Chapter08

fullgorgedcutNetworking and Communications

Oct 24, 2013 (3 years and 7 months ago)

62 views





70
-
270: MCSE Guide to

Microsoft Windows XP Professional


Second Edition, Enhanced


Chapter 8:

Internetworking with Remote Access


Guide to MCSE 70
-
270, Second Edition, Enhanced

2

Objectives


Understand remote access under Windows XP


Configure various remote access connection types
for a Windows XP Professional system


Install remote access hardware


Understand remote access security


Understand the Internet Options applet

Guide to MCSE 70
-
270, Second Edition, Enhanced

3

Objectives


Implement Internet Connection Sharing and the
Internet Connection Firewall


Understand the native Internet tools and utilities


Troubleshoot remote access problems


Guide to MCSE 70
-
270, Second Edition, Enhanced

4

Remote Access


Components:


Clients


Protocols


WAN connectivity


Security


Server


LAN protocols

Guide to MCSE 70
-
270, Second Edition, Enhanced

5

Features Of Remote Access in
Windows XP



Standard component


No manual service installation required


Guide to MCSE 70
-
270, Second Edition, Enhanced

6

PPP Multilink


Increase overall throughput


Combine bandwidth of two or more physical
communication links


Based on Internet Engineering Task Force (IETF)
standard RFC 1717


Guide to MCSE 70
-
270, Second Edition, Enhanced

7

VPN Protocols


Point
-
to
-
Point Tunneling Protocol (PPTP)


Supports multiprotocol VPNs


Encrypted and secure


Layer Two Tunneling Protocol (L2TP)


Developed by Cisco Systems


Encapsulates PPP frames for transport over various
networks


Used in combination with IPSec

Guide to MCSE 70
-
270, Second Edition, Enhanced

8

Restartable File Copy


Automatically retransmits incomplete file transfers


Faster transmission of large files over lower
-
quality connections


Reduced cost from avoiding retransmission of the
whole file


Reduced frustration from interrupted transfers


Guide to MCSE 70
-
270, Second Edition, Enhanced

9

Idle Disconnect


Shuts off remote access connection after specified
period of inactivity


Reduces the costs of remote access


Frees up inactive remote access ports


Guide to MCSE 70
-
270, Second Edition, Enhanced

10

Autodial and Logon Dial


Automatically connect and retrieve files and
applications stored on remote system


Guide to MCSE 70
-
270, Second Edition, Enhanced

11

Client and Server
Enhancements



Number of client and server components


Allow third
-
party vendors to develop remote
access and dial
-
up networking applications


Guide to MCSE 70
-
270, Second Edition, Enhanced

12

Look and Feel


Undergone changes since Windows 2000


Significantly different from similar utilities in
Windows NT and Windows 95/98


Integrated with networking components


Network Connections:


Multipurpose management interface


Both standard LAN networking links and remote access
links are established and configured


Guide to MCSE 70
-
270, Second Edition, Enhanced

13

Callback Security


Control access to the system from specified phone
numbers


Calls may originate only from known phone
number locations


Remote access client can set the phone number
dynamically

Guide to MCSE 70
-
270, Second Edition, Enhanced

14

WAN Connectivity


Create WAN by connecting existing LANs


Remote access over:


Telephone


ISDN


Cable modems


Campus networks


Other communication lines


Cost
-
effective solution if you have minimal to
moderate network traffic between sites

Guide to MCSE 70
-
270, Second Edition, Enhanced

15

Internet Network Access
Protocols



Supports all standard protocols for remote Internet
access


Remote access protocol dependent on the client
and server OS and LAN protocols



Guide to MCSE 70
-
270, Second Edition, Enhanced

16

PPP


Current standard for remote access


Microsoft recommends using PPP


Flexible


Industry standard


Guide to MCSE 70
-
270, Second Edition, Enhanced

17

PPTP


Allows you to establish a secure remote access
pipeline over the Internet


“Tunnel” IPX or TCP/IP traffic inside PPP
packets


Significant features:


Low transmission costs


Hardware costs


Administrative overhead


Improved security

Guide to MCSE 70
-
270, Second Edition, Enhanced

18

PPP
-
MP


Combines two or more physical remote access
links into one logical bundle with greater
bandwidth


Can combine analog and digital links


All connections to be aggregated must be of the
same technology type


Guide to MCSE 70
-
270, Second Edition, Enhanced

19

SLIP


One of the first protocols developed specifically
for TCP/IP support over dial
-
up connections


Included in Windows XP for backward
-
compatibility


Does not support Dynamic Host Configuration
Protocol (DHCP)


Guide to MCSE 70
-
270, Second Edition, Enhanced

20

IPSec


Security measure added to TCP/IP


Negotiates secure encrypted communications link


Uses public and private encryption key
management


Can be used over RAS/WAN link


Can be used within LAN


Guide to MCSE 70
-
270, Second Edition, Enhanced

21

Telephony Features


TAPI


Remote access Telephony API


Supplies uniform way of accessing:


Fax


Data


Voice


Part of Windows Open System Architecture (WOSA)

Guide to MCSE 70
-
270, Second Edition, Enhanced

22

Remote Access Configuration


Integrated default component of Windows XP


Configured and managed from Network
Connections window


Guide to MCSE 70
-
270, Second Edition, Enhanced

23

Network Connections Window

Guide to MCSE 70
-
270, Second Edition, Enhanced

24

Installing Remote Access
Hardware



Hardware must be installed before remote
connection established


Windows XP inspects hardware and attempts to
identify any new devices


Windows XP attempts to locate and install drivers
for new device


Guide to MCSE 70
-
270, Second Edition, Enhanced

25

Phone and Modem Options


Primary Control Panel applet for managing remote
access devices and operations


Used to control:


Dialing rules


Configure remote access devices


Configure telephony driver properties



Guide to MCSE 70
-
270, Second Edition, Enhanced

26

Connecting to the Internet


Connect to the Internet Wizard:


Choose from a list of Internet service providers (ISPs)


Set up my connection manually


Use the CD I got from an ISP


Guide to MCSE 70
-
270, Second Edition, Enhanced

27

Connection Status Dialog Box

Guide to MCSE 70
-
270, Second Edition, Enhanced

28

Internet Connection Sharing


Used to share single network connection with
small group of networked computers


Enabled on Advanced tab of connection object’s
Properties dialog box


Incorporates:


Network Address Translation (NAT) function


Dynamic Host Configuration Protocol (DHCP) address
allocator


Domain Name System (DNS) proxy

Guide to MCSE 70
-
270, Second Edition, Enhanced

29

Internet Connection Firewall


Security measure for protecting network
connections from unwanted traffic


Can set restrictions on traffic in and out of
network to an external network or the Internet


Much
-
needed feature for systems that employ
shared broadband connections


Stateful firewall


Blocks most incoming traffic by default

Guide to MCSE 70
-
270, Second Edition, Enhanced

30

Connecting to the Network at
My Workplace



Virtual Private Networking (VPN)


Trend in mobile computing


Employs the Internet as long
-
distance carrier to enable
distant, secure LAN connections


Windows XP VPN:


Encrypts all traffic


Setup with New Connection Wizard


Guide to MCSE 70
-
270, Second Edition, Enhanced

31

Setting Up an Advanced
Connection



Used to:


Establish direct connection between two systems


Transfer large amount of data with no network connection


Use serial

or parallel cable


Configure system to answer inbound dial
-
up calls


Can act as remote access server for single incoming connection


Only for special
-
purpose applications



Guide to MCSE 70
-
270, Second Edition, Enhanced

32

Alternate IP Configuration


Available whenever networking connection object
uses DHCP


Preconfigure alternate default IP configuration if
DHCP fails


Prevents APIPA address from being assigned


Guide to MCSE 70
-
270, Second Edition, Enhanced

33

Remote Access Security


Built on Windows XP local and network security


Dial
-
up connection objects


Authentication and encryption security options


VPN


Used to secure remote access

Guide to MCSE 70
-
270, Second Edition, Enhanced

34

Certificates


Provide proof of identity for network and Internet
communications


Allow systems to trust unknown online parties for
the purposes of:


Exchanging information


Exchanging Data


Performing e
-
commerce


Product of cryptographic mechanism known as
public key infrastructure (PKI)

Guide to MCSE 70
-
270, Second Edition, Enhanced

35

Certificates (continued)


Certificate Authority (CA):


Responsible for:


Creating


Issuing


Managing


Revoking certificates


Can be server computer system within organization’s
network or service offered by independent third
-
party
organization


Guide to MCSE 70
-
270, Second Edition, Enhanced

36

Internet Options Applet


Used to define settings for Internet Explorer and
general Internet access


Four Web zones:


Internet


Local intranet


Trusted sites


Restricted sites


Guide to MCSE 70
-
270, Second Edition, Enhanced

37

Internet Options Applet
(continued)



Security restrictions:


Low


Medium Low


Medium


High

Guide to MCSE 70
-
270, Second Edition, Enhanced

38

Windows XP and the Internet


Tools to help access the Internet:


Internet Explorer


Outlook Express


FTP client,


Telnet client


Internet Information Server (IIS)


Guide to MCSE 70
-
270, Second Edition, Enhanced

39

Internet Explorer


Version 6.0 is included


State
-
of
-
the
-
art Web browser


Tightly integrated with other Windows
applications


Wide range of security related configuration
options


Can be used as FTP client.


Guide to MCSE 70
-
270, Second Edition, Enhanced

40

Outlook Express


Popular e
-
mail client utility


Part of Microsoft Office


Outlook Express included in Windows XP


Used to read and write e
-
mail


Used to file and sort messages


Contact management tool


Guide to MCSE 70
-
270, Second Edition, Enhanced

41

FTP Client


Command
-
line implementation of FTP client
included in Windows XP


Numerous freeware and shareware GUI
implementations:


More user
-
friendly

Guide to MCSE 70
-
270, Second Edition, Enhanced

42

Telnet Client


Simple tool provided in Windows XP


Attempts to establish Telnet session with remote
system based on domain name or IP address


Guide to MCSE 70
-
270, Second Edition, Enhanced

43

Internet Information Server


Reduced functionality version of Internet
Information Server (IIS) included with Windows
XP


Allows system to host Web and FTP services


Limited to 10 simultaneous connections


Not designed or intended for public Web/FTP site
hosting

Guide to MCSE 70
-
270, Second Edition, Enhanced

44

Order Prints Online


Feature of the My Pictures folder


Starts the Online Print Ordering Wizard


Requires that Internet access be available


Guide to MCSE 70
-
270, Second Edition, Enhanced

45

Client Vs. Server
-
based
Remote Access



Limited to a single incoming dial
-
up connection


Can support only 10 simultaneous network
connections


Can share an Internet link with a workgroup

Guide to MCSE 70
-
270, Second Edition, Enhanced

46

Remote Access
Troubleshooting


Problems can be fairly elusive


Check:


Physical connections (phone lines, serial cables, etc.)


Power to external devices


Properly installed and updated drivers


Properly configured settings


Correct authentication credentials


Similar encryption or security requirements


Proper protocol requirements and settings

Guide to MCSE 70
-
270, Second Edition, Enhanced

47

Remote Access
Troubleshooting (continued)



Log files:


File containing all communications made between the
OS and modem device during connection establishment


PPP.LOG


System log

Guide to MCSE 70
-
270, Second Edition, Enhanced

48

Summary


Windows XP works with various internetworking and
remote access protocols


Windows XP provides security and encryption features for
remote access


Internet Connection Sharing can be used to share a
single ISP link with a small network


Certificates are used to prove identity and support
secured online transactions