IEEE 802 SPECIFICATIONS IEEE 802.X
802.1 Internet working
802.2 LLC (Logical Link Control)
802.3 CSMA/CD - Ethernet
802.4 Token Bus LAN
802.5 Token Ring LAN
802.6 MAN (Metropolitan Area Network)
802.7 Broadband Technical Advisory Group
802.8 Fiber-Optic Technical Advisory Group
802.9 Integrated Voice/Data Networks
802.10 Network Security
802.11 Wireless Networks ---
802.11a-5.2mghz, b-2.5mghz, g=2.5mghz, i=5?mghz (a can't talk to b)
802.12 Demand Priority Access Lan, 100 Base VG - AnyLAN
Saturday, November 18, 2006
PROTOCOLS ON LAYERS
PROTOCOLS ON LAYERS:
Protocols on Layers*Application Layer - (ASFAST) AFP SMNP FTP APPC SNMP TELNET and error RECOVERY. Applications, e-mail, into user apps, initiates and accepts requests, higher level protocols live here,*Presentation Layer Layer6 - Protocol conversion. The redirector lives here. Redirector grabs anything meant for network and not local PC, (files, prints anything) and redirects to layers for proccessing to right place. All the different formats from all sources and all kinds are made into like a uniform common format that the rest of the OSI model can understand. *Session layer - Layer5 - Syncs & sessions. Connects two computers and controls, who send when, for how long, how, speeds, and oversees total control of packets. TCP, NWLink, named pipes, netBIOS and remember that DLC lives here. This was one of the questions. Also remember that TCP (microsoft) is like SPX (Novell) and IP (microsoft) is like IPX (Novell). The above 3 layers are the application-level network service users. *Transport layer - (STANN) SPX TCP ATP NWLink NETBEUI "Trains" well I try and remember that the data streams breaks up into what looks like coaches of a train. The transport services layer. The error handling is done here. Different protocols have different requirements for length of data per packet, e.g. Token ring, Ethernet ATM all use different lengths and these are formed and reformed in this layerThe above 4 layers use gateways. There are Qs on which layers use ( i.e) App - Pres - Session - Trans. There are also Qs on Physical = Repeater (or hub) Data link layer = Bridge Network = Router *Network layer = (NINI) NWLink IP NETBEUI IPX Think of a big network, where the traffic is routed to, this being done by adding source and destination addresses, choosing best routes.(and uses routers.) *Data Link Layer layer - Look at the movies on the CD with Net essentials and see that DLL add CRC to other end of the data frames. Bridges work here, and the book is very terse on explanations. Basically the packets use network addresses (source and destination addresses) to get around; they can move around the world using logical addresses and are part of networking software, like Novell or Windows.This whole "network structure" actually sits on top of,( like another thing) ,on top of the LAN. The LAN being the basic underlying network, that's the nitty gritty physical network, where the the actual Network cards talk to each other. The LAN really is only local and the *DATA LINK LAYER controls it. DLL is split into two LOGICAL LINK CONTROL and MEDIA ACCESS CONTROL. This may seem difficult at first but its not too bad. Think that the Media Access Control (MAC) controls the type of media being accessed i.e. media being Token ring, Ethernet etc. also learn the 802.3~"Ethernet", 802.4 ~Arcnet (really only used by GM and obsolete), 802.5~Token ring, and 802.12 Fiber. The LOGICAL LINK CONTROL equates to 802.2 and is the "lowest level" controlling and managing the media. *Physical layer - Layer 1 This is the hardware and physical cables. Repeaters (or hubs) amplify attenuated or weak signal here. (Another gift Q.) It just has to send 0 and 1, hi's and lows, on's and off's. Data frames work at the two bottom layers and only inside the LAN using Physical or MAC addresses (usually factory or hard wired addresses). On page 176 looks like 10 of the gift Qs we got. These bottom 2 layers are called networking services. P179 talks about SAPs. *Protocols - Routable- IP, IPX, OSI, AppleTalk, DECnet, XNS. Non-routable- NetBEUI, LAT. NetBEUI- Microsoft protocol designed for small LANs; Nonroutable. IPX/SPX- Fast protocol for small and large Novell networks; is Routable. Also known in NT as NWLink. *TCP/IP- Internet protocol; is Routable. DECnet- Defines communications over FDDI MANs; is Routable. Appletalk- Apple protocol designed for small LAN file and print sharing. *XNS - Designed by Xerox as an Ethernet protocol. Was replaced by TCP/IP.
Protocols on Layers*Application Layer - (ASFAST) AFP SMNP FTP APPC SNMP TELNET and error RECOVERY. Applications, e-mail, into user apps, initiates and accepts requests, higher level protocols live here,*Presentation Layer Layer6 - Protocol conversion. The redirector lives here. Redirector grabs anything meant for network and not local PC, (files, prints anything) and redirects to layers for proccessing to right place. All the different formats from all sources and all kinds are made into like a uniform common format that the rest of the OSI model can understand. *Session layer - Layer5 - Syncs & sessions. Connects two computers and controls, who send when, for how long, how, speeds, and oversees total control of packets. TCP, NWLink, named pipes, netBIOS and remember that DLC lives here. This was one of the questions. Also remember that TCP (microsoft) is like SPX (Novell) and IP (microsoft) is like IPX (Novell). The above 3 layers are the application-level network service users. *Transport layer - (STANN) SPX TCP ATP NWLink NETBEUI "Trains" well I try and remember that the data streams breaks up into what looks like coaches of a train. The transport services layer. The error handling is done here. Different protocols have different requirements for length of data per packet, e.g. Token ring, Ethernet ATM all use different lengths and these are formed and reformed in this layerThe above 4 layers use gateways. There are Qs on which layers use ( i.e) App - Pres - Session - Trans. There are also Qs on Physical = Repeater (or hub) Data link layer = Bridge Network = Router *Network layer = (NINI) NWLink IP NETBEUI IPX Think of a big network, where the traffic is routed to, this being done by adding source and destination addresses, choosing best routes.(and uses routers.) *Data Link Layer layer - Look at the movies on the CD with Net essentials and see that DLL add CRC to other end of the data frames. Bridges work here, and the book is very terse on explanations. Basically the packets use network addresses (source and destination addresses) to get around; they can move around the world using logical addresses and are part of networking software, like Novell or Windows.This whole "network structure" actually sits on top of,( like another thing) ,on top of the LAN. The LAN being the basic underlying network, that's the nitty gritty physical network, where the the actual Network cards talk to each other. The LAN really is only local and the *DATA LINK LAYER controls it. DLL is split into two LOGICAL LINK CONTROL and MEDIA ACCESS CONTROL. This may seem difficult at first but its not too bad. Think that the Media Access Control (MAC) controls the type of media being accessed i.e. media being Token ring, Ethernet etc. also learn the 802.3~"Ethernet", 802.4 ~Arcnet (really only used by GM and obsolete), 802.5~Token ring, and 802.12 Fiber. The LOGICAL LINK CONTROL equates to 802.2 and is the "lowest level" controlling and managing the media. *Physical layer - Layer 1 This is the hardware and physical cables. Repeaters (or hubs) amplify attenuated or weak signal here. (Another gift Q.) It just has to send 0 and 1, hi's and lows, on's and off's. Data frames work at the two bottom layers and only inside the LAN using Physical or MAC addresses (usually factory or hard wired addresses). On page 176 looks like 10 of the gift Qs we got. These bottom 2 layers are called networking services. P179 talks about SAPs. *Protocols - Routable- IP, IPX, OSI, AppleTalk, DECnet, XNS. Non-routable- NetBEUI, LAT. NetBEUI- Microsoft protocol designed for small LANs; Nonroutable. IPX/SPX- Fast protocol for small and large Novell networks; is Routable. Also known in NT as NWLink. *TCP/IP- Internet protocol; is Routable. DECnet- Defines communications over FDDI MANs; is Routable. Appletalk- Apple protocol designed for small LAN file and print sharing. *XNS - Designed by Xerox as an Ethernet protocol. Was replaced by TCP/IP.
The OSI Layer MOdel
.The Seven OSI Model Layers
"Please Do Not Throw Sausage Pizza Away" - as told by GordoOSI Layer Function *Application Layer Serves as a window for applications to access net services. Handles general network access, flow control and error recovery.*Presentation Layer Layer is the network's translator. The redirector operates here. Determines format for data. Responsible for protocol conversion, translating and encrypting data, and managing data compression.*Session Layer Allows applications on two PC's to connect and establish a session. Provides synchronization between communicating computers.*Transport Layer Responsible for packet handling. Ensures error-free delivery. Repackages messages, divides messages into smaller packets, and handles error handling.*Network Layer Responsible for addressing, determining routes for sending, managing network traffic problems, packet switching, routing, data congestion, and reassembling data.*Data Link Layer Sends data frames from network layer to physical layer. Packages bits to frames. *LLC- Manages link control and defines SAP's (Service Access Points). *MAC- Communicates with adapter card. *Physical Layer Transmits data over a physical medium. Defines cables, cards, physical aspects.Additional notes:*LLC - (Logical Link Control) Upper sublayer of DLL - manages DL communication and defines the use of logical interface points - defined by 802.2 *MAC - (Media Access Control) Lower sublayer of DLL - provides shared access for the NIC Physical layer - is responsible for delivering error-free data between 2 computers - defined by 802.3, 802.4, 802.5, and 802.12
"Please Do Not Throw Sausage Pizza Away" - as told by GordoOSI Layer Function *Application Layer Serves as a window for applications to access net services. Handles general network access, flow control and error recovery.*Presentation Layer Layer is the network's translator. The redirector operates here. Determines format for data. Responsible for protocol conversion, translating and encrypting data, and managing data compression.*Session Layer Allows applications on two PC's to connect and establish a session. Provides synchronization between communicating computers.*Transport Layer Responsible for packet handling. Ensures error-free delivery. Repackages messages, divides messages into smaller packets, and handles error handling.*Network Layer Responsible for addressing, determining routes for sending, managing network traffic problems, packet switching, routing, data congestion, and reassembling data.*Data Link Layer Sends data frames from network layer to physical layer. Packages bits to frames. *LLC- Manages link control and defines SAP's (Service Access Points). *MAC- Communicates with adapter card. *Physical Layer Transmits data over a physical medium. Defines cables, cards, physical aspects.Additional notes:*LLC - (Logical Link Control) Upper sublayer of DLL - manages DL communication and defines the use of logical interface points - defined by 802.2 *MAC - (Media Access Control) Lower sublayer of DLL - provides shared access for the NIC Physical layer - is responsible for delivering error-free data between 2 computers - defined by 802.3, 802.4, 802.5, and 802.12
Networking Essential
1. Standards and Terminology
*Peer to Peer - Use when there are less than 10 computers and Security is not an issue, also called Workgroups. *Client/Server - Use when there are more than 10 computers or it may be expanded in the future and Security is an issue. Administration centralized, Dedicated, File , Print, Fax Servers, Auditing and Monitoring and more. *Bus - Signal Bounce, Terminator, Passive, Linear, Segment, Trunks, Repeater, Barrel Connector. 1 PC fail/network *Star - Hubs, Central Point, Central point fails - Network fails, 1 PC fails on Hub network continues. *Ring - Token passing, Clockwise, only 1 PC can send, 1 PC can be masked out and not effect network. *Active Hubs - Regenerate and transmit, Same as repeater 8 - 12 ports, can be called multiport repeater, need power. *Passive Hubs - Wiring panels, punchdown blocks, no AC power source needed, are basic connections only. *Crosstalk = Overflow of signal from an adjacent wire *Attenuation = The weakening or distorting of a transmitted signal over extended distance. *Beaconing = The process of signalling computers on a ring system that token passing has been interrupted by an error. *Jitter = Instability in a signal wave form over time that could be caused by signal interference or an unbalanced ring in FDDI or Token Ring environments. *A UNC (Universal Naming Convention) \\computer name\share name for example \\Sales1\MSWord *User Level Security - Security is implemented by the Admin - security is based on login user name and password (NT) *Share Level Security - Each user has control of their shared resources (or "share") - used on peer to peer (Win95) *Connection oriented communication - Is reliable delivery *Connection-less orientated communication - Is unreliable delivery *PPP - Supports dynamic IP addressing and SLIP Does not. Also *SLIP does not support compression but CSLIP does. *CSMA/CD - Carrier-sense multiple access with collision detection - check the cable for traffic - if there is no traffic it can send *CSMA/CA - Carrier-sense multiple access with collision avoidance - signals the intent so send data b4 sending to help avoid collisions - is slower and less popular than CSMA/CD *ODI - Open Data Link Interface (Novell) are designed to bind multiple protocols to a single NIC. *NDIS - Network Driver Interface Specification (Microsoft) are designed to bind multiple protocols to a single NIC. Will bind multiple protocol stacks and NICs
*Peer to Peer - Use when there are less than 10 computers and Security is not an issue, also called Workgroups. *Client/Server - Use when there are more than 10 computers or it may be expanded in the future and Security is an issue. Administration centralized, Dedicated, File , Print, Fax Servers, Auditing and Monitoring and more. *Bus - Signal Bounce, Terminator, Passive, Linear, Segment, Trunks, Repeater, Barrel Connector. 1 PC fail/network *Star - Hubs, Central Point, Central point fails - Network fails, 1 PC fails on Hub network continues. *Ring - Token passing, Clockwise, only 1 PC can send, 1 PC can be masked out and not effect network. *Active Hubs - Regenerate and transmit, Same as repeater 8 - 12 ports, can be called multiport repeater, need power. *Passive Hubs - Wiring panels, punchdown blocks, no AC power source needed, are basic connections only. *Crosstalk = Overflow of signal from an adjacent wire *Attenuation = The weakening or distorting of a transmitted signal over extended distance. *Beaconing = The process of signalling computers on a ring system that token passing has been interrupted by an error. *Jitter = Instability in a signal wave form over time that could be caused by signal interference or an unbalanced ring in FDDI or Token Ring environments. *A UNC (Universal Naming Convention) \\computer name\share name for example \\Sales1\MSWord *User Level Security - Security is implemented by the Admin - security is based on login user name and password (NT) *Share Level Security - Each user has control of their shared resources (or "share") - used on peer to peer (Win95) *Connection oriented communication - Is reliable delivery *Connection-less orientated communication - Is unreliable delivery *PPP - Supports dynamic IP addressing and SLIP Does not. Also *SLIP does not support compression but CSLIP does. *CSMA/CD - Carrier-sense multiple access with collision detection - check the cable for traffic - if there is no traffic it can send *CSMA/CA - Carrier-sense multiple access with collision avoidance - signals the intent so send data b4 sending to help avoid collisions - is slower and less popular than CSMA/CD *ODI - Open Data Link Interface (Novell) are designed to bind multiple protocols to a single NIC. *NDIS - Network Driver Interface Specification (Microsoft) are designed to bind multiple protocols to a single NIC. Will bind multiple protocol stacks and NICs
TCP IP Made Easy
TCP/IP Made Easy
Basics to know:
TCP who?
No one "owns" the Internet, but IANA and ICANN oversee the IP & registry schemes.
The server that gives out IP address are DHCP
The server that handles www.somename.com is DNS
The server that handles local NETBIOS names is WINS
There are 32 bits that make up the present IPv4 scheme. They are grouped into 8 bits (Octets).
For example: 192.168.105.100 - One group is separated from the other via a "dot" or period.
Know your classes: A, B, C are used, D is broadcast, and E for Experimental.
Classless, or CIDR is another story - but still need to know 32 bits are in an IP address.
Always read from Left to Right in determining the Class.
Class A: 1 - 126 (127 is used for localhost, or self test)Class B: 128 - 191 (Stops before the most commonly used one- 192)Class C: 192 - 223
Class A uses one subnet masking (255.0.0.0)Class B uses two subnet masking (255.255.0.0)Class C uses three subnet masks (255.255.255.0)
TCP/IP is today's most popular network protocol and is the protocol in the Internet. It is a routable protocol that provides connection between heterogeneous systems, these are the main reasons the protocol is so widely adapted; for example it allows communication between UNIX, Windows, Netware and Mac OS computers spread over multiple interconnected networks. The "TCP/IP protocol" is actually the "TCP/IP suite" composed of many different protocols each with its own functions. The two main protocols are in its name: the Internet Protocol and the Transmission Control Protocol.IP addressing is assigning a 32-bit logical numeric address to a network device. Every IP address on the network must be unique. An IP address is represented in a dotted decimal format, for example: 159.101.6.8. As you can see the address is divided in 4 parts, these parts are called octets. The current used addressing schema in version 4 of IP is divided in 5 Classes:Classes First OctetClass A 1-126 (127 is local host)Class B 128-191Class C 192-223Class D 224-239Class E 240-254A subnet mask is used to determine which part is the network part and which is the host part.Default subnet masks:Class A 255.0.0.0Class B 255.255.0.0Class C 255.255.255.0IANA reserved 4 address ranges to be used in private networks, these addresses won't appear on the Internet avoiding IP address conflicts:- 10.0.0.0 through 10.255.255.255- 172.16.0.0 through 172.31.255.255- 192.168.0.0 through 192.168.255.255- 169.254.0.1 through 169.254.255.254 (reserved for Automatic Private IP Addressing)
How did we get those numbers?
Remember we use DIGITS (10 fingers or 10 digits), or to the power of 10.
Computers use Binary. 1 and 0, or ON/OFF, True/False, Positive/Negative, or to the power of 2.
Anything to the power of "0" is one (1), no matter who - 101, 161, 21 all equal 1.
1. Start by putting 8 hash marks across your page.
I
I
I
I
I
I
I
I
2. Put the digital equivalents above the marks. (Left side is called High Order) and use the lower part to "turn on or off" the bits. Meaning 10101010 would equal 170
27
26
25
24
23
22
21
20
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
So to get #192 in binary, you would add 128+64 which would equal 192. Turn on the bits to show this: 11000000.
What about #240? Ok, 128+64+32+16=240 or shown as 11110000Same with say #25. 16+8+1=25 would show as 00011001. Don't be fooled on tests, they will leave out the first 0's. There always has to be 8 digits.Likewise, 1111111 would be #127 right? There is always a " 0" in front of the numbers.
3. What about subnet masks. - thanks to Dan at Infogem on simplifying masking.Not to confused with CIDR, but if you are given 192.168.105.12/27 then that would mean you hold back 25 bits, and use what is left over.
4. Going to our above chart, replace the power row by adding the number previous to it:For example, 128+64= 192; 192+32=224; 224+16=240 and so on.
192
224
240
248
252
254
255
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
Now count back the reserved bits, in this case the /27. Remember there are 3 other sets of bits ahead of this, meaning 8x3=24, so we have 3 left to grab. The subnet mask will be the number to the right of it.
192
224
240
248
252
254
255
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
x
x
x
Mask
So our mask would be 255.255.255.240. Mask is always to the right of your last hold back bit.
Try another... 192.168.105.24/28
192
224
240
248
252
254
255
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
x
x
x
x
Mask
So our mask would be 255.255.255.248. Simple eh!
CIDR
Classless Internet Domain Registry (Registration) follows the same idea, but tells you how many computers you are restricted to use by Internic.
You might buy an IP address like 200.46.2.3 but it will have a conditional "slash" on the end. To use our example, 20.46.2.3/28 will be the number you buy instead of a full Class A.
So using the above chart, hold back the amount of bits INTERNIC tells you to, in this case 28. Think of a loaf of bread. We have 32 slices in this loaf. But there isn't enough bread to go around, so we have to cut back on them, INTERNIC keeps 28 slices, you have 4 left to use. Or the total 32 - 28 = 4.
192
224
240
248
252
254
255
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
x
x
x
x
Now take the remainder and convert that to decimal. Here we have 4 left, so I I I I is:8+4+2+1= 15. You can use 15 IP addresses only, instead of the 255 normally allocated.
IPV6
IPv6 (version 6) will be 128 bit and will use 8 sets of number and use Hexadecimal to look like some horrible number like:
3ffe:8114::1 - where the :: represents 0 or where an old IP4 router can understand it or what I remember seeing: 3F56.34DF.AAB5.CF34:
IPv6 supports addresses which are four times the number of bits as IPv4 addresses (128 vs. 32). This is 4 Billion times 4 Billion times 4 Billion (2^^96) times the size of the IPv4 address space (2^^32). This works out to be:
340,282,366,920,938,463,463,374,607,431,768,211,456
This is an extremely large address space. In a theoretical sense this is approximately 665,570,793,348,866,943,898,599 addresses per square meter of the surface of the planet Earth (assuming the earth surface is 511,263,971,197,990 square meters).
Or to bring it closer to home. Every man, woman, and child, and yes pets, can have their own IP address or new Social Security/Insurance Number. Use this number in an RFID (radio frequency ID) implant and presto! Talk about Minority Report - anyone in charge can know where you are at in the world.
What about Hexadecimal?
Simply put, it is base 16, meaning everything is done in 16's. now. For BUL (Big Ugly Number) use your Calculator to figure it out, I'm not going to do all you work for you! Start/Run, type "calc", make sure VIEW is on Scientific, click on the radio button that says DEC; then type in the number, click on HEX button. You can do that for BIN binary to decimal and so on.
We use Digital 0-9 (10 numbers) while Hex takes us further, A=10, all the way to F=15 to give us 16 numbers.
167
166
165
164
163
162
161
160
BUL
BUL
BUL
BUL
4096
256
16
1
I
I
I
I
I
I
I
I
3
F
8
Easiest is to just use the last 4 columns. Meaning if I have "3F8" (memory address for Com1) then it would be the same as 3x256 + 15x16 + 8x1 = 1016
Hope this helps.
Cheers
Keshav
Basics to know:
TCP who?
No one "owns" the Internet, but IANA and ICANN oversee the IP & registry schemes.
The server that gives out IP address are DHCP
The server that handles www.somename.com is DNS
The server that handles local NETBIOS names is WINS
There are 32 bits that make up the present IPv4 scheme. They are grouped into 8 bits (Octets).
For example: 192.168.105.100 - One group is separated from the other via a "dot" or period.
Know your classes: A, B, C are used, D is broadcast, and E for Experimental.
Classless, or CIDR is another story - but still need to know 32 bits are in an IP address.
Always read from Left to Right in determining the Class.
Class A: 1 - 126 (127 is used for localhost, or self test)Class B: 128 - 191 (Stops before the most commonly used one- 192)Class C: 192 - 223
Class A uses one subnet masking (255.0.0.0)Class B uses two subnet masking (255.255.0.0)Class C uses three subnet masks (255.255.255.0)
TCP/IP is today's most popular network protocol and is the protocol in the Internet. It is a routable protocol that provides connection between heterogeneous systems, these are the main reasons the protocol is so widely adapted; for example it allows communication between UNIX, Windows, Netware and Mac OS computers spread over multiple interconnected networks. The "TCP/IP protocol" is actually the "TCP/IP suite" composed of many different protocols each with its own functions. The two main protocols are in its name: the Internet Protocol and the Transmission Control Protocol.IP addressing is assigning a 32-bit logical numeric address to a network device. Every IP address on the network must be unique. An IP address is represented in a dotted decimal format, for example: 159.101.6.8. As you can see the address is divided in 4 parts, these parts are called octets. The current used addressing schema in version 4 of IP is divided in 5 Classes:Classes First OctetClass A 1-126 (127 is local host)Class B 128-191Class C 192-223Class D 224-239Class E 240-254A subnet mask is used to determine which part is the network part and which is the host part.Default subnet masks:Class A 255.0.0.0Class B 255.255.0.0Class C 255.255.255.0IANA reserved 4 address ranges to be used in private networks, these addresses won't appear on the Internet avoiding IP address conflicts:- 10.0.0.0 through 10.255.255.255- 172.16.0.0 through 172.31.255.255- 192.168.0.0 through 192.168.255.255- 169.254.0.1 through 169.254.255.254 (reserved for Automatic Private IP Addressing)
How did we get those numbers?
Remember we use DIGITS (10 fingers or 10 digits), or to the power of 10.
Computers use Binary. 1 and 0, or ON/OFF, True/False, Positive/Negative, or to the power of 2.
Anything to the power of "0" is one (1), no matter who - 101, 161, 21 all equal 1.
1. Start by putting 8 hash marks across your page.
I
I
I
I
I
I
I
I
2. Put the digital equivalents above the marks. (Left side is called High Order) and use the lower part to "turn on or off" the bits. Meaning 10101010 would equal 170
27
26
25
24
23
22
21
20
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
So to get #192 in binary, you would add 128+64 which would equal 192. Turn on the bits to show this: 11000000.
What about #240? Ok, 128+64+32+16=240 or shown as 11110000Same with say #25. 16+8+1=25 would show as 00011001. Don't be fooled on tests, they will leave out the first 0's. There always has to be 8 digits.Likewise, 1111111 would be #127 right? There is always a " 0" in front of the numbers.
3. What about subnet masks. - thanks to Dan at Infogem on simplifying masking.Not to confused with CIDR, but if you are given 192.168.105.12/27 then that would mean you hold back 25 bits, and use what is left over.
4. Going to our above chart, replace the power row by adding the number previous to it:For example, 128+64= 192; 192+32=224; 224+16=240 and so on.
192
224
240
248
252
254
255
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
Now count back the reserved bits, in this case the /27. Remember there are 3 other sets of bits ahead of this, meaning 8x3=24, so we have 3 left to grab. The subnet mask will be the number to the right of it.
192
224
240
248
252
254
255
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
x
x
x
Mask
So our mask would be 255.255.255.240. Mask is always to the right of your last hold back bit.
Try another... 192.168.105.24/28
192
224
240
248
252
254
255
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
x
x
x
x
Mask
So our mask would be 255.255.255.248. Simple eh!
CIDR
Classless Internet Domain Registry (Registration) follows the same idea, but tells you how many computers you are restricted to use by Internic.
You might buy an IP address like 200.46.2.3 but it will have a conditional "slash" on the end. To use our example, 20.46.2.3/28 will be the number you buy instead of a full Class A.
So using the above chart, hold back the amount of bits INTERNIC tells you to, in this case 28. Think of a loaf of bread. We have 32 slices in this loaf. But there isn't enough bread to go around, so we have to cut back on them, INTERNIC keeps 28 slices, you have 4 left to use. Or the total 32 - 28 = 4.
192
224
240
248
252
254
255
128
64
32
16
8
4
2
1
I
I
I
I
I
I
I
I
x
x
x
x
Now take the remainder and convert that to decimal. Here we have 4 left, so I I I I is:8+4+2+1= 15. You can use 15 IP addresses only, instead of the 255 normally allocated.
IPV6
IPv6 (version 6) will be 128 bit and will use 8 sets of number and use Hexadecimal to look like some horrible number like:
3ffe:8114::1 - where the :: represents 0 or where an old IP4 router can understand it or what I remember seeing: 3F56.34DF.AAB5.CF34:
IPv6 supports addresses which are four times the number of bits as IPv4 addresses (128 vs. 32). This is 4 Billion times 4 Billion times 4 Billion (2^^96) times the size of the IPv4 address space (2^^32). This works out to be:
340,282,366,920,938,463,463,374,607,431,768,211,456
This is an extremely large address space. In a theoretical sense this is approximately 665,570,793,348,866,943,898,599 addresses per square meter of the surface of the planet Earth (assuming the earth surface is 511,263,971,197,990 square meters).
Or to bring it closer to home. Every man, woman, and child, and yes pets, can have their own IP address or new Social Security/Insurance Number. Use this number in an RFID (radio frequency ID) implant and presto! Talk about Minority Report - anyone in charge can know where you are at in the world.
What about Hexadecimal?
Simply put, it is base 16, meaning everything is done in 16's. now. For BUL (Big Ugly Number) use your Calculator to figure it out, I'm not going to do all you work for you! Start/Run, type "calc", make sure VIEW is on Scientific, click on the radio button that says DEC; then type in the number, click on HEX button. You can do that for BIN binary to decimal and so on.
We use Digital 0-9 (10 numbers) while Hex takes us further, A=10, all the way to F=15 to give us 16 numbers.
167
166
165
164
163
162
161
160
BUL
BUL
BUL
BUL
4096
256
16
1
I
I
I
I
I
I
I
I
3
F
8
Easiest is to just use the last 4 columns. Meaning if I have "3F8" (memory address for Com1) then it would be the same as 3x256 + 15x16 + 8x1 = 1016
Hope this helps.
Cheers
Keshav
Microsoft Vista
Windows Vista
Windows Vista introduces a breakthrough user experience and is designed to help you feel confident in your ability to view, find, and organize information and to control your computing experience.
The visual sophistication of Windows Vista helps streamline your computing experience by refining common window elements so you can better focus on the content on the screen rather than on how to access it. The desktop experience is more informative, intuitive, and helpful. And new tools bring better clarity to the information on your computer, so you can see what your files contain without opening them, find applications and files instantly, navigate efficiently among open windows, and use wizards and dialog boxes more confidently.
Ease of use
When you start using Windows Vista, you will recognize familiar elements such as the Start menu, which is now faster, more streamlined, and more helpful than in previous versions of Windows. The Start menu features integrated desktop search through a new feature called Quick Search which can help you find and launch almost anything on your PC. Just type in a word, a name, or a phrase, and Quick Search can find the right file for you. But more than that, the new start menu makes it very easy for you to navigate across all of the installed applications on your PC. Eliminating the slow performing, cascading "All Programs" view, the new start menu can help you get something started faster than ever.
ßUse Quick Search to find the information you need fast.
Desktop Search
With Windows Vista, you no longer have to remember where you store every file. Instead, to find a file, you need to only remember something about it, such as a word contained within a document, the artist of a song, or the date a picture was taken. Powerful, integrated desktop search capabilities help you find just about anything on your computer quickly, without having to search for it by browsing through folders. For example, in the new Start Menu, it is as simple as typing a word, a phrase, a property, or any part of a file name into the embedded Quick Search box to instantly find the file that you want.
ß A new yet familiar look to the Start menu in Windows Vista.
To make searching even more efficient, Windows Vista enables you to add or edit file properties or data associated with a file, like a keyword on a document, the artist of a song, or the event where a picture was taken, to make it easier for you to find in the future. For example, you could add a "graduation" keyword to photos taken at a graduation ceremony when you save them to your computer. Later, just search for "graduation" in the Quick Search box in the start menu or the Windows Photo Gallery, and all the graduation-related pictures will be displayed.
Search Folders
Windows Vista introduces Search Folders, a powerful new tool that makes it easy to find and organize your files—wherever they may be on your PC. A Search Folder is simply a search that you save. Opening a Search Folder instantly runs that saved search, displaying up-to-date results immediately.
For example, you could design a search for all documents that are authored by "John" and that contain the word "project." This search, titled "Author John/Keyword Project" is saved as a Search Folder. When you open this Search Folder, the search runs, and you see the results immediately. As you add more files to your computer that have the author John and contain the word "project," those files will also appear in the Search Folder alongside the other matching files, regardless of where they are physically saved on your PC. It is simple and fast.
The new Document Explorer makes working with your files a snap. Find your files faster and with the new Live Icon feature, and see what they contain without having to open them.
Explorers
The new Explorers are powerful yet easy-to-use tools for working with files consistently across Windows Vista. Explorers give you more information and control while simplifying how you work with your files. The experience is easy and consistent, whether you're browsing photos or documents or even using the new Control Panel.
Key elements of the Explorers in Windows Vista are designed to help you get to the information you need, when you need it. Quick Search is always available to help you find files instantly. The navigation pane contains the new Search Folders found in Windows Vista, as well as traditional folders that you have created on your computer. Command Bars display only the tasks that are most appropriate for the files being displayed. With new Live Icons (scalable thumbnails) used throughout Windows Vista, you can see the first page of documents, the actual image of a photo, or the album art for individual songs in your music collection, making it easier to find exactly what you are looking for.
Type keywords into the Quick Search box in the new Control Panel to quickly find the right system setting.
Windows Aero
Windows Vista is the first Windows operating system that has a user experience that can gracefully scale to the hardware capabilities of the computer it is installed on. All computers that meet minimal hardware requirements will see the Windows Vista Basic user experience, which provides the benefits of the refined interface features already mentioned.
Windows Vista Aero provides spectacular visual effects such as glass-like interface elements that you can see through.
Windows Aero is an environment with an additional level of visual sophistication, one that is even more responsive and manageable, providing a further level of clarity and confidence to Windows users.
Live taskbar thumbnails
Resting the mouse pointer over a taskbar item displays a live thumbnail of the window, showing the content of that window..
See thumbnail views of the items in your taskbar by resting your mouse pointer on them.
The live thumbnail is displayed whether the window is minimized or not, and whether the content of the window is a document, photo, or even a running video or process
Use Flip to view and navigate more easily open windows.
Windows Flip and Windows Flip 3D
Windows Vista provides two entirely new features to manage windows: Windows Flip and Windows Flip 3D. Flip allows you to flip through open windows (by using Alt+Tab), providing a live thumbnail of each window, rather than just a generic icon and file name.
Live thumbnails make it easier to quickly identify the window you want, particularly when multiple windows of the same kind are open.
With Flip 3D, you can use the scroll wheel on your mouse to flip through open windows in a stack, and quickly locate and select the one you want to work with.
ßUse Flip 3D to navigate through open windows using the scroll wheel on your mouse
New Internet Explorer 7 features, like tabbed browsing and live previews, make it easier for you to get to the Web sites you want to visit.
Internet Explorer 7 also provides new tools to give you direct access to information you want, with built-in support for Web feeds known as Really Simple Syndication (RSS). RSS is a technology you can use to have information sent to you, so you don't have to look for it. Through RSS subscriptions, you can automatically receive feeds (lists) of headlines from Internet sites. Internet Explorer discovers these feeds on sites and allows you to preview and subscribe to them. Once you subscribe, Internet Explorer 7 systematically consolidates headlines from each feed into one list. This lets you quickly browse new information from various sites without having to visit each site separately.
Windows Vista also builds upon the User Account Protection initiative—by default, limiting Internet Explorer 7 to just enough permissions to browse the Web, but not enough to modify your files or settings—keeping your PC safer from Web-based attacks. This Windows Vista-only feature, known as protected mode, means that even if a malicious site attacks a potential vulnerability in Internet Explorer 7, the site's code will not have enough privileges to install software, copy files to the Startup folder, or hijack the settings for your browser's home page or search provider.
Gadgets
Gadgets are mini-applications with a wide variety of possible uses. Gadgets can connect to Web services to deliver weather information, news updates, traffic maps, Internet radio streams, and slideshows of online photo albums. Gadgets can also integrate with your applications to streamline your interaction with them. For example, a gadget can give you an at-a-glance view of all your online instant messaging contacts, the day view from your calendar, or an easy way to control your media player. Of course, gadgets can also have any number of dedicated purposes. They can be calculators, games, sticky notes, and more.
Windows Sidebar gives you quick access to gadgets like picture slideshows, Windows Media Player controls, or news headlines. You pick the gadgets you want to see in Windows Sidebar.
Microsoft Windows Vista comes with an essential set of gadgets to get you started. You will be able to easily download more gadgets from an online gadget gallery. This gallery will host gadgets from a wide variety of developers and offer an extensive selection to meet your interests.
Windows Sidebar
Windows Sidebar is a pane on the side of the Windows Vista desktop that organizes gadgets and makes them easy to access. Windows Sidebar is the perfect complement to widescreen monitors and also works seamlessly on standard displays. You can easily customize Windows Sidebar to suit how you want to interact with it—whether you want it always on top or resting below maximized windows. You can also move gadgets off the Windows Sidebar and place them anywhere on your desktop.
Sleep
Windows Vista introduces a new power state called Sleep. In Windows XP, after you shut down your PC, it takes a long time to turn it back on. The new Sleep state in Windows Vista combines the speed of Standby with the data protection features and low power consumption of Hibernate. Resuming use when your PC is in the Sleep state takes just 2-3 seconds. You can shut down and restart your computer less often by using the new Sleep state, a simple one-click on and off experience which not only reduces power consumption, but also helps protect your data.
Sleep on desktop PCs
Sleep works in a different way on Windows Vista-based desktops than it does on Windows Vista-based laptops. When you turn off a Windows Vista-based desktop, all the documents, applications, and data that are currently in use are saved in two places. First, they are saved to the memory, or RAM, where they are quickly accessible (in Windows XP this was called Standby). Simultaneously, the information is saved to the computer's hard disk (in Windows XP this was called Hibernate). In Sleep, Windows Vista simultaneously saves the current user information to both memory and the hard disk.
In Sleep, Windows Vista uses the data saved to memory to help you restart faster after extended periods of non-use. Simply move the mouse or press any key on the keyboard, and the computer starts up within seconds.
The Sleep state uses the data saved to your hard disk to protect it in case of power loss. When you resume the use of your desktop after a power failure, Windows Vista will quickly restart from Sleep using the data saved to disk, with all of your data and applications intact.
Sleep on laptop PCs
On laptop PCs, you can enter the Sleep state by pressing the Power button or closing the laptop lid. Your data is saved to memory, letting you resume use faster. As battery power winds down, Windows Vista quickly transitions the data to disk to help keep the data safe. Windows Vista lets you resume use of your computer more quickly and reliably than previous versions of Windows.
SuperFetch
SuperFetch, a new feature in Windows Vista, allows applications and files to load much faster than on Windows XP-based computers. In previous versions of Windows, system responsiveness could be uneven. You may have experienced sluggish behavior after booting your machine, after performing a fast user switch, or even after lunch. Although too many carbohydrates might slow you down after lunch, your computer slows down for different reasons. When you're not actively using your computer, background tasks—including applications such as automatic back-up and antivirus software—take this opportunity to run when they will least disturb you. These background tasks can take space in system memory that your applications were using. After you start to use your PC again, it can take some time to reload your data into memory, slowing down performance.
SuperFetch, a new technology in Windows Vista, understands which applications you use most, and preloads these applications into memory, so your system is more responsive when you first boot or when you switch to a different user profile. SuperFetch uses an intelligent prioritization scheme that understands which applications you use most often, and can even differentiate which applications you are likely to use at different times (for example, on the weekend versus during the week), so that your computer is ready to do what you want it to do. SuperFetch can also prioritize your applications over background tasks, so that when you return to your machine after leaving it idle, it's still responsive.
External memory devices
Adding system memory (RAM) is often the best way to improve your PC's performance. More memory means more applications are ready to run without accessing the hard drive. However, upgrading memory is not always easy. You must learn what type of memory you need, purchase the memory, and open your computer to install the memory—which sometimes can invalidate your support agreement. Also, some machines have limited memory expansion capabilities, preventing you from adding RAM even if you are willing to do so.
Windows Vista introduces a new concept in adding memory to a system. USB flash drives can be used as External Memory Devices (EMDs) to extend system memory and improve performance without opening the box. Your computer is able to access memory from an EMD device much more quickly than it can access data on the hard drive, boosting system performance. When combined with SuperFetch technology, this can help drive impressive improvement in system responsiveness.
EMD technology is both reliable and secure. You can remove an EMD at any time without any loss of data or negative impact to the system; however, if you remove the EMD, your performance returns to the level you experienced without the device. Wear on the USB drive is not an issue when using it as an EMD. A unique algorithm optimizes wear patterns, so that a USB device can run as an EMD for many years, even when heavily used. Finally, data on the EMD is encrypted to help prevent inappropriate access to data when the device is removed.
Hybrid Hard Drive
A Hybrid Hard Drive is a new type of hard drive with an integrated non-volatile flash memory buffer. If your machine is equipped with a Hybrid Hard Drive, Windows Vista takes advantage of this hardware to boot, hibernate, and resume use more quickly. Hybrid Hard Drive technology can also improve system reliability and battery life.
The hybrid drive is intended for mobile PCs running Windows Vista. Your data is written to the flash memory, which saves work for the mechanical hard drive—saving you battery power. The hybrid drive helps Windows Vista resume use faster from Sleep because data can be restored from flash memory faster than from the mechanical hard drive. And since the mechanical hard drive is not working when you are in Sleep state with the Hybrid Hard Drive, you have less risk of hardware problems with the hard drive when you're on the move. Windows Vista takes advantage of Hybrid Hard Drives to save battery life, resume use faster from hibernation, and improve reliability.
Check your connection status, see your network visually, or troubleshoot a connection problem in the Network Center.
Easily connect to your workplace from home using the Network Center.
Network Center
Windows Vista puts you in control of your network experience with the Network Center—the central place for all your networking needs. Network Center informs you about the network your computer is connected to and verifies whether it can successfully reach the Internet. It even presents this information in a summary in the Network Map so you can immediately see your connectivity to the network and Internet.
If a PC on the network loses Internet connectivity, you can graphically see that the link is down, and then use Network Diagnostics to help determine the cause of the problem and get a suggestion for a solution.
Network Center also allows you to quickly connect to other available networks, or create entirely new connections. You can view and configure your most important network settings in one place. And for less frequently accessed settings, Network Center provides direct links so you can easily find what you're looking for.
Network Center also makes it easy to connect your workplace network from home.
Network Setup
With Windows Vista, setting up a network between multiple PCs and devices (including printers, music players, and game systems) is simple and intuitive. The Network Setup Wizard allows you to set up wired or wireless networks by identifying unconfigured network devices and adding them to the network. The Network Setup Wizard also automates the process of adding new devices to your network. It automatically generates secure network settings to keep your network safe from intruders.
Network settings can also be saved to a portable USB flash drive to make adding PCs and devices to the network a quick and easy process. Simply insert the USB flash drive into a PC or device and it will automatically read the data and ready itself to join the network. File and printer sharing is also easily enabled on each PC on the network from the Network Setup Wizard, so you can share documents, photos, music, and other files across your network.
Network Explorer
Once a network is set up, you need to be able to easily browse content on networked PCs, devices, and printers. The new Network Explorer in Windows Vista makes it easy to share files and take advantage of the connectivity that a network provides. It presents a view of all PCs, devices, and printers on the network, and is significantly faster and more reliable than My Network Places in Windows XP. The Network Explorer is even able to use custom, representative icons for different devices (when enabled by manufacturers). You can also directly interact with select devices—adjust settings or control music playback, for example.
Create networks to share files, printers, and other devices.
Network Map
When people have multiple computers and devices on a network, with a combination of wireless and wired connections, it can be difficult to understand how everything is connected. Windows Vista provides a new feature called Network Map which shows you an easy-to-understand, graphical view of everything on the network, and how everything is connected. This helps you optimize your network for the best performance and easily locate any problems.
Wireless Networking
Windows Vista improves the wireless network experience in a number of ways. The new Network Awareness feature in Windows Vista keeps your applications aware of and optimized for the network's changing capabilities. Your data is also more secure with enhanced support for the latest wireless security protocols, including WPA2. Windows Vista helps you avoid connecting to fraudulent wireless networks which seem like legitimate hotspots but, in fact, are not. Windows Vista also provides an easy way to create ad-hoc wireless networks to use peer-to-peer applications such as file sharing and application collaboration.
Network Map in a home environment showing a broken connection to a wireless router
Network Awareness
Network Awareness provides the ability to report changes in network connectivity to applications in order to provide a more seamless connected experience. As you connect to different networks, the change is communicated to Network Awareness-supported applications, which can then take appropriate actions for your connection to that network. For example, when you switch from your home office to your corporate network, firewall settings can be configured to open the ports needed to allow the use of IT management tools. Group Policy will detect the reconnection to the corporate network and automatically begin processing policy changes instead of waiting for the next detection cycle.
Windows Vista SideShow technology enables laptop manufacturers to include a secondary or auxiliary display in future laptop designs. This display can be used to easily view the critical information you need, whether the laptop is on, off, or in sleep mode. The convenience provided by these auxiliary displays will save time and battery life by allowing you to quickly view meeting schedules, phone numbers, addresses, and recent e-mail messages without having to start up your laptop.
Quickly access the key information you need like appointments, key e-mails, or notes without turning on your laptop using Windows SideShow.
The Windows Vista SideShow platform will also enable hardware manufacturers to build auxiliary displays in a wide range of peripheral devices such as keyboards, LCD display casings, remote controls, and cell phones. These devices can then display information received from a Windows Vista-based PC, providing even more convenience to your everyday computing.
Easily manage the information you want to appear on Windows SideShow enabled devices.
Updated Remote Assistance makes it easier to get the help you need when you need it.
Security
User Account Control (UAC), a new set of features in Windows Vista, helps strike a balance between the flexibility and power of an administrator account and the security of a standard user account.
Activities such as surfing the Web, sending e-mail, and using productivity programs don't require special administrative privileges. Windows Vista makes it easy to perform these activities and be productive using standard user accounts.
When you want to perform an administrative task, like installing a new program, Windows Vista prompts you to verify that you want to install the program before allowing that administrative task to run. This way, the use of administrator privileges is minimized, making it more difficult for malware, such as viruses, worms, spyware, and other potentially unwanted software, to have machine-wide impact on your PC.
UAC also helps protect family computers from malware. Often malware is hidden in programs that appeal to children. To help protect your computer, you can create standard user accounts for your children. When your child tries to install a piece of software, the system will ask for an administrator account's password. Your children cannot install new programs by themselves.
Better protection from malware
Malware, such as viruses, worms, spyware, and other potentially unwanted software, can cause a wide range of problems, including theft of personal information, slower PC performance, and the appearance of unwanted advertising (such as pop-up ads). The effects of malware can range from mere annoyances to significant problems that take a considerable amount of time and money to fix.
Security alerts enable you to quickly resolve potentially damaging issues that can harm your Windows Vista PC.
· Windows Defender helps protect you against spyware and other potentially unwanted software.
· And the Malicious Software Removal Tool (MSRT) periodically scans your PC looking for known prevalent viruses. (The MSRT is not part of Windows Vista but may be downloaded from Microsoft at no additional cost.)
In addition to using these built-in Windows Vista features, you should help keep your computer healthy by using antivirus software such as Windows OneCare or an antivirus solution from one of Microsoft's partners.
Speech Recognition is fully integrated into Windows Vista and is built on top of the latest Microsoft speech technologies. It has unparalleled voice recognition accuracy that improves with use as it adapts to your speaking style and vocabulary. Speech Recognition supports multiple languages and includes a new human-sounding speech synthesizer.
With Speech Recognition in Windows Vista you can control your computer by voice whether dictating an e-mail or controlling applications. Microsoft-designed Speech Recognition is entirely focused on what you want. Right from the start, you can work through guided setups and an interactive training application to get familiar with key concepts and commands. The innovative natural user interface provides choices or additional questions to help you along. Whether starting an application, selecting a word, or correcting a sentence, you are always in control and are smoothly guided toward a list of smart choices.
Windows Updates:
Customizing Windows Update settings and actions provides you with seamless updating and flexibility when those updates occur.
Easier
Automatic delivery of important and recommended updates: In Windows Vista, Windows Update can automatically download and install both important and recommended updates. In earlier versions, only updates classified as “Important” could be installed automatically, and you had to manually select and download other available updates.
Improved consistency: In Windows Vista, you will see the same user interface whether you are on your home computer or your corporate computer updated through a Windows software management solution.
Less disruptive
More seamless updating: When an update applies to a file in use, Windows Vista can save the application's data, close the application, update the file, and then restart the application.
Greater flexibility: In Windows Vista, updating occurs in the background or may be scheduled for a time that's convenient for you. If an update requires a restart to complete installation, you can schedule it for a regular time. You can also postpone a previously scheduled restart until your current work is complete.
Until now, there has not been an easy way to manage all of these individual sync relationships — you often have a fragmented experience that depends on the specific device or data sources. The new Sync Center helps you to initiate a manual sync, stop an in-progress sync, see the status of current sync activities, and receive notifications to resolve conflicts.
Use the new Sync Center to manage the synchronization of your data with other PCs or the devices you connect to your PC. While Sync Center offers a unifying synchronization experience, it does not incorporate the sync tools or functionality provided by third-party applications. Windows Vista itself detects, diagnoses, and helps you respond to common problems. But when incidents that require support do occur, Windows Vista provides centralized support tools and resources to quickly diagnose and resolve issues. In Windows Vista, Remote Assistance is optimized for the enterprise, with faster performance, built-in diagnostic tools, and the ability to assist users at home, on the road, or from a remote location.
Windows Vista introduces a breakthrough user experience and is designed to help you feel confident in your ability to view, find, and organize information and to control your computing experience.
The visual sophistication of Windows Vista helps streamline your computing experience by refining common window elements so you can better focus on the content on the screen rather than on how to access it. The desktop experience is more informative, intuitive, and helpful. And new tools bring better clarity to the information on your computer, so you can see what your files contain without opening them, find applications and files instantly, navigate efficiently among open windows, and use wizards and dialog boxes more confidently.
Ease of use
When you start using Windows Vista, you will recognize familiar elements such as the Start menu, which is now faster, more streamlined, and more helpful than in previous versions of Windows. The Start menu features integrated desktop search through a new feature called Quick Search which can help you find and launch almost anything on your PC. Just type in a word, a name, or a phrase, and Quick Search can find the right file for you. But more than that, the new start menu makes it very easy for you to navigate across all of the installed applications on your PC. Eliminating the slow performing, cascading "All Programs" view, the new start menu can help you get something started faster than ever.
ßUse Quick Search to find the information you need fast.
Desktop Search
With Windows Vista, you no longer have to remember where you store every file. Instead, to find a file, you need to only remember something about it, such as a word contained within a document, the artist of a song, or the date a picture was taken. Powerful, integrated desktop search capabilities help you find just about anything on your computer quickly, without having to search for it by browsing through folders. For example, in the new Start Menu, it is as simple as typing a word, a phrase, a property, or any part of a file name into the embedded Quick Search box to instantly find the file that you want.
ß A new yet familiar look to the Start menu in Windows Vista.
To make searching even more efficient, Windows Vista enables you to add or edit file properties or data associated with a file, like a keyword on a document, the artist of a song, or the event where a picture was taken, to make it easier for you to find in the future. For example, you could add a "graduation" keyword to photos taken at a graduation ceremony when you save them to your computer. Later, just search for "graduation" in the Quick Search box in the start menu or the Windows Photo Gallery, and all the graduation-related pictures will be displayed.
Search Folders
Windows Vista introduces Search Folders, a powerful new tool that makes it easy to find and organize your files—wherever they may be on your PC. A Search Folder is simply a search that you save. Opening a Search Folder instantly runs that saved search, displaying up-to-date results immediately.
For example, you could design a search for all documents that are authored by "John" and that contain the word "project." This search, titled "Author John/Keyword Project" is saved as a Search Folder. When you open this Search Folder, the search runs, and you see the results immediately. As you add more files to your computer that have the author John and contain the word "project," those files will also appear in the Search Folder alongside the other matching files, regardless of where they are physically saved on your PC. It is simple and fast.
The new Document Explorer makes working with your files a snap. Find your files faster and with the new Live Icon feature, and see what they contain without having to open them.
Explorers
The new Explorers are powerful yet easy-to-use tools for working with files consistently across Windows Vista. Explorers give you more information and control while simplifying how you work with your files. The experience is easy and consistent, whether you're browsing photos or documents or even using the new Control Panel.
Key elements of the Explorers in Windows Vista are designed to help you get to the information you need, when you need it. Quick Search is always available to help you find files instantly. The navigation pane contains the new Search Folders found in Windows Vista, as well as traditional folders that you have created on your computer. Command Bars display only the tasks that are most appropriate for the files being displayed. With new Live Icons (scalable thumbnails) used throughout Windows Vista, you can see the first page of documents, the actual image of a photo, or the album art for individual songs in your music collection, making it easier to find exactly what you are looking for.
Type keywords into the Quick Search box in the new Control Panel to quickly find the right system setting.
Windows Aero
Windows Vista is the first Windows operating system that has a user experience that can gracefully scale to the hardware capabilities of the computer it is installed on. All computers that meet minimal hardware requirements will see the Windows Vista Basic user experience, which provides the benefits of the refined interface features already mentioned.
Windows Vista Aero provides spectacular visual effects such as glass-like interface elements that you can see through.
Windows Aero is an environment with an additional level of visual sophistication, one that is even more responsive and manageable, providing a further level of clarity and confidence to Windows users.
Live taskbar thumbnails
Resting the mouse pointer over a taskbar item displays a live thumbnail of the window, showing the content of that window..
See thumbnail views of the items in your taskbar by resting your mouse pointer on them.
The live thumbnail is displayed whether the window is minimized or not, and whether the content of the window is a document, photo, or even a running video or process
Use Flip to view and navigate more easily open windows.
Windows Flip and Windows Flip 3D
Windows Vista provides two entirely new features to manage windows: Windows Flip and Windows Flip 3D. Flip allows you to flip through open windows (by using Alt+Tab), providing a live thumbnail of each window, rather than just a generic icon and file name.
Live thumbnails make it easier to quickly identify the window you want, particularly when multiple windows of the same kind are open.
With Flip 3D, you can use the scroll wheel on your mouse to flip through open windows in a stack, and quickly locate and select the one you want to work with.
ßUse Flip 3D to navigate through open windows using the scroll wheel on your mouse
New Internet Explorer 7 features, like tabbed browsing and live previews, make it easier for you to get to the Web sites you want to visit.
Internet Explorer 7 also provides new tools to give you direct access to information you want, with built-in support for Web feeds known as Really Simple Syndication (RSS). RSS is a technology you can use to have information sent to you, so you don't have to look for it. Through RSS subscriptions, you can automatically receive feeds (lists) of headlines from Internet sites. Internet Explorer discovers these feeds on sites and allows you to preview and subscribe to them. Once you subscribe, Internet Explorer 7 systematically consolidates headlines from each feed into one list. This lets you quickly browse new information from various sites without having to visit each site separately.
Windows Vista also builds upon the User Account Protection initiative—by default, limiting Internet Explorer 7 to just enough permissions to browse the Web, but not enough to modify your files or settings—keeping your PC safer from Web-based attacks. This Windows Vista-only feature, known as protected mode, means that even if a malicious site attacks a potential vulnerability in Internet Explorer 7, the site's code will not have enough privileges to install software, copy files to the Startup folder, or hijack the settings for your browser's home page or search provider.
Gadgets
Gadgets are mini-applications with a wide variety of possible uses. Gadgets can connect to Web services to deliver weather information, news updates, traffic maps, Internet radio streams, and slideshows of online photo albums. Gadgets can also integrate with your applications to streamline your interaction with them. For example, a gadget can give you an at-a-glance view of all your online instant messaging contacts, the day view from your calendar, or an easy way to control your media player. Of course, gadgets can also have any number of dedicated purposes. They can be calculators, games, sticky notes, and more.
Windows Sidebar gives you quick access to gadgets like picture slideshows, Windows Media Player controls, or news headlines. You pick the gadgets you want to see in Windows Sidebar.
Microsoft Windows Vista comes with an essential set of gadgets to get you started. You will be able to easily download more gadgets from an online gadget gallery. This gallery will host gadgets from a wide variety of developers and offer an extensive selection to meet your interests.
Windows Sidebar
Windows Sidebar is a pane on the side of the Windows Vista desktop that organizes gadgets and makes them easy to access. Windows Sidebar is the perfect complement to widescreen monitors and also works seamlessly on standard displays. You can easily customize Windows Sidebar to suit how you want to interact with it—whether you want it always on top or resting below maximized windows. You can also move gadgets off the Windows Sidebar and place them anywhere on your desktop.
Sleep
Windows Vista introduces a new power state called Sleep. In Windows XP, after you shut down your PC, it takes a long time to turn it back on. The new Sleep state in Windows Vista combines the speed of Standby with the data protection features and low power consumption of Hibernate. Resuming use when your PC is in the Sleep state takes just 2-3 seconds. You can shut down and restart your computer less often by using the new Sleep state, a simple one-click on and off experience which not only reduces power consumption, but also helps protect your data.
Sleep on desktop PCs
Sleep works in a different way on Windows Vista-based desktops than it does on Windows Vista-based laptops. When you turn off a Windows Vista-based desktop, all the documents, applications, and data that are currently in use are saved in two places. First, they are saved to the memory, or RAM, where they are quickly accessible (in Windows XP this was called Standby). Simultaneously, the information is saved to the computer's hard disk (in Windows XP this was called Hibernate). In Sleep, Windows Vista simultaneously saves the current user information to both memory and the hard disk.
In Sleep, Windows Vista uses the data saved to memory to help you restart faster after extended periods of non-use. Simply move the mouse or press any key on the keyboard, and the computer starts up within seconds.
The Sleep state uses the data saved to your hard disk to protect it in case of power loss. When you resume the use of your desktop after a power failure, Windows Vista will quickly restart from Sleep using the data saved to disk, with all of your data and applications intact.
Sleep on laptop PCs
On laptop PCs, you can enter the Sleep state by pressing the Power button or closing the laptop lid. Your data is saved to memory, letting you resume use faster. As battery power winds down, Windows Vista quickly transitions the data to disk to help keep the data safe. Windows Vista lets you resume use of your computer more quickly and reliably than previous versions of Windows.
SuperFetch
SuperFetch, a new feature in Windows Vista, allows applications and files to load much faster than on Windows XP-based computers. In previous versions of Windows, system responsiveness could be uneven. You may have experienced sluggish behavior after booting your machine, after performing a fast user switch, or even after lunch. Although too many carbohydrates might slow you down after lunch, your computer slows down for different reasons. When you're not actively using your computer, background tasks—including applications such as automatic back-up and antivirus software—take this opportunity to run when they will least disturb you. These background tasks can take space in system memory that your applications were using. After you start to use your PC again, it can take some time to reload your data into memory, slowing down performance.
SuperFetch, a new technology in Windows Vista, understands which applications you use most, and preloads these applications into memory, so your system is more responsive when you first boot or when you switch to a different user profile. SuperFetch uses an intelligent prioritization scheme that understands which applications you use most often, and can even differentiate which applications you are likely to use at different times (for example, on the weekend versus during the week), so that your computer is ready to do what you want it to do. SuperFetch can also prioritize your applications over background tasks, so that when you return to your machine after leaving it idle, it's still responsive.
External memory devices
Adding system memory (RAM) is often the best way to improve your PC's performance. More memory means more applications are ready to run without accessing the hard drive. However, upgrading memory is not always easy. You must learn what type of memory you need, purchase the memory, and open your computer to install the memory—which sometimes can invalidate your support agreement. Also, some machines have limited memory expansion capabilities, preventing you from adding RAM even if you are willing to do so.
Windows Vista introduces a new concept in adding memory to a system. USB flash drives can be used as External Memory Devices (EMDs) to extend system memory and improve performance without opening the box. Your computer is able to access memory from an EMD device much more quickly than it can access data on the hard drive, boosting system performance. When combined with SuperFetch technology, this can help drive impressive improvement in system responsiveness.
EMD technology is both reliable and secure. You can remove an EMD at any time without any loss of data or negative impact to the system; however, if you remove the EMD, your performance returns to the level you experienced without the device. Wear on the USB drive is not an issue when using it as an EMD. A unique algorithm optimizes wear patterns, so that a USB device can run as an EMD for many years, even when heavily used. Finally, data on the EMD is encrypted to help prevent inappropriate access to data when the device is removed.
Hybrid Hard Drive
A Hybrid Hard Drive is a new type of hard drive with an integrated non-volatile flash memory buffer. If your machine is equipped with a Hybrid Hard Drive, Windows Vista takes advantage of this hardware to boot, hibernate, and resume use more quickly. Hybrid Hard Drive technology can also improve system reliability and battery life.
The hybrid drive is intended for mobile PCs running Windows Vista. Your data is written to the flash memory, which saves work for the mechanical hard drive—saving you battery power. The hybrid drive helps Windows Vista resume use faster from Sleep because data can be restored from flash memory faster than from the mechanical hard drive. And since the mechanical hard drive is not working when you are in Sleep state with the Hybrid Hard Drive, you have less risk of hardware problems with the hard drive when you're on the move. Windows Vista takes advantage of Hybrid Hard Drives to save battery life, resume use faster from hibernation, and improve reliability.
Check your connection status, see your network visually, or troubleshoot a connection problem in the Network Center.
Easily connect to your workplace from home using the Network Center.
Network Center
Windows Vista puts you in control of your network experience with the Network Center—the central place for all your networking needs. Network Center informs you about the network your computer is connected to and verifies whether it can successfully reach the Internet. It even presents this information in a summary in the Network Map so you can immediately see your connectivity to the network and Internet.
If a PC on the network loses Internet connectivity, you can graphically see that the link is down, and then use Network Diagnostics to help determine the cause of the problem and get a suggestion for a solution.
Network Center also allows you to quickly connect to other available networks, or create entirely new connections. You can view and configure your most important network settings in one place. And for less frequently accessed settings, Network Center provides direct links so you can easily find what you're looking for.
Network Center also makes it easy to connect your workplace network from home.
Network Setup
With Windows Vista, setting up a network between multiple PCs and devices (including printers, music players, and game systems) is simple and intuitive. The Network Setup Wizard allows you to set up wired or wireless networks by identifying unconfigured network devices and adding them to the network. The Network Setup Wizard also automates the process of adding new devices to your network. It automatically generates secure network settings to keep your network safe from intruders.
Network settings can also be saved to a portable USB flash drive to make adding PCs and devices to the network a quick and easy process. Simply insert the USB flash drive into a PC or device and it will automatically read the data and ready itself to join the network. File and printer sharing is also easily enabled on each PC on the network from the Network Setup Wizard, so you can share documents, photos, music, and other files across your network.
Network Explorer
Once a network is set up, you need to be able to easily browse content on networked PCs, devices, and printers. The new Network Explorer in Windows Vista makes it easy to share files and take advantage of the connectivity that a network provides. It presents a view of all PCs, devices, and printers on the network, and is significantly faster and more reliable than My Network Places in Windows XP. The Network Explorer is even able to use custom, representative icons for different devices (when enabled by manufacturers). You can also directly interact with select devices—adjust settings or control music playback, for example.
Create networks to share files, printers, and other devices.
Network Map
When people have multiple computers and devices on a network, with a combination of wireless and wired connections, it can be difficult to understand how everything is connected. Windows Vista provides a new feature called Network Map which shows you an easy-to-understand, graphical view of everything on the network, and how everything is connected. This helps you optimize your network for the best performance and easily locate any problems.
Wireless Networking
Windows Vista improves the wireless network experience in a number of ways. The new Network Awareness feature in Windows Vista keeps your applications aware of and optimized for the network's changing capabilities. Your data is also more secure with enhanced support for the latest wireless security protocols, including WPA2. Windows Vista helps you avoid connecting to fraudulent wireless networks which seem like legitimate hotspots but, in fact, are not. Windows Vista also provides an easy way to create ad-hoc wireless networks to use peer-to-peer applications such as file sharing and application collaboration.
Network Map in a home environment showing a broken connection to a wireless router
Network Awareness
Network Awareness provides the ability to report changes in network connectivity to applications in order to provide a more seamless connected experience. As you connect to different networks, the change is communicated to Network Awareness-supported applications, which can then take appropriate actions for your connection to that network. For example, when you switch from your home office to your corporate network, firewall settings can be configured to open the ports needed to allow the use of IT management tools. Group Policy will detect the reconnection to the corporate network and automatically begin processing policy changes instead of waiting for the next detection cycle.
Windows Vista SideShow technology enables laptop manufacturers to include a secondary or auxiliary display in future laptop designs. This display can be used to easily view the critical information you need, whether the laptop is on, off, or in sleep mode. The convenience provided by these auxiliary displays will save time and battery life by allowing you to quickly view meeting schedules, phone numbers, addresses, and recent e-mail messages without having to start up your laptop.
Quickly access the key information you need like appointments, key e-mails, or notes without turning on your laptop using Windows SideShow.
The Windows Vista SideShow platform will also enable hardware manufacturers to build auxiliary displays in a wide range of peripheral devices such as keyboards, LCD display casings, remote controls, and cell phones. These devices can then display information received from a Windows Vista-based PC, providing even more convenience to your everyday computing.
Easily manage the information you want to appear on Windows SideShow enabled devices.
Updated Remote Assistance makes it easier to get the help you need when you need it.
Security
User Account Control (UAC), a new set of features in Windows Vista, helps strike a balance between the flexibility and power of an administrator account and the security of a standard user account.
Activities such as surfing the Web, sending e-mail, and using productivity programs don't require special administrative privileges. Windows Vista makes it easy to perform these activities and be productive using standard user accounts.
When you want to perform an administrative task, like installing a new program, Windows Vista prompts you to verify that you want to install the program before allowing that administrative task to run. This way, the use of administrator privileges is minimized, making it more difficult for malware, such as viruses, worms, spyware, and other potentially unwanted software, to have machine-wide impact on your PC.
UAC also helps protect family computers from malware. Often malware is hidden in programs that appeal to children. To help protect your computer, you can create standard user accounts for your children. When your child tries to install a piece of software, the system will ask for an administrator account's password. Your children cannot install new programs by themselves.
Better protection from malware
Malware, such as viruses, worms, spyware, and other potentially unwanted software, can cause a wide range of problems, including theft of personal information, slower PC performance, and the appearance of unwanted advertising (such as pop-up ads). The effects of malware can range from mere annoyances to significant problems that take a considerable amount of time and money to fix.
Security alerts enable you to quickly resolve potentially damaging issues that can harm your Windows Vista PC.
· Windows Defender helps protect you against spyware and other potentially unwanted software.
· And the Malicious Software Removal Tool (MSRT) periodically scans your PC looking for known prevalent viruses. (The MSRT is not part of Windows Vista but may be downloaded from Microsoft at no additional cost.)
In addition to using these built-in Windows Vista features, you should help keep your computer healthy by using antivirus software such as Windows OneCare or an antivirus solution from one of Microsoft's partners.
Speech Recognition is fully integrated into Windows Vista and is built on top of the latest Microsoft speech technologies. It has unparalleled voice recognition accuracy that improves with use as it adapts to your speaking style and vocabulary. Speech Recognition supports multiple languages and includes a new human-sounding speech synthesizer.
With Speech Recognition in Windows Vista you can control your computer by voice whether dictating an e-mail or controlling applications. Microsoft-designed Speech Recognition is entirely focused on what you want. Right from the start, you can work through guided setups and an interactive training application to get familiar with key concepts and commands. The innovative natural user interface provides choices or additional questions to help you along. Whether starting an application, selecting a word, or correcting a sentence, you are always in control and are smoothly guided toward a list of smart choices.
Windows Updates:
Customizing Windows Update settings and actions provides you with seamless updating and flexibility when those updates occur.
Easier
Automatic delivery of important and recommended updates: In Windows Vista, Windows Update can automatically download and install both important and recommended updates. In earlier versions, only updates classified as “Important” could be installed automatically, and you had to manually select and download other available updates.
Improved consistency: In Windows Vista, you will see the same user interface whether you are on your home computer or your corporate computer updated through a Windows software management solution.
Less disruptive
More seamless updating: When an update applies to a file in use, Windows Vista can save the application's data, close the application, update the file, and then restart the application.
Greater flexibility: In Windows Vista, updating occurs in the background or may be scheduled for a time that's convenient for you. If an update requires a restart to complete installation, you can schedule it for a regular time. You can also postpone a previously scheduled restart until your current work is complete.
Until now, there has not been an easy way to manage all of these individual sync relationships — you often have a fragmented experience that depends on the specific device or data sources. The new Sync Center helps you to initiate a manual sync, stop an in-progress sync, see the status of current sync activities, and receive notifications to resolve conflicts.
Use the new Sync Center to manage the synchronization of your data with other PCs or the devices you connect to your PC. While Sync Center offers a unifying synchronization experience, it does not incorporate the sync tools or functionality provided by third-party applications. Windows Vista itself detects, diagnoses, and helps you respond to common problems. But when incidents that require support do occur, Windows Vista provides centralized support tools and resources to quickly diagnose and resolve issues. In Windows Vista, Remote Assistance is optimized for the enterprise, with faster performance, built-in diagnostic tools, and the ability to assist users at home, on the road, or from a remote location.
DHCP
************DHCP************
The lease process consists of four different messages processed in this order:
1. DHCPDISCOVER initial broadcast message sent from client to obtain IP address.
2. DHCPOFFER message from DHCP server that contains a possible IP address for the client.
3. DHCPREQUEST from client to DHCP server indicating that the client would like to receive the offered IP address
4. DHCPACK Final message, server to the client, server acknowledges that the IP address is assigned to the client. Other messages DHCPNAK a negative acknowledgement from the server to the client indicating IP not available. DHCPRELEASE from client to server requesting current IP be canceled. DHCPINFORM a new message type for windows 2000, gets options for local config. 3 Types of Options Server options: effective for all scopes configured for the server Scope Options: applied to the scope they are configured for Reservation options: Only applied to specified computer Windows 2000 DHCP supports: Superscopes (administrative container for 2 or more scopes of different network segments) multicast scopes (MADCAP) DHCP server needs to be authorized with active directory before allocating IP addresses unless it’s a standalone server. DHCP relay agent is required on all segments that do not contain a DHCP server OR not all BOOTP compatible routers. Dynamic DHCP update both A & PTR records: By default, the dynamic update options for a Windows 2000 DHCP client computer are configured so that the Windows 2000 computer will register its own A (host) resource record and will request that the DHCP server register its PTR resource record Older version clients use mmc-DHCP\Server\Scope\Properties\DNS tab\ Settings = Automatic update client, always update, Enable update for clients who can’t. to register there A & PTR records By default, when DHCP client leases expire, the DHCP server automatically removes from DNS any resource records that it originally registered Two DHCP servers on same subnet 80/20 rule DHCP server 1 - 80% of the available IP addresses DHCP server 2 - 20% of the available IP addresses DHCP wizard does not let you set an unlimited lease, only 999; you must use scope properties\Advance tab for setting unlimited lease. RRAS configured to use DHCP obtains 10 IP addresses from the DHCP server upon bootup. It keeps one for itself and gives the others to clients. After the 10 are gone it requests in blocks of 10. If you don't you DHCP you can make a Static pool on the RRAS. To transfer DHCP database from one DHCP server to another u must use either the DHCP console or the net stop dhcpserver command to stop the original DHCP server. To ensure that the DHCP service will not start again, you should then disable the DHCP Server service. Next, you should copy the %Systemroot%\System32\Dhcp, to a temporary folder on the new DHCP server. The last necessary action is to copy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer Registry subkey to a text file. IGMP (Internet Group Management Protocol) proxy mode interface 'points' to the multicast-enabled Intranet Multicast Address Dynamic Client Allocation Protocol (MADCAP) Multicast addresses fall within the Class D IP address range from 224.0.0.0 through 239.255.255.255. The Class D IP address range from 239.0.0.0 through 239.254.255.255 is a reserved range that is intended to be administratively scoped, much like the unicast IP address ranges that are reserved for private networks. RFC 2365 highly recommends using the range that begins at 239.192.0.0 with subnet mask of 255.252.0.0 for an organizational network so that the earlier addresses are available for future expansion. The 233.0.0.0 through 233.255.255.255 range is recommended for use with MADCAP for purpose of global scoping on a public network such as the Internet. To prevent intra-branch office multicast traffic from being copied to the branch office link. Use RRAS to Configure appropriate scope-based boundaries on the interface on the hub office.
************NWLink ************ IPX/SPX NetBIOS compatible transport protocol (NWLink), main components: CSNW, GSNW Gateway service for NetWare Directory service migration tools File and Printer services for NetWare To ensure that the appropriate users have access to the Shared volume on the NetWare server, you should take following steps: Install the IPX/SPX gateway on the NetWare server Install the Gateway Service for NetWare on a Windows 2000 Server computer Create NTGATEWAY group on NetWare server Create user accounts on the NetWare server for the users who need access Place the new accounts in the NTGATEWAY group Enable the gateway to the NetWare server on the Windows 2000 Server computer Create and activate a gateway to the Shared volume Assign permissions to the gateway share on the Windows 2000 Server computer Direct users to the share on the Windows 2000 Server computer
Default Ethernet frame types;
NetWare 3.12 and later - 802.2 - Win2k default NetWare 3.11 and earlier - 802.3 How to add NetWare 4.x servers to WindowsNT domain; When you select a NetWare 4.x server in the 'Select NetWare server' dialog box in Directory Manager for NetWare (DSMN) the following message appears: “is a NetWare 4.x server. It cannot be added to the domain” You need to change following registry key: HKLM\System\CurrentControlSet\Services\MSSync\Parameters\Allow4x
************WINS ************ NetBios name resolutions -- Resolve Order B-node uses a local broadcast P-node Uses WINS server M-node Cache, local broadcast, wins, Lmhosts, Host, DNS H-node Cache, wins, local broadcast, Lmhosts, Host, DNS
************Lmhosts************ Lmhosts file is a static file that assists with remote NetBIOS name resolution on computers that cannot respond to NetBIOS name-query broadcasts. Location systemroot\System32\Drivers\Etc #pre: static name-to-address mappings, pre-loaded into the NetBIOS names cache, used first to resolve name query #Dom: domain-tag will associate the entry with the domain specified #include: path to file- will force to seek the specified and parse it as if it were local. #Begin_Alternate & End_alternate allow multiple #INCLUDE statements to be grouped together. #NOFNR #MH multiple entries exists due to multihomed computers Static mappings; Name-to-address mapping to the server database, for computer that does not directly use WINS (instead using static mappings might be resolved by lmhosts files or DNS servers) The Nbstat –RR command is used to force WINS clients to release and refresh their NetBIOS names in WINS database WINS Pull replication convergence time for wan; add together the two longest convergence times between spokes and the hub
(Hub-and-Spoke WINS replication configuration) Pull replication can only be configured to occur at specified time intervals Push replication can only be configured to occur after a specified number of changes in the version ID of the local WINS database. To backup WINS database; Default Every 3 Hours Right-click on WINS server, choose 'Back Up Database', browse to a folder on local server and click ok. This series of actions creates a \Wins_Bak\New folder within the designated folder and configure the server to automatically backup its WINS database to the local \Wins_Bak\New folder at interval of every three hours. WINS Proxy must be present on the subnet that includes the Unix servers in order to listen for their B-node broadcasts and either resolve them from its existing cache or query the WINS server in order to update the WINS proxy cache To make a computer a proxy agent requires a change to a Registry key --- enableproxy set to 1 WINS Proxies are used to resolve name resolution requests that are broadcast by non-windows-enabled computers. 2 components that utilize wins are My Network Places and Net.exe command WINS server on one subnet With clients on many subnets; Configure the WINS server to include its IP address as a WINS client computer when configuring the servers TCP/IP properties on the Advanced Wins Tab. When values below 20 are specified for number of version ID changes, persistent connection is required in order for replication to occurYou can use Jetpack utility to compact and perform minor repairs on WINS database, but this action would not update the outdated NetBIOS name mappings.
***********RRAS ************ Authentication options are: PAP--- Password Authentication Protocol,plaintext SPAP--- Shiva Password Authentication Protocol - reversible encryption mechanism CHAP ---Challenge Handshake Authentication Protocol MS-CHAP 1, 2 ---Microsoft Challenge Handshake Authentication Protocol versions 1 & 2 EAP ---Extensible Authentication Protocol EAP-MD5, EAP-TLS will not work on stand alone W2K server, must be Active Directory
************Unauthenticated access************ MS-CHAP v1 cannot be used to establish a 40-bit encrypted connection if the user has a password of more than 14 characters. To enable CHAP-based authentication make all setting + Reversible encryption of passwords Reversible encryption of passwords does not affect existing passwords, after reversible encryption is selected, a user's password must be reset
***********Connection Types supported************ PPP, MPPE, PPTP, L2TP PPP is the basis for the PPTP and L2TP protocols, which are used in secure virtual private network (VPN) connections Supported PPP connections: Multilink- more than one connection, BAP- with multilink dynamically controls bandwidth utilization, LCP- Callback and Caller ID feature. For VPN connections, Windows 2000 uses MPPE with the Point-to-Point Tunneling Protocol (PPTP) and IP Security (IPSec) encryption with the Layer Two Tunneling Protocol (L2TP). For dial-up networking connections, Windows 2000 uses Microsoft Point-to-Point Encryption (MPPE). With the basic and strong encryption methods MPPE provides only link encryption, not end-to-end encryption. If end-to-end encryption is required, IPSec can be used to encrypt IP traffic from end-to-end after the PPTP tunnel is established. Data encryption for PPP or PPTP connections is available only if MS-CHAP (v1 or v2) or EAP-TLS is used as the authentication protocol. Data encryption for L2TP connections relies on IPSec, which does not require any specific authentication protocol. Maximum level of data encryption for WindowsNT 4.0 and Windows98 computers is MS-CHAP v2 for VPN connections L2TP enables the use of IPSec for securing the payload To create L2TP server only; set the number of PPTP ports to 1 and then clear the remote access connection (inbound only) and demand-dial routing connections (inbound and outbound) check boxes on the client computer change the type of VPN server from automatic to L2TP A remote access server running Windows 2000 does not support SLIP clients. Serial Line Internet Protocol (SLIP) is an older remote access standard typically used by UNIX remote access servers. Windows 2000 Network and Dial-up Connections supports SLIP, and you can make connections to any remote access server by using the SLIP standard.
***********IPSec************ The Kerberos V5 security protocol is the default authentication technology Protects integrity, ensures confidentiality, Authenticates credentials, protects computers from net attack Profiles are for users Filters are for machines. Filters define the type of packets are allowed to be processed. Select the session key perfect forward secrecy check box to guarantee that no master keying material will be re-used to generate the session key You can monitor and troubleshoot IPSec by using the ipsecmon command to start IP Security Monitor and by enabling audit policy and viewing IPSec events in Event Viewer. When IPSec is tunneled, ESP should be applied first then the Authentication header (AH) “layer 3 tunneling”
***********RAS server order of process************ After Authentication 1. Check RRAS Policy 2. Check user dial up property configuration 3. Check policy profile settings RIP v1 and RIP v2 are distance-vector routing protocols; RIP v1 and RIP v2 routers periodically broadcast the routes that are contained on the routing table to the network. However, the changes are not broadcast immediately. Rip 1 vs Rip 2. 2 supports password, CIDR, VLSM, MULTICAST--- RIP 1 is chatty Split horizon and Poison reverse settings prevent rip routing loops. Route command: Route Print ---list all routes this computer knows. Route –F ---clears table. RIP v2 router terminology; PEER FILTERING: Ability to accept or discard updates of announcements from specific routers identified by IP address ROUTE FILTERING: Ability to accept or discard updates of specific network IDs or from specific routers RIP NEIGHBOURS: Ability to unicast RIP announcements to specific routers to support on broadcast technologies like frame relay. A rip neighbour is a RIP router that receives unicasted RIP announcements
************RAP Remote Access Policy terminology************ CONDITIONS - determine the conditions to match PERMISIONS - determine weather to grant or deny remote access permission USER PROFILE – profile for users who matched the conditions you have specified The first RAP that matches the conditions of the call attempt is used to determine whether the connection attempt will be accepted or rejected.
************Ports************ 20 FTP server (data channel) 21 FTP server (control channel) 23 Telnet server 53 Domain Name System zone transfers 80 HTTP Internet Access139 NetBIOS session service 443 HTTPS secure web pages To duplicate the configuration to the ISA server on the stand-by server; You should use 'netsh aaaa show config' command on the IAS server to create a script file, copy the script file to stand-by server, and use the 'netsh exec' command to stand-by server to process the script file Windows 2000 doesn't support the use of OSPF on non-persistent demand-dial connections DVMRP is not available with RRAS; therefore, you cannot install it on the Windows 2000 routers. In order to enable multicast traffic to pass through an Intranet section that does not support multicast routing, you must use an IP-in-IP tunnel. In order to enable each user group to send multicast datagrams to the other group, you should create an IP-in-IP tunnel interface on each Windows 2000 router. If you use NetMon in a switched network environment, you see only the traffic addressed to the computer that is running NetMon The Identify Network Monitor users… command will not detect instances of Network Monitor or Network Monitor driver that are running on computers located on remote subnets unless the routers forward multicast packets SNMP devices and consoles are grouped into communities by the use of a community name. SNMP devices and SNMP consoles must share a common community name in order to interact by using SNMP.
************ICS************ In order for network computers to gain access to the Internet through an ICS computer, the TCP/IP configuration of the network computers must be changed to allow them to obtain their IP address automatically. When ICS is enabled on the LAN interface of Windows 2000 Server computer, the LAN interface is automatically configured with the IP address 192.168.0.1 and subnet mask 255.255.255.0. If network computers are configured to obtain their IP address automatically, then ICS assigns them IP addresses starting from 192.168.0.2 with a subnet mask of 255.255.255.0
************NAT************ NAT editors enable a NAT server to perform network address translation when protocols such as FTP, ICMP, PPTP and NetBT are used. A default static route must always have a destination of 0.0.0.0 and a subnet mask of 0.0.0.0. In order to ensure the correct translation of traffic that is bound from private hosts to the Internet. You must select the Translate TCP/UDP headers (recommended) option when the number of IP address on the private network exceeds the number of IP addresses configured on the public interface of the NAT server. By using the RRAS console to select Resolve IP address for Clients using DNS check box, you have configured the NAT server to forward name resolution request to DNS servers on Internet Although the NAT computer is not actually a DNS server, the computers on private network should be configured with the address of the NAT server as their preferred DNS server because NAT server will function as DNS proxy on behalf of the client computers.
************DNS ************ Although the use of AD integrates primary zones is not required in AD-domain, they are the only zones that allow DNS clients to perform dynamic updates to any DNS server in a domain. With AD-integrated zones, DNS zone data is stored in the AD database, which is replicated to all domain controllers. Refreshes every 24 hours by default With standard primary DNS zones, only one copy of a particular primary zone can exist, and only the DNS server that hosts the primary zone can accept dynamic updates from DNS clients. Thus, it the DNS server that hosts the primary zone is unavailable, then DNS clients cannot perform dynamic updates of their resource records. The ipconfig /registerdns command is used to force DNS clients to create A (host) record for itself Nslookup is used for troubleshooting DNS. Nslookup is available only if the TCP/IP protocol has been installed. A DNS client always checks its resolver cache before querying a DNS server; therefore, user must flush the resolver caches of the network computers. Flushing the caches will purge the caches of all information obtained through dynamic resolution attempts. By stopping and starting the DNS client service on each network computer, you will flush the DNS resolver cache of each network computer, you can also flush the local resolver cache by carrying out the ipconfig /flushdns command on each network computer. Only DNS servers that host primary zones or AD-integrated zones have SOA records; therefore, you cannot increase the value of Refresh Interval setting of the SOA record on secondary DNS server. In the simple test, the DNS client resolver on the computer that hosts the DNS server attempts to query the local DNS server. Part of the simple test involves the DNS server attempting to ping its own loopback address of 127.0.0.1. If the simple test fails on DNS server, then your first troubleshooting step should be to determine whether the server contains the 1.0.0.127.in-addr.arpa zone. In the recursive test, the local DNS server attempts to resolve a query by querying another DNS server, such as a DNS server on Internet. If the recursive test fails and there is no firewall between the DNS server and the Internet, then the first troubleshooting step you should take is to determine whether the root hints are correct, then your next step should be to use the nslookup server DNS_server_IP_address set querytype=NS command
************Certification Authorities************ You cannot use an enterprise root CA as an off-line root CA, because enterprise CA's require AD to issue certificates, an enterprise CA that was taken off-line would no longer be able to issue certificates. An offline Root CA is a root CA that is not connected to the network. However, you should install the root CA on a member server of an AD domain while the member server is attached to the network. By installing the root CA on a computer that is attached to the network, you ensure that the CA updates AD and that all domain computers and users will trust the certificates that it issues. You should obtain a Server Gated Cryptography (SGC) server certificate from a commercial CA in order to assure visitors of your Web site’s identity and provide 128-bit cryptography for all Web communications. The SGC protocol is extension of SSL. An SGC server certificate is used to provide added encryption between a client computer and Web server. In order to ensure that employees can download the unsigned custom controls from your company’s intranet Web site, you should use IEAK Profile Manager to configure a security zone setting of Low for the Local intranet zone in Internet Explorer.
************Denial of Service************ To drop Internet traffic from spoofed private IP addresses, configure input filters on the Internet interface to accept all packets except following: 10.0.0.0 with the subnet mask 255.0.0.0 172.16.0.0 with the subnet mask 255.240.0.0 192.168.0.0 with the subnet mask 255.255.0.0 To disable EFS at the OU level without nullifying the recovery policies of all computers within the OUs, Configure no recovery policy for each OU To disable EFS for all computers within the OUs and not for OU itself Configure an empty recovery policy for each OU Encryption terminology: Basic encryption: 40-bit for dial-up connections 40-bit for PPTP-based VPN connections 56-bit for L2TP/IPSec-based VPN connections Strong encryption 56-bit for dial-up connections 56-bit for PPTP-based VPN connections 56-bit for L2TP/IPSec-based VPN connections Strongest encryption 128-bit for dial-up connections 128-bit for PPTP-based VPN connections 3*56-bit for L2TP/IPSec-based VPN connections You could reduce your company’s vulnerability to password-guessing attacks by using smart card authentication and enabling account lockout for remote access in the Registry. Smart card authentication is token-based authentication method. Token-based authentication requires the user to know something, usually a Person Identification Number (PIN), and to have something, such as the smart card; without both, a person cannot obtain access. Account lockout is enabled for remote access by modifying two values located in; HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters subkey of the Registry. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout 7 OSI layers--- Application, presentation, session, transport, network, datalink, physical
************TCP\IP Layers************ Application--- Defines TCP/IP applications protocols and how host programs interface with transport layer services to use the network. HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP, X Windows, other application protocols Transport--- Provides communication session management between host computers. Defines the level of service and status of the connection used when transporting data. TCP, UDP, RTP Internet--- Packages data into IP datagrams, which contain source and destination, address information that is used to forward the datagrams between hosts and across networks. Performs routing of IP datagrams. IP, ICMP, ARP, RARP Network interface--- Specifies details of how data is physically sent through the network, including how bits are electrically signaled by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted-pair copper wire. Ethernet, Token Ring, FDDI, X.25, Frame Relay, RS-232, v.35 IP classes Multicast Experimental
Class
A
B
C
D
E
Address
1-127
128-191
192-223
224-239
241-UpAPIPA 169.254.0.0.16 automatic private internet protocol addressing Available with win 98, 2000, XP, + Mask Segments - 2 = usable segments, minus 2 is for the first and the last, all 0’s or 1’s not allowed 192 4 2 224 8 6 240 16 14 248 32 30 252 64 62 254 128 126 255 256 254
The lease process consists of four different messages processed in this order:
1. DHCPDISCOVER initial broadcast message sent from client to obtain IP address.
2. DHCPOFFER message from DHCP server that contains a possible IP address for the client.
3. DHCPREQUEST from client to DHCP server indicating that the client would like to receive the offered IP address
4. DHCPACK Final message, server to the client, server acknowledges that the IP address is assigned to the client. Other messages DHCPNAK a negative acknowledgement from the server to the client indicating IP not available. DHCPRELEASE from client to server requesting current IP be canceled. DHCPINFORM a new message type for windows 2000, gets options for local config. 3 Types of Options Server options: effective for all scopes configured for the server Scope Options: applied to the scope they are configured for Reservation options: Only applied to specified computer Windows 2000 DHCP supports: Superscopes (administrative container for 2 or more scopes of different network segments) multicast scopes (MADCAP) DHCP server needs to be authorized with active directory before allocating IP addresses unless it’s a standalone server. DHCP relay agent is required on all segments that do not contain a DHCP server OR not all BOOTP compatible routers. Dynamic DHCP update both A & PTR records: By default, the dynamic update options for a Windows 2000 DHCP client computer are configured so that the Windows 2000 computer will register its own A (host) resource record and will request that the DHCP server register its PTR resource record Older version clients use mmc-DHCP\Server\Scope\Properties\DNS tab\ Settings = Automatic update client, always update, Enable update for clients who can’t. to register there A & PTR records By default, when DHCP client leases expire, the DHCP server automatically removes from DNS any resource records that it originally registered Two DHCP servers on same subnet 80/20 rule DHCP server 1 - 80% of the available IP addresses DHCP server 2 - 20% of the available IP addresses DHCP wizard does not let you set an unlimited lease, only 999; you must use scope properties\Advance tab for setting unlimited lease. RRAS configured to use DHCP obtains 10 IP addresses from the DHCP server upon bootup. It keeps one for itself and gives the others to clients. After the 10 are gone it requests in blocks of 10. If you don't you DHCP you can make a Static pool on the RRAS. To transfer DHCP database from one DHCP server to another u must use either the DHCP console or the net stop dhcpserver command to stop the original DHCP server. To ensure that the DHCP service will not start again, you should then disable the DHCP Server service. Next, you should copy the %Systemroot%\System32\Dhcp, to a temporary folder on the new DHCP server. The last necessary action is to copy HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer Registry subkey to a text file. IGMP (Internet Group Management Protocol) proxy mode interface 'points' to the multicast-enabled Intranet Multicast Address Dynamic Client Allocation Protocol (MADCAP) Multicast addresses fall within the Class D IP address range from 224.0.0.0 through 239.255.255.255. The Class D IP address range from 239.0.0.0 through 239.254.255.255 is a reserved range that is intended to be administratively scoped, much like the unicast IP address ranges that are reserved for private networks. RFC 2365 highly recommends using the range that begins at 239.192.0.0 with subnet mask of 255.252.0.0 for an organizational network so that the earlier addresses are available for future expansion. The 233.0.0.0 through 233.255.255.255 range is recommended for use with MADCAP for purpose of global scoping on a public network such as the Internet. To prevent intra-branch office multicast traffic from being copied to the branch office link. Use RRAS to Configure appropriate scope-based boundaries on the interface on the hub office.
************NWLink ************ IPX/SPX NetBIOS compatible transport protocol (NWLink), main components: CSNW, GSNW Gateway service for NetWare Directory service migration tools File and Printer services for NetWare To ensure that the appropriate users have access to the Shared volume on the NetWare server, you should take following steps: Install the IPX/SPX gateway on the NetWare server Install the Gateway Service for NetWare on a Windows 2000 Server computer Create NTGATEWAY group on NetWare server Create user accounts on the NetWare server for the users who need access Place the new accounts in the NTGATEWAY group Enable the gateway to the NetWare server on the Windows 2000 Server computer Create and activate a gateway to the Shared volume Assign permissions to the gateway share on the Windows 2000 Server computer Direct users to the share on the Windows 2000 Server computer
Default Ethernet frame types;
NetWare 3.12 and later - 802.2 - Win2k default NetWare 3.11 and earlier - 802.3 How to add NetWare 4.x servers to WindowsNT domain; When you select a NetWare 4.x server in the 'Select NetWare server' dialog box in Directory Manager for NetWare (DSMN) the following message appears: “is a NetWare 4.x server. It cannot be added to the domain” You need to change following registry key: HKLM\System\CurrentControlSet\Services\MSSync\Parameters\Allow4x
************WINS ************ NetBios name resolutions -- Resolve Order B-node uses a local broadcast P-node Uses WINS server M-node Cache, local broadcast, wins, Lmhosts, Host, DNS H-node Cache, wins, local broadcast, Lmhosts, Host, DNS
************Lmhosts************ Lmhosts file is a static file that assists with remote NetBIOS name resolution on computers that cannot respond to NetBIOS name-query broadcasts. Location systemroot\System32\Drivers\Etc #pre: static name-to-address mappings, pre-loaded into the NetBIOS names cache, used first to resolve name query #Dom: domain-tag will associate the entry with the domain specified #include: path to file- will force to seek the specified and parse it as if it were local. #Begin_Alternate & End_alternate allow multiple #INCLUDE statements to be grouped together. #NOFNR #MH multiple entries exists due to multihomed computers Static mappings; Name-to-address mapping to the server database, for computer that does not directly use WINS (instead using static mappings might be resolved by lmhosts files or DNS servers) The Nbstat –RR command is used to force WINS clients to release and refresh their NetBIOS names in WINS database WINS Pull replication convergence time for wan; add together the two longest convergence times between spokes and the hub
(Hub-and-Spoke WINS replication configuration) Pull replication can only be configured to occur at specified time intervals Push replication can only be configured to occur after a specified number of changes in the version ID of the local WINS database. To backup WINS database; Default Every 3 Hours Right-click on WINS server, choose 'Back Up Database', browse to a folder on local server and click ok. This series of actions creates a \Wins_Bak\New folder within the designated folder and configure the server to automatically backup its WINS database to the local \Wins_Bak\New folder at interval of every three hours. WINS Proxy must be present on the subnet that includes the Unix servers in order to listen for their B-node broadcasts and either resolve them from its existing cache or query the WINS server in order to update the WINS proxy cache To make a computer a proxy agent requires a change to a Registry key --- enableproxy set to 1 WINS Proxies are used to resolve name resolution requests that are broadcast by non-windows-enabled computers. 2 components that utilize wins are My Network Places and Net.exe command WINS server on one subnet With clients on many subnets; Configure the WINS server to include its IP address as a WINS client computer when configuring the servers TCP/IP properties on the Advanced Wins Tab. When values below 20 are specified for number of version ID changes, persistent connection is required in order for replication to occurYou can use Jetpack utility to compact and perform minor repairs on WINS database, but this action would not update the outdated NetBIOS name mappings.
***********RRAS ************ Authentication options are: PAP--- Password Authentication Protocol,plaintext SPAP--- Shiva Password Authentication Protocol - reversible encryption mechanism CHAP ---Challenge Handshake Authentication Protocol MS-CHAP 1, 2 ---Microsoft Challenge Handshake Authentication Protocol versions 1 & 2 EAP ---Extensible Authentication Protocol EAP-MD5, EAP-TLS will not work on stand alone W2K server, must be Active Directory
************Unauthenticated access************ MS-CHAP v1 cannot be used to establish a 40-bit encrypted connection if the user has a password of more than 14 characters. To enable CHAP-based authentication make all setting + Reversible encryption of passwords Reversible encryption of passwords does not affect existing passwords, after reversible encryption is selected, a user's password must be reset
***********Connection Types supported************ PPP, MPPE, PPTP, L2TP PPP is the basis for the PPTP and L2TP protocols, which are used in secure virtual private network (VPN) connections Supported PPP connections: Multilink- more than one connection, BAP- with multilink dynamically controls bandwidth utilization, LCP- Callback and Caller ID feature. For VPN connections, Windows 2000 uses MPPE with the Point-to-Point Tunneling Protocol (PPTP) and IP Security (IPSec) encryption with the Layer Two Tunneling Protocol (L2TP). For dial-up networking connections, Windows 2000 uses Microsoft Point-to-Point Encryption (MPPE). With the basic and strong encryption methods MPPE provides only link encryption, not end-to-end encryption. If end-to-end encryption is required, IPSec can be used to encrypt IP traffic from end-to-end after the PPTP tunnel is established. Data encryption for PPP or PPTP connections is available only if MS-CHAP (v1 or v2) or EAP-TLS is used as the authentication protocol. Data encryption for L2TP connections relies on IPSec, which does not require any specific authentication protocol. Maximum level of data encryption for WindowsNT 4.0 and Windows98 computers is MS-CHAP v2 for VPN connections L2TP enables the use of IPSec for securing the payload To create L2TP server only; set the number of PPTP ports to 1 and then clear the remote access connection (inbound only) and demand-dial routing connections (inbound and outbound) check boxes on the client computer change the type of VPN server from automatic to L2TP A remote access server running Windows 2000 does not support SLIP clients. Serial Line Internet Protocol (SLIP) is an older remote access standard typically used by UNIX remote access servers. Windows 2000 Network and Dial-up Connections supports SLIP, and you can make connections to any remote access server by using the SLIP standard.
***********IPSec************ The Kerberos V5 security protocol is the default authentication technology Protects integrity, ensures confidentiality, Authenticates credentials, protects computers from net attack Profiles are for users Filters are for machines. Filters define the type of packets are allowed to be processed. Select the session key perfect forward secrecy check box to guarantee that no master keying material will be re-used to generate the session key You can monitor and troubleshoot IPSec by using the ipsecmon command to start IP Security Monitor and by enabling audit policy and viewing IPSec events in Event Viewer. When IPSec is tunneled, ESP should be applied first then the Authentication header (AH) “layer 3 tunneling”
***********RAS server order of process************ After Authentication 1. Check RRAS Policy 2. Check user dial up property configuration 3. Check policy profile settings RIP v1 and RIP v2 are distance-vector routing protocols; RIP v1 and RIP v2 routers periodically broadcast the routes that are contained on the routing table to the network. However, the changes are not broadcast immediately. Rip 1 vs Rip 2. 2 supports password, CIDR, VLSM, MULTICAST--- RIP 1 is chatty Split horizon and Poison reverse settings prevent rip routing loops. Route command: Route Print ---list all routes this computer knows. Route –F ---clears table. RIP v2 router terminology; PEER FILTERING: Ability to accept or discard updates of announcements from specific routers identified by IP address ROUTE FILTERING: Ability to accept or discard updates of specific network IDs or from specific routers RIP NEIGHBOURS: Ability to unicast RIP announcements to specific routers to support on broadcast technologies like frame relay. A rip neighbour is a RIP router that receives unicasted RIP announcements
************RAP Remote Access Policy terminology************ CONDITIONS - determine the conditions to match PERMISIONS - determine weather to grant or deny remote access permission USER PROFILE – profile for users who matched the conditions you have specified The first RAP that matches the conditions of the call attempt is used to determine whether the connection attempt will be accepted or rejected.
************Ports************ 20 FTP server (data channel) 21 FTP server (control channel) 23 Telnet server 53 Domain Name System zone transfers 80 HTTP Internet Access139 NetBIOS session service 443 HTTPS secure web pages To duplicate the configuration to the ISA server on the stand-by server; You should use 'netsh aaaa show config' command on the IAS server to create a script file, copy the script file to stand-by server, and use the 'netsh exec' command to stand-by server to process the script file Windows 2000 doesn't support the use of OSPF on non-persistent demand-dial connections DVMRP is not available with RRAS; therefore, you cannot install it on the Windows 2000 routers. In order to enable multicast traffic to pass through an Intranet section that does not support multicast routing, you must use an IP-in-IP tunnel. In order to enable each user group to send multicast datagrams to the other group, you should create an IP-in-IP tunnel interface on each Windows 2000 router. If you use NetMon in a switched network environment, you see only the traffic addressed to the computer that is running NetMon The Identify Network Monitor users… command will not detect instances of Network Monitor or Network Monitor driver that are running on computers located on remote subnets unless the routers forward multicast packets SNMP devices and consoles are grouped into communities by the use of a community name. SNMP devices and SNMP consoles must share a common community name in order to interact by using SNMP.
************ICS************ In order for network computers to gain access to the Internet through an ICS computer, the TCP/IP configuration of the network computers must be changed to allow them to obtain their IP address automatically. When ICS is enabled on the LAN interface of Windows 2000 Server computer, the LAN interface is automatically configured with the IP address 192.168.0.1 and subnet mask 255.255.255.0. If network computers are configured to obtain their IP address automatically, then ICS assigns them IP addresses starting from 192.168.0.2 with a subnet mask of 255.255.255.0
************NAT************ NAT editors enable a NAT server to perform network address translation when protocols such as FTP, ICMP, PPTP and NetBT are used. A default static route must always have a destination of 0.0.0.0 and a subnet mask of 0.0.0.0. In order to ensure the correct translation of traffic that is bound from private hosts to the Internet. You must select the Translate TCP/UDP headers (recommended) option when the number of IP address on the private network exceeds the number of IP addresses configured on the public interface of the NAT server. By using the RRAS console to select Resolve IP address for Clients using DNS check box, you have configured the NAT server to forward name resolution request to DNS servers on Internet Although the NAT computer is not actually a DNS server, the computers on private network should be configured with the address of the NAT server as their preferred DNS server because NAT server will function as DNS proxy on behalf of the client computers.
************DNS ************ Although the use of AD integrates primary zones is not required in AD-domain, they are the only zones that allow DNS clients to perform dynamic updates to any DNS server in a domain. With AD-integrated zones, DNS zone data is stored in the AD database, which is replicated to all domain controllers. Refreshes every 24 hours by default With standard primary DNS zones, only one copy of a particular primary zone can exist, and only the DNS server that hosts the primary zone can accept dynamic updates from DNS clients. Thus, it the DNS server that hosts the primary zone is unavailable, then DNS clients cannot perform dynamic updates of their resource records. The ipconfig /registerdns command is used to force DNS clients to create A (host) record for itself Nslookup is used for troubleshooting DNS. Nslookup is available only if the TCP/IP protocol has been installed. A DNS client always checks its resolver cache before querying a DNS server; therefore, user must flush the resolver caches of the network computers. Flushing the caches will purge the caches of all information obtained through dynamic resolution attempts. By stopping and starting the DNS client service on each network computer, you will flush the DNS resolver cache of each network computer, you can also flush the local resolver cache by carrying out the ipconfig /flushdns command on each network computer. Only DNS servers that host primary zones or AD-integrated zones have SOA records; therefore, you cannot increase the value of Refresh Interval setting of the SOA record on secondary DNS server. In the simple test, the DNS client resolver on the computer that hosts the DNS server attempts to query the local DNS server. Part of the simple test involves the DNS server attempting to ping its own loopback address of 127.0.0.1. If the simple test fails on DNS server, then your first troubleshooting step should be to determine whether the server contains the 1.0.0.127.in-addr.arpa zone. In the recursive test, the local DNS server attempts to resolve a query by querying another DNS server, such as a DNS server on Internet. If the recursive test fails and there is no firewall between the DNS server and the Internet, then the first troubleshooting step you should take is to determine whether the root hints are correct, then your next step should be to use the nslookup server DNS_server_IP_address set querytype=NS command
************Certification Authorities************ You cannot use an enterprise root CA as an off-line root CA, because enterprise CA's require AD to issue certificates, an enterprise CA that was taken off-line would no longer be able to issue certificates. An offline Root CA is a root CA that is not connected to the network. However, you should install the root CA on a member server of an AD domain while the member server is attached to the network. By installing the root CA on a computer that is attached to the network, you ensure that the CA updates AD and that all domain computers and users will trust the certificates that it issues. You should obtain a Server Gated Cryptography (SGC) server certificate from a commercial CA in order to assure visitors of your Web site’s identity and provide 128-bit cryptography for all Web communications. The SGC protocol is extension of SSL. An SGC server certificate is used to provide added encryption between a client computer and Web server. In order to ensure that employees can download the unsigned custom controls from your company’s intranet Web site, you should use IEAK Profile Manager to configure a security zone setting of Low for the Local intranet zone in Internet Explorer.
************Denial of Service************ To drop Internet traffic from spoofed private IP addresses, configure input filters on the Internet interface to accept all packets except following: 10.0.0.0 with the subnet mask 255.0.0.0 172.16.0.0 with the subnet mask 255.240.0.0 192.168.0.0 with the subnet mask 255.255.0.0 To disable EFS at the OU level without nullifying the recovery policies of all computers within the OUs, Configure no recovery policy for each OU To disable EFS for all computers within the OUs and not for OU itself Configure an empty recovery policy for each OU Encryption terminology: Basic encryption: 40-bit for dial-up connections 40-bit for PPTP-based VPN connections 56-bit for L2TP/IPSec-based VPN connections Strong encryption 56-bit for dial-up connections 56-bit for PPTP-based VPN connections 56-bit for L2TP/IPSec-based VPN connections Strongest encryption 128-bit for dial-up connections 128-bit for PPTP-based VPN connections 3*56-bit for L2TP/IPSec-based VPN connections You could reduce your company’s vulnerability to password-guessing attacks by using smart card authentication and enabling account lockout for remote access in the Registry. Smart card authentication is token-based authentication method. Token-based authentication requires the user to know something, usually a Person Identification Number (PIN), and to have something, such as the smart card; without both, a person cannot obtain access. Account lockout is enabled for remote access by modifying two values located in; HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters subkey of the Registry. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout 7 OSI layers--- Application, presentation, session, transport, network, datalink, physical
************TCP\IP Layers************ Application--- Defines TCP/IP applications protocols and how host programs interface with transport layer services to use the network. HTTP, Telnet, FTP, TFTP, SNMP, DNS, SMTP, X Windows, other application protocols Transport--- Provides communication session management between host computers. Defines the level of service and status of the connection used when transporting data. TCP, UDP, RTP Internet--- Packages data into IP datagrams, which contain source and destination, address information that is used to forward the datagrams between hosts and across networks. Performs routing of IP datagrams. IP, ICMP, ARP, RARP Network interface--- Specifies details of how data is physically sent through the network, including how bits are electrically signaled by hardware devices that interface directly with a network medium, such as coaxial cable, optical fiber, or twisted-pair copper wire. Ethernet, Token Ring, FDDI, X.25, Frame Relay, RS-232, v.35 IP classes Multicast Experimental
Class
A
B
C
D
E
Address
1-127
128-191
192-223
224-239
241-UpAPIPA 169.254.0.0.16 automatic private internet protocol addressing Available with win 98, 2000, XP, + Mask Segments - 2 = usable segments, minus 2 is for the first and the last, all 0’s or 1’s not allowed 192 4 2 224 8 6 240 16 14 248 32 30 252 64 62 254 128 126 255 256 254
Subscribe to:
Posts (Atom)