Exam Essentials

Understand the options available for a perimeter network.     When creating a perimeter network you have three options: a single firewall, known as a bastion host, to block all incoming traffic from accessing your network; a three- homed firewall that separates the internal network from a perimeter network that external users can access; or back-to-back firewalls that give you an added layer of protection and allow you to host servers within a perimeter network.

Identify the IP addressing needs.     Every device that uses TCP/IP needs to have an address for which it can communicate on the network. You can use either a private address or a public address when configuring the client systems. You need to determine if you want the systems to have direct access to the Internet or if you are going to use a NAT server or a proxy server.

Know the IP addressing allocation options.     Addresses can be assigned either manually or dynamically. Some systems, such as DNS servers, have to have a static address, but most systems can be dynamically assigned an address. A DHCP server can be used to assign addresses and configuration options to clients. If a DHCP server is not available, clients from Windows 98 on generate an automatic private IP address (APIPA). If the client system is a Windows XP workstation or Windows Server 2003 server, you can configure an alternate IP address within the TCP/IP properties that is used instead of APIPA.

Understand the remote access requirements for the organization.     You need to determine the users who will need remote access to your network and how they will connect. RAS servers can be used as dial-up solutions or as VPN servers. IAS can be used as the RADIUS server to RAS RADIUS clients. Using a RADIUS solution gives you better control over remote access policies and accounting information.

Know the Internet access options.     You can connect a user to the Internet with one of three methods : by configuring a router and giving them direct access; by configuring a NAT server, which will allow them to access the Internet but doesn t give you very much control; and by using a proxy server, which will give you additional caching mechanisms and user account control.

Know the forest design options that can be used with perimeter networks.     The servers in the perimeter network can be part of the same forest as the internal network, but if a system in the perimeter is compromised, finding information about the internal network, or access to the internal network is easier for an attacker. If you create a separate forest for the perimeter, you have the option of not creating a trust relationship between the two forests, which is the most secure method, or of creating either a one-way trust or a two-way trust, which make administration easier, but reduces security.

Understand the options that are available when promoting a domain controller.     When promoting the domain controller, you have the option of opening RPC ports on the firewall so that the domain controllers can communicate, or you can promote the domain controller from backup media, which will reduce replication traffic across the WAN link. The other option is to promote the domain controller at one site to allow the initial replication to commence on a fast network and then transport the domain controller to the other site.