790 likes | 994 Views
Understanding, Configuring, and Securing TCP/IP Networks. Lesson 11. Skills Matrix. Skills Matrix. Skills Matrix. Understanding TCP/IP.
E N D
Understanding, Configuring, and Securing TCP/IP Networks Lesson 11
Understanding TCP/IP • Transmission Control Protocol/Internet Protocol(TCP/IP)– Most commonly used protocol for communication on computer networks. It is the network communications protocol that is the basis for the Internet. Introducing TCP/IP
Understanding TCP/IP (cont.) • Computers running Windows Vista are by default TCP/IP hosts, meaning that they have all of the software required for taking part in a TCP/IP network. Introducing TCP/IP
Understanding IP Addresses • TCP/IP hosts, such as computers running Windows Vista, are identified on TCP/IP networks with anIP address. • Other network entities, such as printers or routers, can also be identified with an IP address. Introducing TCP/IP
Understanding IP Addresses (cont.) • IP addresses are 32 bits in length and are expressed in four octets separated from one another with a dot (the “.” character). • Each octet is 8 bits long (32 bits for each address divided by 4 octets = 8 bits), which is why they are called octets. • Example IP address: 10.23.132.23 Introducing TCP/IP
Understanding IP Addresses (cont.) • Octets are expressed as values between 0 and 255 (with some restrictions). The first octet determines the class of the address. • Classes– Divide the IP address space into sections that are used for different purposes Introducing TCP/IP
Understanding IP Addresses (cont.) Introducing TCP/IP
Understanding IP Addresses (cont.) • TCP/IP hosts that are directly exposed to the Internet must receive their IP addresses from the Internet Corporation for Assigned Names and Numbers (ICANN) or some other authority. These IP addresses are called public-facing IP addresses. Introducing TCP/IP
Understanding IP Addresses (cont.) • Almost all organizations today use private networks, in which the IP addresses internal to the organization are hidden from hosts external to the organization. Introducing TCP/IP
Understanding Subnetting and Subnet Masks • Subnetting – Using subnet masks to partition a network into smaller networks called subnets • Subnet mask– Used by subnetting to divide an IP address into a network ID and a host ID • NetworkID– Identifies the subnet • HostID– Identifies the host within that subnet Introducing TCP/IP
Understanding Subnetting and Subnet Masks (cont.) • Subnet masks– Divide IP addresses into network IDs and host IDs and can be used to partition networks into subnets • Example of a subnet mask for the IP address 10.23.132.23: 255.0.0.0 Introducing TCP/IP
Converting Octets from Decimal to Binary • In Calculator in the View menu, click Scientific. • Key the decimal octet. • In the upper left just below the text box, select Bin. The number is displayed in binary. • Add zeros to the left side until there are eight digits. Introducing TCP/IP
Converting Octets from Binary to Decimal • Open Calculator in Scientific view. • Select Bin in the upper left. • Key the binary value, with the exclusion of leading 0s. • Select Dec in the upper left. The value is displayed in decimal. Introducing TCP/IP
Combining Octets Using a Logical AND • Compare the first digit of each octet, and follow these rules. • 1 AND 1 = 1 • 0 AND 0 = 0 • 0 AND 1 = 0 • Do the same for the remaining 7 digits. Introducing TCP/IP
Applying a Logical NOT to an Octet • Replace each 1 with a 0. • Replace each 0 with a 1. Introducing TCP/IP
IP Address Classes Introducing TCP/IP
Calculating a Network ID Introducing TCP/IP
Calculating a Host ID Introducing TCP/IP
Understanding Classless Inter-Domain Routing Notation • Classless Inter-Domain Routing (CIDR) notation– Common way of expressing a subnetted network address, from which you can derive the IP addresses and subnet mask for the hosts on each network • Example: 192.168.255.0/26 Introducing TCP/IP
Understanding DNS • Domain Name System (DNS)– Hierarchical naming convention for identifying TCP/IP hosts on a network • Fully qualified domain names(FQDNs)– User-friendly names to which IP addresses are mapped in DNS • Example FQDN: client42.northwind.contoso.com Understanding DNS
DNS Hierarchy Introducing TCP/IP
DNS Caching • Both DNS clients and servers can cache DNS name resolutions. • DNS caching– After the answer is found to a resolution, clients and servers store it locally for some time in case they need it. In this way, they won’t have to look it up again, which increases performance. Understanding DNS
Understanding DHCP • Dynamic Host Control Protocol(DHCP)– Protocol that DHCP clients, such as computers running Windows Vista, can use to request and lease IP addresses from a DHCP server. The client can also use DHCP to request DHCP options. Understanding DHCP
Understanding DHCP (cont.) • DHCP client– Machine that uses DHCP to request an IP address lease and other information, called DHCP options • DHCP server– Allocates IP addresses from a pool of IP addresses to DHCP clients and optionally offers supporting information to DHCP clients, called DHCP options Understanding DHCP
Understanding DHCP (cont.) • DHCP option– Piece of information that DHCP servers can optionally offer to DHCP clients, including default gateway IP addresses and IP addresses for DNS name servers • DHCP lease– Entire package that a DHCP client receives from a DHCP server Understanding DHCP
Understanding DHCP (cont.) • The process of a DHCP client requesting and receiving a DHCP lease from a DHCP server is completed in the following four steps. • DHCPDISCOVER – The DHCP client broadcasts a request for a DHCP lease. • DHCPOFFER – DHCP servers on the network offer DHCP leases of specific IP addresses to the DHCP client. Understanding DHCP
Understanding DHCP (cont.) • Requesting and receiving a DHCP lease (cont.) • DHCPREQUEST – The DHCP client chooses from which DHCP server to obtain a DHCP lease and broadcasts that it has chosen that server in a broadcast message. The other offering DHCP servers receive the DHCPREQUEST message and return the IP addresses they offered to their pools of available IP addresses for lease. Understanding DHCP
Understanding DHCP (cont.) • Requesting and receiving a DHCP lease (cont.) • DHCPACK – The chosen DHCP server also receives the DHCPREQUEST message. It sends an acknowledgement to the DHCP client and assigns it any configured DHCP options. The client configures its TCP/IP settings with the IP address and DHCP options supplied by the DHCP server. Understanding DHCP
Understanding DHCP (cont.) • Automatic Private IP Addressing (APIPA)– Another scheme for assigning IP addresses automatically. It is a part of Windows operating systems. If you configure a computer to automatically obtain an IP address and no DHCP server is available, you will receive an APIPA address. • APIPA addresses always start with the octets 169.254. Understanding DHCP
Configuring IPv4 TCP/IP Network Settings Manually Properties dialog box for an example connection Configuring TCP/IP Network Settings
Configuring IPv4 TCP/IP Network Settings Manually (cont.) Example settings for a Class C private network with 64 subnets Configuring TCP/IP Network Settings
Using DHCP to Configure TCP/IP Settings Automatically • Open the Properties dialog box for the connection you want to configure. • In the ConnectionName Properties dialog box, select Internet Protocol Version 4 (TCP/IPv4), and then click Properties. • Select Obtain an IP address automatically. Configuring TCP/IP Network Settings
Using DHCP to Configure TCP/IP Settings Automatically (cont.) • Select one of the following: • Obtain DNS server addresses automatically • Use the following DNS server addresses Configuring TCP/IP Network Settings
Configuring an Alternate IP Address Example alternate IP address settings for a class A private network Configuring TCP/IP Network Settings
Configuring Windows Vista Wired Network Policy in Group Policy • You can configure network settings through Group Policy in the Computer Configuration > Windows Settings > Security Settings > Wired Network (IEEE 802.3) Policies folder of Group Policy objects (GPOs). Configuring TCP/IP Network Settings
Configuring Vista Wired Network Policy in Group Policy (cont.) The Security tab of the WiredNetworkPolicyName Properties dialog box Configuring TCP/IP Network Settings
Configuring Vista Wired Network Policy in Group Policy (cont.) • In the Select a network authentication method drop-down list, select one of the following: • Smart Card or other certificate– Select this option if you want wireless users to authenticate with a smart card. • Protected EAP (PEAP)– Protected Extensible Authentication Protocol. Usernames and passwords fall into this authentication category. Configuring TCP/IP Network Settings
Configuring Vista Wired Network Policy in Group Policy (cont.) • In the Authentication Mode drop-down list, select one of the following: • User re-authentication– Authentication uses the computer’s credentials when a user is not logged on. When a user logs on, re-authentication using the user’s credentials is performed. • Computer Authentication– Authentication uses the computer’s credentials. Configuring TCP/IP Network Settings
Configuring Vista Wired Network Policy in Group Policy (cont.) • In the Authentication Mode drop-down list, select one of the following (cont.): • User authentication– Authentication uses the computer’s credentials until a new wireless access point is connected to, at which time re-authentication takes place with the user’s credentials. Configuring TCP/IP Network Settings
Configuring TCP/IP Network Settings Configuring Vista Wired Network Policy in Group Policy (cont.) In the Authentication Mode drop-down list, select one of the following (cont.): • Guest authentication– All connections to the network are regulated by the settings for the Guest user account. This is the least restrictive and most flexible authentication and is recommended when you are creating a wireless policy for a network where guests are welcome.
Wireless Networking and Security • Security is very important in wireless networks because anybody with a receiver can potentially log on to the network if security is weak. Understanding and Configuring Wireless Networking and Security
Wireless Networking and Security (cont.) • In Vista, networks are differentiated into two broad classes. • Infrastructure networks– Networks that connect to wireless access points on your network • Ad-hoc networks– Networks that you can form on the fly with other wireless users Understanding and Configuring Wireless Networking and Security
Wireless Networking and Security (cont.) • Wired Equivalent Policy(WEP)– Least secure technology. It requires a WEP key, which you supply to the wireless devices that connect to the access point. WEP has known vulnerabilities that enable hackers to crack it with retail hardware. WEP is not recommended for enterprise use. Understanding and Configuring Wireless Networking and Security
Wireless Networking and Security (cont.) • Wi-Fi Protected Access(WPA)– Designed to eliminate the known security flaws of WEP. Wireless devices and the access point use a pre-shared key (PSK) that can be either a 256-bit number or an alphanumeric password between 8 and 63 characters long. Understanding and Configuring Wireless Networking and Security
Wireless Networking and Security (cont.) • Wi-Fi Protected Access 2(WPA2)– Preferred security technology for enterprise wireless networks. It uses 802.1X-based authentication and Advanced Encryption Standard (AES) encryption. Understanding and Configuring Wireless Networking and Security
Wireless Networking and Security (cont.) • There are two versions of WPA2. • WPA2-personal • WPA2-enterprise • WPA2-enterprise requires that a user authenticate on the network before wireless connectivity is granted. Understanding and Configuring Wireless Networking and Security
Wireless Networking and Security (cont.) • Enterprise Single Sign-on– Enables users to authenticate to the wireless network access point and the domain in a single step. In Enterprise Single Sign-on, 802.1X authentication to the wireless network precedes logon to the domain, and users are only prompted for wireless credential information if needed. Understanding and Configuring Wireless Networking and Security