|
|
 |
|
|
|
MCSE Microsoft® Windows® 2000 Network Infrastructure Readiness Review; Exam 70-216
|
|
|
Author |
|
Dave Perkovich
|
|
|
Pages |
288
|
|
Disk |
1 Companion CD(s)
|
|
Level |
All Levels
|
|
Published |
11/08/2000
|
|
ISBN |
9780735609501
|
|
ISBN-10 |
0-7356-0950-0
|
|
Price(USD) |
$24.99
To see this book's discounted price, select a reseller below.
|
|
|
|
|
|
|
|
|
Index
A
ABRs (area border routers), 151, 152, 154–55
accounting logging, 45
Active Directory
converting zones to Active Directory–integrated, 12, 15
creating an Active Directory–integrated zone, 7, 9
deleting Active Directory–integrated zones, 14, 17
enterprise CAs and, 193, 194, 198
address (A) records, mapping host names to IP address records, 6, 8
attacks on servers. See also security
configuring filtering for PPTP, 77, 82
configuring filtering to protect against substitution of packet IP addresses, 76–77, 81
configuring IPSec for protection against, 99, 103
data files protected from, 210–11, 212
filtering on Web servers, 80–81, 84
impersonation of remote access servers, 53, 56
private keys protected from, 210, 211, 212–13
authentication. See also CHAP (Challenge Handshake Authentication Protocol); security
configuring methods for dial-up access, 86, 90
IAS (Internet Authentication Service), 51, 95, 96
overview, 45
PAP (Password Authentication Protocol), 51
preventing communities from processing SNMP Set requests, 87, 90
authentication protocols, encryption allowed by, 53, 56
B
broadcasts
NetBIOS name resolution, 129, 132
RIP and, 146, 148–49
burst handling, 135, 138
C
cache, clearing, 13, 16
CAs (certificate authorities)
configuring, 193–200
deciding which type to use, 195, 198
enterprise
determining life expectancy of, 196–97, 200
installing, 194–95, 198
overview, 193
viewing publication and CRLs, 196, 199
installing, 193–200
life expectancy
determining, 196–97, 200
renewing, 204, 207
overview, 189, 193
PKI and, 193
replacing old Certificate Servers, 197, 200
selecting policy modules, 197, 200
standalone, 193, 195, 198
certificate authorities. See CAs (certificate authorities)
Certificate Export Wizard, 210–11, 212
certificates. See also PKI (public key infrastructure)
default location of, 200, 205
dial-up access security and, 86, 90
enrolling members for code signing, 203, 206
issuing and revoking, 201–8
overview, 189
securing EFS using, 209
Certificate Services
installing and configuring CAs, 193–200
issuing and revoking certificates, 201–8
Certification Authority snap-in, 193
CERTREQ.EXE, 201
CERUTIL.EXE, 201, 202, 204–5, 206, 208
Challenge Handshake Authentication Protocol. See CHAP (Challenge Handshake Authentication Protocol)
CHAP (Challenge Handshake Authentication Protocol)
encryption and, 53, 56
monitoring and tracing, 48, 50
password length causing VPN connection problems, 52, 55
cipher, syntax for, 87, 90
CodeSigning certificate template, 203, 206
CRLs (certificate revocation lists), viewing, 196, 199
cryptographic service providers. See CSPs (cryptographic service providers)
CSPs (cryptographic service providers), 195, 199
D
databases
certificates, default location of, 200, 205
logging, setting using netsh command line utility, 136, 139
overwriting static records with dynamic records, 112, 114
restoring from backups, 29, 31
viewing records for domain controllers, 136, 138–39
zone database files, creating, 7, 9
defaults
DHCP allocator values, 177, 180
dial-up access permissions, 52, 55
frame types for NWLink, 71, 74
life expectancy of enterprise CAs, 200
location of certificate log files and certificate database, 200, 205
NAT properties, 178, 181
policy module DLLs when upgrading servers, 200
remote access permissions, 38, 42
for subnets, changing, 66–67, 72
WINS server replication settings, 118–19, 123
demand-dial routing, 147, 148, 150
Designated Routers (DR), establishing adjacencies, 153, 156
DHCP (Dynamic Host Configuration Protocol) servers
allocators, NAT servers as, 177, 180, 185, 187
authorizing, 24, 25
configuring, 24, 25, 67, 72
DNS Servers and, 5, 24, 25
ICS and, 161
managing and monitoring, 27–31
NAT and, 167, 168, 170–71, 173
restoring database from backups, 29, 31
unauthorized (rogue), 25
DHCP (Dynamic Host Configuration Protocol) service
installing and configuring, 23–26
overview, 19–20
dial-up access. See also remote access
configuring authentication methods, 86, 90
configuring security for, 88, 91
default permissions, 52, 55
overview, 33
digital certificates. See certificates
DNS (Domain Name System)
configuring, 5–9
ICS and, 157, 161
installing, 5–9
managing and monitoring, 11–17
NAT and, 157, 167, 185, 188
viewing number of requests received over TCP port, 12–13, 16
Windows 2000 features, 2
DNSCMD.EXE, 11, 13, 16
DNS Console Manager, 5
DNS Proxy, 185, 188
DNS Servers
NAT and, 168, 169, 171, 175
testing configuration of, 6–7, 8–9
translating domain names into IP addresses, 1
viewing packets sent and received, 12, 15
DNS zones
converting to Active Directory-integrated zones, 12, 15
creating, 7, 9
creating resource records in, 6, 8
deleting Active Directory-integrated zones, 14, 17
grouping computer names into, 2
refreshing, 16
secondary, setting up, 6, 8
domain controllers
configuring for optimal network protocol performance, 69, 73
NAT and, 168
viewing all database records for, 136, 138–39
Domain Name System. See DNS (Domain Name System)
domain permissions
mixed-mode (remote access), 38, 42
native mode (dial-up), 52, 55
DR (Designated Routers), establishing adjacencies, 153, 156
dynamic mappings of NetBIOS names. See WINS (Windows Internet Naming Service) servers
E
EAP-TLS (Extensible Authentication Protocol - Transport Layer Security), 53, 56
efficiency. See optimizing networks
EFS (Encrypted File System)
managing files in folders, 88–89, 92
removing recovery keys, 209–13
encryption. See also IPSec (Internet Protocol Security); security
authentication protocols allowing, 53, 56
dial-up access requiring, 88, 91
IPSec and tunneling, 102, 105
levels in MPPE, 54, 57
NAT and, 179, 181
setting levels of, 98–99, 102–3
stopping when errors occur, 87, 90
event logging
overview, 45
setting using netsh command line utility, 136, 139
troubleshooting connection problems using, 47, 49
Extensible Authentication Protocol - Transport Layer Security (EAP-TLS), 53, 56
F
fault tolerance, secondary zones used to implement, 6
firewalls on WINS servers, 120, 121, 124, 125
FQDNs (fully qualified domain names), 6, 8
FTP (File Transfer Protocol)
as built-in NAT editor, 178, 180–81
configuring packet filtering on servers, 78, 82–83
NAT translating IP addresses in headers, 175
G
Gateway Service for NetWare, 70–71, 73
Group Policy, viewing active IPSec policies, 99, 103
H
hackers. See attacks on servers
hub-and-spoke designs, deploying new WINS servers, 121, 125
I
IAS (Internet Authentication Service), 51, 95, 96
ICMP (Internet Control Message Protocol)
as built-in NAT editor, 178, 180–81
filtering packets and, 76, 81
ICS (Internet Connection Sharing)
dialing on demand, 162–63, 164
installing, 161–65
NAT compared to, 157, 162, 163, 167
TCP/IP connections and, 162, 164
tunneling using VPN, 163, 164–65
IKE (Internet Key Encryption), 168
impersonation of remote access servers, preventing, 53, 56
Internet Authentication Service (IAS), 51, 95, 96
Internet Connection Sharing. See ICS (Internet Connection Sharing)
Internet Control Message Protocol. See ICMP (Internet Control Message Protocol)
Internet Key Encryption (IKE), 168
IP (Internet Protocol) addresses
domain names relationships to, 1
ICS providing, 157, 161
mapping, 6, 8, 183–88
NAT and
features, 167
hosts not receiving configurations, 170, 172
mapping and, 183–88
single scope, 175, 177, 180, 186, 188
translating, 175–76
using DHCP settings, 169, 171
NetBIOS name resolution and, 129, 131
packet filtering and, 76–77, 81
scopes and, 23
verifying uniqueness of addresses, 40–41
IPCONFIG, 40–41, 44
IP (Internet Protocol) routing
installing and configuring protocols, 145–50
managing and monitoring, 151–56
routers controlling traffic flow, 75–84
IPSec (Internet Protocol Security). See also encryption; security
configuring, 97–105
ESP mode, 102, 105
NAT affecting, 168
overview, 97
setting levels of encryption, 98–99, 102–3
setting policy settings, 100–101, 104
viewing active policies, 99, 103
IPSec Monitor, 100, 104
K
Kerberos, NAT affecting, 168
keys
IKE (Internet Key Encryption), 168
PKI (public key infrastructure), 189, 193
protecting from system crashes and unauthorized accesses, 210, 211, 212–13
recovery, 209–13
L
Layer Two Tunneling Protocol (L2TP) and VPN, 40, 43
logging, setting, 136, 139. See also accounting logging; event logging; tracing
lookups, dynamic updates of, 24, 25
M
Mail Exchanger (MX) records, 6, 8
mapping. See also NetBIOS, configuring name resolution
dynamic, 179, 181, 183
static, 171, 173, 183, 184, 186
WINS servers and, 112, 114, 134, 137
Microsoft Point-to-Point Encryption (MPPE), 54, 57
MMC (Microsoft Management Console), 133–39, 193
MPPE (Microsoft Point-to-Point Encryption), 54, 57
multihomed servers, troubleshooting subnet communications, 68, 72–73
MX (Mail Exchanger) records, 6, 8
N
name resolution
across subnets, 129, 132
configuring NetBIOS, 127–32
ICS providing, 157
NAT providing, 170–71, 172–73
NetBIOS and, 128–29, 131, 132
viewing number of requests accepted by servers, 135, 138
WINS and node types, 128, 130, 134, 137
name server (NS) resource records, 7, 9
NAT (Network Address Translation)
applications deployed through, payload not translatable, 184–85, 187
configuring, 171, 173
configuring interfaces, 183–88
configuring IP addresses, 170, 172, 175, 177, 180, 186, 188
configuring properties, 167, 169, 171, 175–82
DHCP allocators, 177, 180, 185, 187
DNS servers and, 168, 169, 171, 175
editors, 176, 178, 180–81
ICS compared to, 157, 162, 163, 167
installing, 167–73
mapping public IP addresses to private addresses, 183–88
name resolution, configuring, 170–71, 172–73, 185, 188
overview, 157, 167–68
packet translations, 169, 172
providing IP addresses, 157, 167, 169, 171
TCP/UDP and, 169, 172, 175–76, 178, 179, 181
NetBIOS
configuring name resolution, 127–32
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, 71, 74
registering names with WINS, 112–13, 115
over TCP/IP, 178, 180–81
netsh command-line tool
overview, 45
setting logging using, 136, 139
syntax for, 48, 50
NetWare servers, creating network access to, 70–71, 73
Network Address Translation. See NAT (Network Address Translation)
network interface cards. See NICs (network interface cards)
Network Monitor
packets monitored on IAS servers, 95, 96
viewing packets sent and received, 12, 15
NICs (network interface cards)
binding TCP/IP protocol to, 68, 72–73
requirements when using ICS, 161
NSLOOKUP.EXE, 6–7, 8–9
NS resource records, 7, 9
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, 71, 74
O
Open Shortest Path First routers. See OSPF (Open Shortest Path First) routers
optimizing networks
ABR management, 152, 154–55
protocol performance, 69, 73
reclaiming unused space, 28, 30
Web site traffic and, 94, 95
option classes, 23
OSPF (Open Shortest Path First) routers
ABRs, 151, 152, 154–55
overview, 145
setting up external route filters, 146, 149, 153, 156
troubleshooting connection problems, 47, 49
P
packets
encrypting, 179, 181
filtering
configuring filters, 75–84
FTP servers and ports, 78, 82–83
IP addresses, 76–77, 81
ports, 77, 82
Web servers and, 80–81, 84
fragmented, 78–79, 83
Network Monitor and, 96
substituting source IP addresses with private IP addresses, 76–77, 81
translating on NAT computers, 169, 172, 179, 181
viewing sent and received, 12, 15
Password Authentication Protocol (PAP), 51
passwords
length causing VPN connection problems, 52, 55
requiring for dial-up access, 88, 91
permission defaults
dial-up access, 52, 55
remote access, 38, 42
Ping of Death, preventing, 78–79, 83
PKI (public key infrastructure). See also certificates
CAs and, 193
deciding which CSPs to use, 195, 199
overview, 189
Pointer (PTR) resource records, 7
Point-to-Point Encryption (MPPE), 54, 57
Point-to-Point Protocol (PPP), 148, 150
ports, packet filtering and, 77, 78, 82–83
PPP (Point-to-Point Protocol), 148, 150
PPTP (Point-to-Point Tunneling Protocol)
NAT and, 168, 178, 180–81
packet filtering and, 77, 82
VPN and, 40, 43, 168
priority allocation assignment
for routers, 153, 156
for users, 94, 96
protocols. See also names of specific network protocols
authentication and encryption, 53, 56
configuring domain controllers for optimal performance, 69, 73
configuring security, 85–92
installing and configuring, 65–74
managing and monitoring network traffic, 93–96
strengths and weaknesses of, 51, 59
used to encapsulate frames, 40, 43
PTR Resource Records, 7
Q
Quality of Service (QoS) Admission Control, 94, 96
queries, viewing number sent by server, 12–13, 16
R
registry
Reconcile feature, 29, 31
recovering DHCP scope client information from, 29, 31
removing Active Directory-integrated zones, 14, 17
remote access. See also attacks on servers; dial-up access; RRAS (Routing and Remote Access Service)
configuring, 37–44
configuring security, 51–57
managing and monitoring, 45–50
Remote Access Policy, 52, 55
replication, configuring WINS servers
default settings, 118–19, 123
discovering replication partners, 119, 124
through firewalls, 120, 121, 124, 125
hub-and-spoke designs, 121, 125
limiting partnering, 122, 126
resolvers (DNS servers), 1
Reverse Lookup zones, 7
RIP (Routing Information Protocol)
broadcasts not used in routing process, 146, 148–49
hosts not receiving routes, 152–53, 155
maximum hop count for IP, 147, 149
overview, 145
rogue servers, implementation of, 25
routers and routing. See also OSPF (Open Shortest Path First) routers; RRAS (Routing and Remote Access Service)
ABRs (area border routers), 151, 152, 154–55
configuring IP protocols, 145–50
controlling IP traffic flow, 75–84
demand-dial, 147, 148, 150
Designated Routers (DR), 153, 156
IP, 75–84, 145–56
managing, 151–56
viewing static routing tables, 46–47, 49
Routing and Remote Access Service. See RRAS (Routing and Remote Access Service)
Routing and Remote Access snap-in, 45, 175
Routing Information Protocol. See RIP (Routing Information Protocol)
RRAS (Routing and Remote Access Service)
configuring, 37–44
managing and monitoring, 45–50, 167, 169, 171
overview, 33–34
stating routing tables, 46–47, 49
S
SAs (security associations), 100, 104
scopes
multicast, 24, 26
overview, 23
recovering from registry, 29, 31
removing subnets and, 28, 30
scripts, executing, 13, 16
security. See also attacks on servers; authentication; certif.icates; encryption; IPSec (Internet Protocol Secu.rity); PKI (public key infrastructure)
network protocols, 85–92
remote access and, 51–57
security associations (SAs), 100, 104
Server location (SRV) resource records, locating domain controllers using, 6, 8
Simple Network Management Protocol (SNMP), 87, 91
SOA resource records, 7, 9
space, efficient use of, 28, 30
SRV (Server location) resource records, locating domain controllers using, 6, 8
start of authority (SOA) resource records, 87, 91
static routing tables, 46–47, 49
subnets
changing defaults for, 66–67, 72
name resolution across, 129, 132
removing, 28, 30
superscopes, 23
System Monitor, 28, 30–31
T
TCP/IP (Transmission Control Protocol/Internet Protocol)
binding to newly connected NICs, 68, 72–73
checking settings using IPCONFIG, 40–41, 44
configuring packet filtering, 75–84
dynamically configuring, 67, 72
ICS installation affecting, 162, 164
implementing before installing DNS, 5
NAT and, 178, 179, 180–81
TCP (Transmission Control Protocol) ports
packet filtering and, 76, 77, 81, 82
viewing number of DNS requests received over, 12–13, 16
TCP/UDP (Transmission Control Protocol/User Datagram Protocol)
mapping time out defaults, 178, 181
port translation, 169, 172, 175–76
tracing, 45, 48, 50
traffic
managing and monitoring, 93–96
routers controlling flow, 75–84
Transmission Control Protocol ports. See TCP (Transmission Control Protocol) ports
tunneling, 102, 105
U
UDP (User Datagram Protocol) ports, 76, 81. See also TCP/UDP (Transmission Control Protocol/User Datagram Protocol)
unauthorized access. See attacks on servers
updates
burst handling and, 135, 138
dynamic
of DNS name servers, 24, 25
viewing, 12–13, 16
of WINS database, 111
User Datagram Protocol (UDP) ports, 76, 81. See also TCP/UDP (Transmission Control Protocol/User Datagram Protocol)
users, unauthorized. See attacks on servers
V
VPN (virtual private network) remote access
configuring, 40, 43
ICS and, 163, 164–65
NAT and, 168
overview, 141
W
Web-based certificate revocation checking, 202, 206
Web Enrollment Support site and pages, 203, 207
Web servers
fragmented packets and, 78–79, 83
NAT and static mapping, 184, 186
optimizing performance based on traffic, 94, 95
packet filtering and, 80–81, 84
Windows Internet Naming Service. See WINS (Windows Internet Naming Service) servers
WINS Proxy, 167
WINS Proxy Agents, 112–13, 115
WINS (Windows Internet Naming Service) servers
configuring, 111–16
database records
overwriting static records with dynamic records, 112, 114
viewing for domain controllers, 136, 138–39
installing, 111–16
managing and monitoring, 111–16, 133–39
mapping, 112, 114, 134, 137
name resolution
configuring, 112–13, 115
node types and, 128, 130, 134, 137
viewing number of requests accepted by servers, 135, 138
non-WINS clients communicating with, 114, 115
overview, 107, 111
replication, configuring, 117–26
WINS Server Statistics, 135, 138
Z
zone database files, 7, 9
zone of authority, 2
zones. See DNS zones
Last Updated: Friday, July 6, 2001 |
