Because ADSL uses high frequency signals that are outside the range the human ear is capable of hearing, the service can operate over the same pair of copper wires as your ordinary phone line. However, to prevent the ADSL data signal from interfering with your regular telephones and other equipment such as fax machines and answerphones, a microfilter (also referred to as splitter) is required to strip out the data signal so that your analogue devices can receive the normal voice signal without interference.
In the UK, prior to December 2001, ordering an ADSL service from your ISP required that a BT engineer subsequently visited your home to install the service.
As well as the installation and connection of an ADSL modem – referred to as Customer Premises Equipment (CPE) – this also entailed a splitter being fit to the master BT phone socket. This was built-in to a a new NTE5 faceplate which provided a pair of socket, one for the ADSL modem and the other for a telephone.
One of the disadvantages of this arrangement was that if your computer equipment didn’t happen to be close to your BT master socket, you’d have to resort to running extension cabling. However, the main disadvantage was that the reliance on a BT engineer. As well as increasing the cost of ADSL services it also led to delays in servicing subscribers.
All this changed in late 2001 when BT announced a wires-only service. Wires-only – also referred to as self-install – does not require that a BT engineer visit the subscriber’s premises. Provided your local exchange is ADSL-compatible and you’re close enough to receive the service, BT simply enable the subscriber’s line for ADSL and leave them to source installation of suitable ADSL CPE products.
Since you don’t get a modified linebox, the combined data/voice signal is carried to all extension sockets on your line. This means that you can install your ADSL modem or router anywhere where you have a phone extension. However, to prevent interference with analogue equipment, you need to fit each extension socket to which such equipment may potentially be connected with an individual microfilter.
Microfilters normally have two output sockets on them – an RJ11 socket for your ADSL modem/router and a BT type socket for your telephone equipment. Some are designed to plug directly into an extension socket, others via a dongle lead.
As more and more local exchanges are made ADSL-compatible, the wires-only service will become the de-facto (and eventually the only) mechanism for all business and home user connections. This business model matches what already happens for example in the highly developed US and Korean DSL markets, where a wide range of CPE is already available. Such products and are now being offered by a wide variety of sources in the UK.
It’s not only with respect to choice of CPE that wires-only offers greater flexibility. Previously, subscription to ADSL meant a fixed-term contract of 12 months with no transferability from premises to premises. Now customers can subscribe to a wires-only service for a minimum fixed term of one month only.
The advent of wires-only has resulted in wide range of ADSL equipment coming to market. The cheapest option is an ADSL modem connected to a single PC through a USB socket; this is referred to as USB presentation. The more expensive alternative is Ethernet presentation. This implies a multi-user capability and the use of a standard RJ45 Ethernet socket for connection to an existing or planned local area network. These devices often come in the form of a combined ADSL modem/router. Many come with an integrated firewall and some can handle both wired and wireless Ethernet.
In general terms, a router is a device that performs the necessary navigation and translation functions to facilitate communication between inter-connected systems on a network. In the context of a broadband modem/router, it is typically also responsible for sharing a single external IP address across your internal LAN and for the provision of an intrusion detection firewall capability.
With respect to the former, the following are important concepts:
- NAT (Network Address Translation)
- DHCP (Dynamic Host Configuration Protocol)
Internet Protocol (IP) is the language by which systems inter-communicate over the Internet, each system having a unique IP Address by which it may be identified. Since an IP address is a 32-bit number, it’s theoretically possible to have 4,294,967,296 unique addresses. In fact, not every address is available for public use, so the actual maximum is somewhere between 3.2 and 3.3 billion. The important point is that, whatever the precise number, it’s not enough.
Essentially, NAT works by allowing an internal network to communicate with the Internet without the need for every machine on the internal network to be assigned a unique global IP address. Instead the internal network uses a private IP address that has been specifically set aside for the purpose, currently the ranges:
- 10.0.0.0 to 10.255.255.255
- 172.16.0.0 to 172.31.255.255 and
- 192.168.0.0 to 192.168.255.255.
A modem/router actually has two IP addresses; an inwards-looking one that’s used by the various machines on the internal network, and an external one that’s used by the outside world. When NAT receives a packet from the internal private network it modifies the IP header to that of the router’s global IP address before transmitting it to the Internet. The private internal IP address, destination IP address and port number are stored in a translation table so that when a response packet is received, NAT can associate it with the appropriate internal IP address and modify the IP header accordingly.
The NAT-enabled router has an IP address of 192.168.254.254 for the inside network and an address of 184.108.40.206 for the outside network. Anytime a machine on the private network makes a request to the Internet, NAT will translate the 192.168.254.254 address to 220.127.116.11.
Dynamic Host Configuration Protocol is an Internet protocol used to supply IP addresses requested by client computers on a TCP/IP network. Modern-day broadband modem/routers include an integrated DHCP server that’s configured with a range of IP addresses and other configuration information for client systems on a specific network. When a client system is added to the network, electing to Obtain an IP address automatically will cause the DHCP server to be queried and a lease for an IP address negotiated. Once this is done, the client receives an IP address and netmask that it can use for a set period of time.
DHCP and NAT are complementary technologies, the one assigning internal IP addresses, the other handling the translation of these to global IP addresses to allow communication with the outside world. Together they significantly reduce the hassle of administering a private network. As well as providing a solution to the world shortage of official IP addresses, by hiding internal network IP addresses from the outside world, they also confer significant advantages in the area of network security.
With always-on connections such as cable modems and DSL lines, Internet users need to be increasingly vigilant of security issues, as network traffic coming into the computer can cause damage to files and programs even when the user is away from the computer and the computer is idle. As a consequence, firewalls – which have existed in the domain of the enterprise network for several years – are increasingly being found in consumer broadband modem/routers.
As a minimum, such devices support packet filtering. This works by examining the header of the IP packet and blocking data that does not conform to certain parameters based on all or some of the following:
- source IP address
- destination IP address
- TCP/UDP source port
- TCP/UDP destination port.
The advantage of packet filtering is high performance. However, it’s inflexible and not that difficult to circumvent. For example, it can be breached by use of the technique known as IP spoofing, whereby hackers fool the filtering mechanism into thinking that packets are coming from a trusted source. Another fundamental limitation is that they allow direct connection between source and destination computers, and once the initial connection has been approved a host is thereafter exposed to attack.
Stateful inspection also intercepts packets at the network layer for optimal performance, but by looks at the content as well as the headers of each packet it’s able to determine the current state of an ongoing communication and ensure that any inbound transmissions have been initiated by the recipient computer and are taking place only with sources that it can be assured are known and trusted from previous interactions. A further advantage of stateful inspections is that ports remain closed until a connection request is received, making them less susceptible to the threat of port scanning.
The importance of a firewall shouldn’t be underestimated. Any network, no matter how it connects to the Internet, can be attacked. The degree of vulnerability increases exponentially with always-on broadband links. Windows XP comes with a firewall capability and, in the absence of a firewall-capable modem/router you should at the very least ensure that your use this or one of the many personal-firewall software applications on the market.