WINDOWS 2000 NETWORKING AND THE INTERNET


The current A+ Operating Systems Technologies exam will most likely focus on your ability to configure network settings and protocols from within the Windows 2000 Professional operating system. The configurations of Windows 2000 Server and Advanced Server operating systems for network support are beyond the scope of this book. However, the exam will expect you to have a general understanding of network services such as WINS (Windows Internet Naming Service), DNS (Domain Name Service), DHCP (Dynamic Host Configuration Protocol), and FTP (File Transfer Protocol). In this section, we focus on Windows 2000 Professional network connectivity and define some of the important protocols and services used in networks, including the largest network of all—the Internet.

Important Network and Internet Protocols and Services

In the previous operating system chapters, we have discussed protocols in some detail. In Chapter 25, you learned how to install protocols and services from within the Network applet of Control Panel. In Windows 2000 Professional, protocols and services are installed in much the same way, with the exception that they are installed from a different location. To install protocols and services, simply right-click on My Network Places, right-click on Local Area Connection, and select Properties. You will be presented with the General tab from which you can configure NICs, protocols, and services.

Following are the most important protocols and services that you may have to identify on the A+ exam:

Windows Internet Naming Service (WINS): WINS is used to determine the NetBIOS computer name associated with a particular IP address on a network. This process is known as name resolution. The WINS database resides on a server or servers on a network.

Domain Name Service (DNS): DNS is a name resolution service that resolves Internet or fully qualified network domain names to an IP address. You can change what is known as the DNS server search order on client computers by adding DNS server IP address entries on the client systems. To navigate to this section, right-click on My Network Places and select Properties, right-click on Local Area Connection and Properties. Select Internet Protocol (TCP/IP) and click the Properties button, click the Advanced button, select the DNS tab, and select Add under the DNS Server addresses in the order of use section. Enter the IP addresses of the DNS servers you wish to use to resolve domain names. It’s that simple! This tells the client computer in which order DNS servers should be used to resolve domain names. On another DNS note, domain names have extensions that identify an associated affiliation. .EDU is used for schools and colleges, .COM is for commercial use, .ORG is reserved for nonprofit groups, .GOV is reserved for the United States government, and .NET is used for networking systems or as a replacement for .COM.

Dynamic Host Configuration Protocol (DHCP): DHCP is a protocol used to assign IP addresses automatically on a TCP/IP network. The DHCP server hands out IP addresses to client computers configured to use DHCP. The alternative to DHCP is configuring your system to use a static IP address. To use a static IP address, you will need an IP address, a default gateway, and a subnet mask. If you are using DHCP and need to renew your current dynamically assigned IP address, you should enter the following at a Windows 2000 command prompt:

IPCONFIG /RENEW.

Internet Connection Sharing (ICS): ICS is a feature of dial-up networking that allows all the computers in a home or small business to share one connection to the Internet. In Windows 2000 Professional, ICS can be configured by selecting Start > Settings > Network and Dial-up Connections, right-clicking on an icon configured for an Internet connection, selecting Properties, selecting the Sharing tab, and clicking Enable Internet Connection Sharing for This Connection. You will then be presented with settings that you can customize for your connection.

Note

It is very important for you to remember that ICS is available in Windows 98 SE, Windows 2000, Windows Me, and Windows XP. ICS allows two or more connected computers to share one Internet connection, whether it be a dial-up, DSL, cable, ISDN, satellite, or T1 connection.

Automatic Private IP Addressing (APIPA): APIPA is a service used with Windows 98 and Windows 2000 Professional that allows client computers to configure themselves automatically with the IP address and subnet mask for network connectivity if a DHCP server fails or is not found. If a DHCP server fails, APIPA uses an IP address in the range of 169.254.0.0 through 169.254.255.254.

Hypertext Transfer Protocol (HTTP): HTTP is an Internet protocol used to define consistent connections.

Hypertext Transfer Protocol Secure (HTTPS): HTTPS is a secure protocol used to transmit information over the Internet. To access a secure Internet site, such as ChristopherCrayton.com, you would need a URL entry of HTTPS://ChristopherCrayton.com. HTTPS is concerned with the secure transmission of individual messages between client and host by using TPC port 443 as opposed to the port 80 that is normally used to transmit HTTP data. It is important to note that HTTPS and SSL (described shortly) compliment each other for secure Internet connectivity. Once again, please note that you will know you are using HTTPS when you make a request through your Internet browser and the URL begins with HTTPS://.

SSL (Secure Sockets Layer): SSL is a protocol that uses public and private keys to secure data transmitted over the Internet. With SSL, a secured connection is established between a client and a server. SSL is a commonly used security protocol that provides transport security through Internet browsers provided by Netscape and Microsoft. SSL is a session-based X.509 digital certificate supporting protocol that uses a public and private key exchange to encrypt the passing of data between client and server systems. The SSL protocol supports RSA, DES, IDEA, 3DES, and MD5. SSL can be used by services such as HTTP, FTP, SMTP, IMAP, POP, and Telnet. SSL uses a combination of the SSL Record protocol and the SSL Handshake protocol to provide security. The Handshake protocol provides authentication services, while the Record protocol provides for a secure connection. Many Internet Web sites utilize SSL as a secure means of obtaining confidential customer information, such as bank account numbers and other personal information. It provides confidential Web sessions and authentication services for Web servers.

Simple Mail Transport Protocol (SMTP): SMTP is a protocol used for transferring e-mail between client computers and e-mail severs. For a client to send e-mail messages using SMTP successfully, a client computer should be configured with an IMAP (Internet Message Access Protocol) or POP (Post Office Protocol) server address. POP and IMAP accounts use SMTP to allow a person using a dial-up or Internet connection to gain access to mail on a mail server computer. In most cases, SMTP is used for sending mail only. This is based on its inability to handle message queuing properly at the mail-receiving end. In order to receive stored messages properly from a mail server, most client-side systems are set up for POP or IMAP.

Note

You send mail with SMTP. You download or receive mail with POP or IMAP.

SMTP: This is most often used with TCP port 25. SMTP Relay is when an intermediary mail server (relay server) is used to accept any incoming mail and forward it to another mail server or final destination. This final destination is typically the e-mail server where the user’s e-mail account is stored. There can be many relay servers involved with the relaying of e-mail. The problem here is that mail servers that implement SMTP Relay usually accept most mail received and deliver or relay outgoing mail without verifying or authenticating the sender or receiver. Spammers, spoofers, and unauthorized users can take advantage of this vulnerability by faking a sender’s address, and using just about any receiving address they wish. This can cause great a proliferation of junk mail or ‘spam,’ and it usually does. A common problem among companies that use improperly configured e-mail and SMTP Relay servers is that they are unknowingly being used as hosts to spam other servers and hosts. This can result in a company’s mail server being black holed—meaning they are banned or ‘blocked’ from using e-mail services provided by ISPs. This can then result in major downtime and loss of productivity. SMTP Relay anyone?

NNTP (Network News Transfer Protocol): NNTP is a protocol included with Internet browsers such as Internet Explorer and Netscape, which allows clients and server systems to post and retrieve Usenet newsgroup messages. A program called a newsreader is often used on the client side for this purpose.

File Transfer Protocol (FTP): FTP is a protocol used to transfer data between computers on a TCP/IP network. Special file servers known as FTP servers are used to handle FTP functions. Users are typically authenticated anonymously on FTP file servers, which means that users can read and update information stored on the FTP server without being authenticated or authorized to access the server. The FTP server does care who the user is.

Here are some good practices when configuring and using FTP:

Configure your FTP server to run FTP services only; do not run unnecessary services that can be exploited.

Do not store valuable data that cannot be recovered on your FTP server.

Use a secure file transfer package, such as SSL, and encrypt all important data.

Disallow unnecessary access to your FTP server; do not use a ‘blind’ or anonymous FTP.

Audit and log events on your FTP server.

TFTP (Trivial File Transfer Protocol): TFTP is a scaled down, simplistic version of FTP. Instead of using the TCP (Transmission Control Protocol) that FTP uses, TFTP use the UDP (User Datagram Protocol). Unlike FTP, TFTP does not use authentication and doesn’t provide any security features whatsoever. It is commonly used by servers as a mechanism to reboot diskless systems and X-terminals.

S/FTP (Secure/FTP): There are many third-party programs available today that assist in making your FTP server more secure. Many of these programs are Java based and allow for an SSL encrypted connection to your FTP server. For very secure FTP, X.509 certificates and the use of asymmetric public key cryptography is often used to encrypt public keys. For larger file transmissions, symmetric keys are used to encrypt and decrypt data sessions. There are many algorithms that are used in securing FTP. A few of these include: DES, 3DES, and Blowfish. In conclusion, S/FTP is meant to provide strong authentication and encryption services, and support for FTP.

Workgroup or Domain?

If you have installed Windows 2000 Professional and are not currently attached to a workgroup or domain, you can join your system to a workgroup or domain, or change your system’s name by right-clicking on the My Computer icon, selecting the Network Identification tab, and choosing the Properties button. You will then have the options of changing your computer name or becoming a member of a workgroup or a domain. In order to join your system to a workgroup or domain, you must have administrative privileges.

Internet Connectivity

Configuring your system to connect to the Internet is not difficult. You need a Local Area Connection, TCP/IP, an Internet browser (such as Internet Explorer or Netscape Navigator), a modem, and an ISP.

You can use the Internet Connection Wizard to connect your system to the Internet. To do this, right-click on the Internet Explorer icon located on the Desktop, select Properties, select the Connections tab, and click the Setup button. You will be offered several options for configuring and finally making your connection. Follow the instructions presented by the wizard.

Viruses

Computer viruses are becoming more and more of a threat to the integrity of computer systems and computer data. If a virus has wiped out your important personal information or destroyed your business’ data, then you are probably already aware of how critical it is to have a good antivirus package, updated antivirus DAT files, and a good backup plan.

Viruses are easily spread via the Internet, through e-mail attachments, infected floppy disks, and network shares. The most common types of viruses are the following:

Trojan: A virus that comes disguised as a useful file or program, the file or program is used to deliver the Trojan virus to the system.

Macro: Often spread through e-mail, a macro virus is one that infects programs, files, and templates associated with applications such as Microsoft Word or Excel. Macro viruses usually insert undesired objects or words into documents. They are usually programmed to be triggered by a specific action or event.

Boot sector: These viruses infect the MBR on hard disks. They can easily make the hard disk unbootable. Thus, it is always good practice to have a bootable floppy virus-scanning disk available to assist with recovery from this type of virus.

Polymorphic: This is a very popular type of virus that mutates so that it is virtually undetectable by antivirus software.

File infectors: These types of viruses typically attach to executable programs, such as files with a .COM or .EXE extensions.

Worm: A worm virus resides in computer memory and duplicates itself until it finally consumes enough system resources to render the system inoperative.

Stealth: A stealth virus can infect partition tables, boot sectors, and executable programs, and hides from antivirus detection software.

The recommended way to clean a virus from an infected computer is to boot the system to a virus-scanned boot disk that includes an updated DAT (virus definition) file, and which cleans the virus from the infected system by running the antivirus cleaning software program from the boot disk.

The current A+ operating system technologies exam is likely to test your knowledge regarding the types of media and software that can actually be infected by viruses. For the exam, please note that floppies cannot be infected when they are write-protected, CD-ROMs cannot be infected, hard drive boot sectors can be infected, system and network files can be infected.




The A+ Certification & PC Repair Handbook
The A+ Certification & PC Repair Handbook (Charles River Media Networking/Security)
ISBN: 1584503726
EAN: 2147483647
Year: 2003
Pages: 390

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net