet Services

    If a dedicated access customer has been allocated an Internet IP address block by another Internet Service Provider (ISP), agreement with the ISP must be reached as to whether the addresses can be transferred. The advantage of transferring IP addresses is that the customer will not have to re-number all hosts on their local network.

    In the best interest of the customer, Southwestern Bell Internet Services will only accept address transfers with a legitimate 18-bit network address prefix (subnet masks of 255.255.192.0) or less. Southwestern Bell Internet Services may, on an individual case basis, agree to transfer address assignments with up to a 24-bit network address prefix (subnet masks of 255.255.255.0). However, customers requesting such transfers must understand the associated risks.

    Specifically, other ISPs may drop these small network entries from their routing tables as their routing tables reach capacity. Neither Southwestern Bell Internet Services nor the InterNIC can mandate that these routes be re-entered in other ISP routing tables. For this reason, transfers should be thoroughly and carefully evaluated by the customer. In order to begin the transfer process, written permission must be obtained by the customer from their previous ISP. These transfers may take up to 8 weeks.

    Previously Assigned Address to be replaced by a Southwestern Bell Internet Allocated Address

    Dedicated access customers who have IP addresses from another ISP will be allocated a Southwestern Bell Internet Services IP address block upon request. Southwestern Bell Internet Services should be able to allocate an IP address out of its existing address block within two weeks. If your addressing requirements are very large or unique, they may have to be obtained directly from the InterNIC. This process could take eight weeks depending on how busy the InterNIC is at the time.

    It is recommended that customers re-numbering their hosts to a Southwestern Bell Internet Services allocated address work with their Southwestern Bell Internet Services Dedicated Service Engineer to ensure the transition is as smooth as possible.

    How Do I Register My Domain Name?

    Southwestern Bell Internet Services will register domain names with the InterNIC on behalf of our dedicated access customers. Appendix A includes a survey to be completed by your network administrator so the correct information can be passed to the InterNIC in the appropriate format.

    There are a few important factors customers must know before they choose to register a domain. First, since domain names are typically provided on a first-come, first-served basis we cannot guarantee your desired domain name will be available. Second, those customers that choose to register a domain name zone must provide the following:

    Domain name zones must be registered in the appropriate suffix category. Table 1 provides a list of domain suffixes. The most common domain suffix, .COM, may take up to three weeks to register. .COM registrations also have an associated fee of $75 for initial two-year registration and $35 per year thereafter which will be billed to the customer.

    What If I Already Have A Registered Domain Name?

    If you already have a registered domain name, the InterNIC must still be notified that you have changed Internet Service Providers. Southwestern Bell Internet Services recommends that you complete the customer survey in Appendix A so we can assist you in updating the InterNIC's records.

    Table 1 - Domain Name Suffix Options
    Suffix Recommended Use
    .COM For-profit commercial entities
    .EDU Universities (4-year degree granting)
    .GOV Federal government
    .MIL US military (DoD)
    .ORG Non-profit entities
    .NET Internet service provider
    .INT International charter
    .US. Individual registrations
    .<local>.<state>.US City or county
    .CI.<local>.<state>.US City governments
    .CO.<local>.<state>.US County governments
    .STATE.<state>.US State governments
    .K12.<state>.US Public K-12 schools
    .PVT.K12.<state>.US Private K-12 schools
    .CC.<state>.US Community colleges
    .TEC.<state>.US Vocational/technical
    .LIB.<state>.US Libraries
    .GEN.<state>.US General/miscellaneous

    Back to the top

    Section 4 - Dedicated Access Ordering and Timelines

    Southwestern Bell Internet Services provides extraordinary service through its Dedicated Service Team. The Dedicated Service Team is available to Dedicated Access customers throughout the service installation process. Each installation is assigned a Dedicated Service Coordinator who is responsible for ensuring the customer's service is installed as requested. The Service Coordinator is also available to answers any service-related questions during the implementation process. Each installation is also assigned a Dedicated Service Engineer who is responsible for configuration of Southwestern Bell Internet Services hardware and software that will enable the customer to become part of Southwestern Bell Internet Services.

    For each installation, a Customer Service Activation appointment will be scheduled by the Dedicated Service Coordinator. The purpose of this appointment is to verify installation and to ensure the customer is able to properly exchange routing information with Southwestern Bell Internet Services. Please note that Southwestern Bell Internet Services considers your site successfully connected to the Internet when we can exchange routing information with your site and your site can reach remote sites on the Internet by IP address (not host name).

    If you are providing primary DNS and your site's Domain Name Service is not functioning at the time of the Service Activation appointment, but your site passes the Internet service installation verification tests, billing for the service will commence. If you are changing Internet Service Providers, we recommend you do not discontinue your current service until your site has passed the Internet service installation verification tests. Please notify the Dedicated Service Engineer during your Service Activation appointment of your existing Internet connection.

    Southwestern Bell Internet Services configurations requiring only a new transport service are typically installed in 21 business days. Configurations requiring InterNIC domain name registration may take as long as 8 weeks or more depending on the domain involved. .COM is usually 2-3 weeks while .ORG or .EDU can take up to 8 weeks. Southwestern Bell Internet Services offers temporary registration under its domain during this registration period.

    Back to the top

    Section 5 - Internet Network Security

    Table of Contents

    Internet Network Security

    Since the Internet is not owned or administered by any one entity, it is impossible to ensure the credibility or integrity of the millions of users. For this reason, Southwestern Bell Internet Services has a strong concern that each customer understands they are responsible for implementing the level of security that is appropriate for their specific situation.

    Security implementations are as unique as personalities - no one solution fits every situation. Some organizations are comfortable with security implemented at the Internet gateway; while others feel that security must be implemented everywhere: at the Internet gateway, on each host, etc. It is important to understand that security is inversely proportional to convenience; this means that the more levels of security a site implements, the less convenient it is for users.

    Just as there are many levels of security that can be implemented, there are many ways in which to implement these levels of security. Below is a description of a few of the most common Internet security implementation methods. Southwestern Bell Internet Services does not presently offer any of the services below.

    Packet Filtering

    Packet filters are typically implemented on the routers connecting a site to the Internet. These filters are a set of criteria by which each IP packet that is sent or received from a particular interface is judged. If the packet meets the criteria, it will also decrease the number of sites that your users can access.

    Since each IP packet has a source and destination address, it is possible to narrow down the set of other Internet sites that can connect to your network; however, since most Internet applications require two-way transmission, such filtering will also decrease the number of sites that your users can access.

    Along with a source and destination address, IP packets utilizing TCP and UDP protocols also contain a destination port number. The port number determines what Internet service is being accessed by this packet. For example, an IP packet with TCP port number 25 is destined for the Sendmail port, the standard SMTP mail port on a UNIX machine. Many sites choose to develop a filter criteria based on the TCP port number and the structure of the packet itself. Such filtering is certainly more thorough than the simple source/address packet filter; however, it requires an in-depth understanding of TCP/IP.

    Finally, filters can be created based on the location of particular bits within each packet. Such filtering is quite valuable to those who have mastered the intricacies of TCP/IP.

    Application Level Firewall

    An application level firewall is considered by many to be a more complete security mechanism than packet filtering because it is more configurable. Application level firewalls utilize a host that runs application proxy software, such as a telnet proxy.

    These proxies support more detailed filtering criteria like destination, user, time of day, etc. Application proxies also allow for hiding the true internal IP address of the user's workstation. This may be important for those sites that are extremely concerned about security.

    One concern with application level firewalls is their performance, since the associated proxying tasks require additional computing time. Another concern with application level firewalls is that each client and server involved in proxying must be configured to do so (a time-consuming effort).

    Authentication

    For many organizations with Internet connectivity, authentication is one of the most important aspects of security. Employees frequently use the Internet for remote access to the corporate local network while at home or away on travel. For example, a traveling employee who has dial-up access to the Internet and needs to access information on an office workstation. In such situations, it is imperative that the authentication of the user attempting to gain access is verified.

    The problem with the scenario described above is that most sites authenticate users through the use of a login ID and a reusable password that is sent in clear text. There exists a possibility that when the employee attempts to access the office network through the Internet from home, a malicious person could tap the employee's home telephone line and record the entire remote login session. With this information, the malicious person could impersonate a legitimate user and gain access to the company resources, probably without being detected. For this reason, better authentication methods have been developed; a few are described below.

    One-Time Passwords

    The philosophy of one-time passwords is that it does not matter if both the login ID and password were "sniffed" since the password is valid only for one remote login session. One-time password authentication schemes require both the user and corporate systems is set-up to use a login ID and a one-time password. The one-time password is usually composed of a secret and a calculated portion. Both the user and the system must know which password is expected each time a remote login occurs.

    Since it is unrealistic for a user to memorize each of the successive calculated portions of the passwords, systems have been developed that precalculate the calculated portions of the passwords. These can be printed on a small sheet of paper which can be tucked into the user's wallet or purse. If this paper is stolen, it is not enough information by itself for an unauthorized user to gain access to the corporate system. The user's name, login ID and secret portion of the one-time password should NOT be written on this or any other paper.

    Software versions of one-time password schemes can be installed on portable computers so that the paper is not necessary. This assumes the user will only use that portable computer to gain remote access to the company. There are also electronic pocket calculator-like password generators that eliminate the need for the paper listing of one-time passwords. With these calculators, the user enters a secret password that is then used to calculate the one-time password. Again, the secret password, user name and login ID should not be written on the calculator. s/Key is one of the most commonly used one-time password schemes and is available free of charge on the World Wide Web.

    Dynamic Passwords

    Dynamic password authentication schemes are similar to one-time password schemes in that if the login ID and dynamic password are sniffed, there would not be enough information to obtain unauthorized reentry. Dynamic passwords rely on the use of a token card. The token card continuously generates dynamic passwords that are displayed on an LCD screen. The dynamic password alone is not enough information for an unauthorized user to gain access to the local resources. The process requires the user to first enter a login ID, followed by a secret password, followed by the dynamic password displayed on the token card at that instant in time. Once again, the user's name, login ID, and secret password should NOT be written on the token card.

    The most popular dynamic password implementation to date is Security Dynamics' SecureID token card system. This system is not free of charge, but does provide for more convenient and highly improved authentication than that of the traditional login ID and reusable, clear text password authentication method.

    Encryption

    Encryption is a more intensive security mechanism than those described above. Encryption simply refers to the manipulation of a message resulting in a new message that is meaningless to anyone who does not know how to re-manipulate it to its original form. This manipulation of messages is called cryptography.

    There are two types of cryptography: symmetric and asymmetric. The most popular implementation of symmetric cryptography is the Data Encryption Standard (DES). In DES the manipulation of the message is done with a private key that is known only to those parties that need to manipulate the message.

    One of the major drawbacks of symmetric cryptography is that private keys must be communicated prior to the data exchange and are vulnerable to being accessed by unauthorized users at this point. This may sound trivial, but in today's world of electronic information exchange, ensuring that a key is not compromised in transmission is very difficult. Even utilizing non-electronic systems, such as the US Postal Service does not ensure that during transit unauthorized eyes have not seen the key.

    An advantage of symmetric cryptography is the technology is available in hardware implementations. This makes the entire process of encrypting and decrypting messages much faster than cryptography systems that are implemented in software.

    Asymmetric or "public key" cryptography systems operate with both a private and a public key. Messages are encrypted with the sender's private key, and decrypted with the sender's public key. Since each public key decrypts only one private key, the receiver can be certain that the message was generated by the holder of the private key.

    Public key cryptography can also be utilized to ensure that only the intended recipient can decrypt the message by first encrypting the message with the recipient's public key. Since only the recipient holds the corresponding private key, only the recipient will be able to decrypt and read the message.

    Public key cryptography was made feasible by the mathematical algorithm invented by three people: Rivest, Shamir, and Adleman. Their initials make up the most commonly used public key cryptographic implementation, RSA.

    Public key systems do not require the sharing of a private key with others. A person's public key can be published or sent directly to those with whom that person wishes to share secure data. For this reason, as well as the fact that public key cryptography is considered by many to be more robust than symmetric cryptography, public key systems are becoming more and more popular.

    In Conclusion

    Many organizations find it appropriate to implement security at many levels: the network level, the host level, and the application level. It is important to fully understand the consequences of implementing and not implementing security in your network.

    Product names mentioned herein may be service marks, trademarks, or registered trademarks of their respective companies.

    Back to the top

    Appendix A - Address and Domain Registration Survey

    We have provided the following survey to be completed by your network administrator. This is to ensure the appropriate information is passed to the InterNIC in the appropriate format.

    General Site Information:

    Network Specific Information:

    Domain Name Information:

    Back to the top

    Appendix B - Implementation Checklist

    The following list of tips is provided to help make your Dedicated Access Internet implementation as smooth as possible.

    Southwestern Bell Internet Services strongly recommends that dedicated access customers verify that customer-provided network equipment, such as CSU/DSUs and routers, are preconfigured and have been tested (with local loop-back tests if possible) prior to the data transport circuit installation date. In addition, customers should have all other hardware and software related to their Internet service installed prior to the Service Activation date.

    Hardware

    Have you ordered your equipment? Router orders can take up to eight weeks for delivery

    Software Applications

    Servers

    Hosts

    Address and Domain Name Registration

    Data Transport Service

    Have you verified that the designated point of contact is available on the day of circuit installation? (Installations are often delayed because the installation technician can't access the building or wiring closet.)

    Back to the top

    Appendix C - Helpful Resources

    CIDR Overview

    Internet Engineering Task Force Requests For Comments

    The following documents are RFCs that are documents defining defacto standards for the Internet. They are available from various sources, including the Internet at: ftp://rs.internic.net

    RFC # TITLE
    791 Internet Protocol
    793 Transmission Control Protocol
    904 Exterior Gateway Protocol Formal Specification
    920 Domain Requirements
    974 Mail Routing and the Domain System
    1009 Requirements for Internet Gateways
    1055 Transmission of IP over Serial Lines
    1157 A Simple Network Management Protocol (SNMP)
    1209 The Transmission of IP Datagrams over
    the SMDS Service
    1213 Management Information Base for Network
    Management of TCP/IP Based Internets: MIB II
    1281 Guidelines for the Secure Operation of the Internet
    1332 Point-to-Point Protocol Control Protocol
    1334 Point-to-Point Protocol Authentication
    1403 BGP-OSPF Interaction
    1459 Internet Relay Chat Protocol
    1466 Guidelines for Management of IP Address Space
    1467 Status of CIDR Deployment in the Internet
    1477 IDPR as a Proposed Standard
    1478 An Architecture for Inter-Domain Policy Routing
    1492 An Access Control Protocol, Sometimes Called TACACS
    1518 An Architecture for IP Address Allocation with CIDR
    1519 Classless Inter-Domain Routing (CIDR):
    an Address Assignment and Aggregation Strategy
    1520 Exchanging Routing Information Across Provider
    Boundaries in the CIDR Environment
    1531 Dynamic Host Configuration Protocol

    Glossary of Acronyms

    bpsbits per second
    B8ZSBinary 8 Zero Substitution
    CIDRClassless Inter-Domain Routing
    CSUChannel Service Unit
    DESData Encryption Standard
    DNSDomain Name Service
    DSUData Service Unit
    FTPFile Transfer Protocol
    GUIGraphical User Interface
    HTMLHyperText Markup Language
    HTTPHyperText Transfer Protocol
    IANAInternet Addressing and Numbering Authority
    INNInterNetNews
    IPInternet Protocol
    LCDLiquid Crystal Display
    MXMail eXchange
    NAPNetwork Access Point
    NICNetwork Interface Card
    NSINetwork Solutions Inc.
    RAMRandom Access Memory
    RFCRequest for Comment
    RIPRouting Information Protocol
    RSARivest, Shamir, Adleman
    SHTTPSecure HyperText Transfer Protocol
    SMDSSwitched Multimegabit Data Service
    SMTPSimple Mail Transfer Protocol
    SSLSecure Sockets Layer
    TCPTransmission Control Protocol
    UDPUser Datagram Protocol
    WWWWorld Wide Web
    Return Home
    | Home | Home Services | Business Services | Web Hosting |
    | Dial In Numbers | FAQ | News | Safety 'Net | Contact Us | Site Map |

    Copyright © 2003 SBC Southwestern Bell Internet Services. All rights reserved.