Q - Elsevier

Download Report

Transcript Q - Elsevier

Configuring Network Access
EXAM OBJECTIVES
Configuring Routing
Configuring Remote Access
Configuring Wireless Access

Copyright line.
Configuring Routing



Static Routing - Describes a system that does not implement adaptive
routing in its configuration. In these systems, routes through a network
are defined by set paths referred to as static routes. These types of
routes are inserted into the router manually by the system
administrator. This is accomplished via the route command, which can
be used to manipulate local routing tables.
Distance-vector Routing Protocol - A distance-vector routing protocol
requires that a router contact and transmit to its neighbors any topology
changes to the network. The frequency of this must be periodic and in
most instances when a change is detected. RIP is the most popular
example of this type of protocol.
Link State Protocol - The simplest explanation of link-state routing is
that every node (router) is given a map of the topology of the network.
This map is in graph form, and shows the connectivity of all the nodes
in the network. Then each individual node calculates the next best hop
from every node in the network. This information then forms the routing
table for each individual node based on its calculations. No other
communications occur between nodes.
Copyright line.
Slide 2
Configuring Remote Access







Remote access policies validate a number of connection settings before authorizing the
connection, including the following: Remote access permission, Group membership, Type of
connection, Time of day, and Authentication methods.
Small- to medium-sized organizations with private networks to access resources on the
Internet or other public network, use NAT for this reason. They configure reusable private
IPv4 addresses while the computers on the public servers are set up with globally unique
IPv4 addresses. The most useful deployment of NAT is in a SOHO or a medium-sized
business that uses RRAS.
SSTP is an application-layer protocol. It uses a synchronous communication, which works in
unilateral motion between two programs, allowing a constant exchange and comparison of
data. It allows for a very efficient usage of the communication resources available to a
network. SSTP is based on SSL as opposed to IPSec or PPTP, and thereby uses port 443
for traffic.
VPN uses public wires to join nodes to create a network. There are a large number of
security systems at play within the VPN, such as encryption and other security measures,
which makes certain that no data is intercepted by unauthorized users.
RADIUS is protocol used for controlling access to network resources by authenticating,
authorizing, and accounting for access, referred to as an AAA protocol.
Windows Server 2008 Microsoft has replaced IAS with a new feature called NPS, which is
the Microsoft implementation of a RADIUS server and proxy in Windows Server 2008.
NAP, when used in unison with NPS, creates a “total system health policy enforcement
platform.”
Copyright line.
Slide 3
Configuring Wireless Access







The SSID is a 32-character unique identifier attached to the header of packets that are sent
over a WLAN. No device will be permitted to join the BSS, unless it can provide the unique
SSID.
In Windows Server 2008, an additional wireless network configuration setting has been
added that can indicate whether a wireless network is broadcast or non-broadcast. This
allows Windows Server 2008-based wireless clients to detect non-broadcast networks when
they are in range.
Windows Server 2008 has a command-line configuration of wireless settings that can help
deployment of wireless networks.
WPA was designed to provide a much higher level of security for wireless users than
existing WEP standards provide. The WPA specification makes allowances both for
network-based authentication for corporate networks, and for a special home mode for use
in a SOHO or home-user environment. WPA is capable of interoperating with WEP devices.
Windows Server 2008 includes full support for WPA2 for an ad hoc mode wireless network,
including the Fast Roaming settings.
On wireless computer networks, ad hoc mode is a method for wireless devices to directly
communicate with each other. Operating in ad hoc mode allows all wireless devices within
range of each other to discover and communicate in peer-to-peer fashion without involving
central access points.
Infrastructure mode requires a wireless AP for wireless networking. To join the WLAN, the
AP and all wireless clients must be configured to use the same SSID. The AP is then cabled
to the wired network to allow wireless clients access to, for example, Internet connections or
printers.
Copyright line.
Slide 4
FAQ


Q: What is Static Routing?
A: Static routing describes a system that
does not implement adaptive routing in its
configuration. In these systems, routes
through a network are defined by set paths
referred to as static routes.
Copyright line.
Slide 5
FAQ
Q: What changes have been made to Windows Server 2008 in regards to routing?
A: These are the major changes present in Windows Server 2008 in regards to routing:
·
BAP is no longer supported by Windows Server 2008.
·
X.25 is also no longer supported.
·
SLIP, an encapsulation of IP meant for use over serial ports and modems, has also
been excluded due to infrequency of use. All SLIP-based connections will
automatically be updated to PPP-based connections.
·
ATM, which was used to encode data traffic into small fixed cells, has been
discarded.
·
IP over IEEE 1394 is no longer supported.
·
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol has been omitted.
·
Services for Macintosh (SFM)
·
OSPF routing protocol component in Routing and Remote Access is no longer
present.
·
Basic Firewall in Routing and Remote Access has been replaced with the new
Windows Firewall feature.
·
Static IP filter APIs for Routing and Remote Access are no longer viable, and have
been replaced with Windows Filtering Platform APIs.
·
SPAP, EAP-MD5-CHAP, and MS-CHAP authentication protocols for PPP-based
connections are no longer used by Windows Server 2008.
Copyright line.
Slide 6
FAQ
Q:Is IAS still a feature of Windows Server 2008 and if
not, what has replaced it?
A:In previous incarnations of Windows Server 2003 IAS
snap-in was Microsoft’s implementation of a RADIUS
server and proxy. It was capable of performing
localized connection AAA Protocol for many types of
network access, including wireless and VPN
connections. For Windows Server 2008, Microsoft
has replaced IAS with a new snap in called NPS.
NPS is the Microsoft implementation of a RADIUS
server and proxy in Windows Server 2008, and
promises to be even simpler to use than IAS.
Copyright line.
Slide 7
FAQ
Q: What is an SSL VPN?
A: An SSL VPH is a VPN that uses SSTP as its
tunneling protocol. With SSLVPN, static IP
addresses are not required, clients are
unnecessary in most cases, and since
connections are made via a browser over the
Internet, the default connection protocol is
TCP/IP. This makes connections transparent
to the user.
Copyright line.
Slide 8
FAQ
Q: How is Windows Firewall with Advanced Security better than previous
versions?
A: This new version of WFAS has a number of advanced components that
will help with your security needs.
·
New GUI Interface MMC is a snap-in that is available to
help configure the advanced firewall.
·
Bi-directional Filters Unlike past versions of Windows
Firewall, WFAS filters both outbound traffic and inbound traffic.
·
Better IPSec Compatibility WFAS rules and IPSec encryption
configurations are both integrated into the same singular
interface.
·
Enhanced Rules Generation Using WFAS, you can create
firewall rules for Windows Active Directory service accounts and
groups. This includes source/destination IP addresses, protocol
numbers, source and destination TCP/UDP ports, ICMP, IPv6
traffic, and interface all on the Windows Server.
Copyright line.
Slide 9
FAQ
Q: When does ad hoc mode work best for
wireless access?
A: Ad hoc networks work best when building a
small, all-wireless LAN quickly, with the
lowest cost possible for equipment. Ad hoc
networks also work well as a temporary
fallback mechanism if normally available
infrastructure mode gear (APs or routers) fail
to function.
Copyright line.
Slide 10
Exam Warning


Some of the old familiar aspects of Windows Routing
and Remote Access have changed since Windows
Server 2003. Be sure to familiarize yourself with the
improvements and discontinuations to these features
before test day.
Don’t get caught off guard by confusing old
functionality with new functionality, such as the
differences between Windows Firewall with Advanced
Protection and the old Windows Firewall. Also be
aware of technology that is no longer supported in
this new build. This will help you to stay focused and
result in better retention for the exam.
Copyright line.
Slide 11
Test Day Tip

Take advantage of the fundamentals of
routing by practicing with routing tables and
configuring your traffic flow. Remember that
even the most complicated networks can find
a need for the use of static routing. Be aware
of how static routing can affect a system as
opposed to dynamic routing.
Copyright line.
Slide 12
Test Day Tip

When using Windows Server 2008,
remember that the output of the route
command will now show IPv6 options by
default. For the exam, make sure that you are
familiar with the options of IPv6 and the route
command.
Copyright line.
Slide 13
Exam Warning

As of this writing, the OSPF routing protocol
component is no longer present in Windows
Server 2008. Although this may not be
covered in the exam extensively, knowledge
regarding this protocol will help you better
understand RIP and other routing protocols
by comparison, and will help with real-world
applications that may occur as a
consequence of the removal of this element.
Copyright line.
Slide 14
Exam Warning

Remote access is an important part of the exam, and
will weigh heavily into the overall grade. Be sure to
familiarize yourself with all of the aspects of the
objective. Also be sure to familiarize yourself with
usage of MMC, Network Policy Server (NPS), and
NAP, which are additional tools that maybe be
covered in a small portion of the exam. Remember,
every question counts and a comprehensive
knowledge of the subject matter will ensure total
retention for usage in real-world environments.
Copyright line.
Slide 15
Test Day Tip


As you can see there are many similarities between
the new features available in Windows Server 2008
and previous versions of Windows Server. Try to be
certain of the distinguishing elements that separate
the two. Although two features may have similar uses
and applications, their exact functionality may be very
different.
For example, you should remember that although
STTP may be closely related to SSL, no cross
comparison can be made between the two. You
should be sure not to confuse the two, as SSTP is
only a tunneling protocol, unlike SSL.
Copyright line.
Slide 16
Exam Warning


SSL uses a cryptographic system, which uses two encrypted
keys to secure data. One is the public key and the other is the
private key. The public key is recognizable to everyone and the
private can only be identified by the recipient. A secure
connection between a client and a server is created by this
method of encryption. You can thereby establish secure remote
access from almost any Internet-connected Web browser, which
was not possible using traditional VPN.
Please remember that while SSTP is a strong method for clientto-site VPN connection, it is not designed for site-to-site VPN
connections. If you need a site-to-site VPN connection, you
should use a traditional VPN.
Copyright line.
Slide 17
Test Day Tip

Be familiar with all of the tools available to
you in Server Manager. Windows Server
2008 provides a number of roles and snap-in
features that help immensely with your job as
an administrator. When you are prepping the
day of the exam, make sure you can identify
and locate roles like RRAS and Network
protection and Access roles. This will help
you gain a better understanding of the design
structure for Windows Server 2008, and help
you to apply what you know on your exam.
Copyright line.
Slide 18
Exam Warning

There are a number of server types that can
be set up in a given real-world situation. It is
up to you to determine which suits your
clients’ needs the best. For the exam,
however, you must be aware of what type of
information concerning what type of access is
being asked of you. Remember that RRAS
and NPS are two different means of setting
up many of the available services. Be sure to
double check the type of server information
the question is calling for.
Copyright line.
Slide 19
Test Day Tip

Remember to know your hardware. The installed
wireless network adapter must be able to support
the wireless LAN or wireless security standards
that you require. For example, Windows Server
supports configuration options for the Wi-Fi
Protected Access (WPA) and Wi-Fi Protected
Access 2 (WPA2) security standards. However, if
the wireless network adapter does not support
WPA2, you cannot enable or configure WPA2
security options.
Copyright line.
Slide 20