Copyright line.

Configuring Network AccessConfiguring Network Access

EXAM OBJECTIVESEXAM OBJECTIVES

Configuring RoutingConfiguring RoutingConfiguring Remote AccessConfiguring Remote AccessConfiguring Wireless AccessConfiguring Wireless Access

Copyright line. Slide 2

Configuring RoutingConfiguring Routing

Static Routing - Describes a system that does not implement adaptive Static Routing - Describes a system that does not implement adaptive routing in its configuration. In these systems, routes through a network routing in its configuration. In these systems, routes through a network are defined by set paths referred to as static routes. These types of are defined by set paths referred to as static routes. These types of routes are inserted into the router manually by the system routes are inserted into the router manually by the system administrator. This is accomplished via the route command, which can administrator. This is accomplished via the route command, which can be used to manipulate local routing tables.be used to manipulate local routing tables.

Distance-vector Routing Protocol - A distance-vector routing protocol Distance-vector Routing Protocol - A distance-vector routing protocol requires that a router contact and transmit to its neighbors any topology requires that a router contact and transmit to its neighbors any topology changes to the network. The frequency of this must be periodic and in changes to the network. The frequency of this must be periodic and in most instances when a change is detected. RIP is the most popular most instances when a change is detected. RIP is the most popular example of this type of protocol.example of this type of protocol.

Link State Protocol - The simplest explanation of link-state routing is Link State Protocol - The simplest explanation of link-state routing is that every node (router) is given a map of the topology of the network. that every node (router) is given a map of the topology of the network. This map is in graph form, and shows the connectivity of all the nodes This map is in graph form, and shows the connectivity of all the nodes in the network. Then each individual node calculates the next best hop in the network. Then each individual node calculates the next best hop from every node in the network. This information then forms the routing from every node in the network. This information then forms the routing table for each individual node based on its calculations. No other table for each individual node based on its calculations. No other communications occur between nodes.communications occur between nodes.

Copyright line. Slide 3

Configuring Remote AccessConfiguring Remote Access

Remote access policies validate a number of connection settings before authorizing the Remote access policies validate a number of connection settings before authorizing the connection, including the following: Remote access permission, Group membership, Type connection, including the following: Remote access permission, Group membership, Type of connection, Time of day, and Authentication methods.of connection, Time of day, and Authentication methods.

Small- to medium-sized organizations with private networks to access resources on the Small- to medium-sized organizations with private networks to access resources on the Internet or other public network, use NAT for this reason. They configure reusable private Internet or other public network, use NAT for this reason. They configure reusable private IPv4 addresses while the computers on the public servers are set up with globally unique IPv4 addresses while the computers on the public servers are set up with globally unique IPv4 addresses. The most useful deployment of NAT is in a SOHO or a medium-sized IPv4 addresses. The most useful deployment of NAT is in a SOHO or a medium-sized business that uses RRAS.business that uses RRAS.

SSTP is an application-layer protocol. It uses a synchronous communication, which works SSTP is an application-layer protocol. It uses a synchronous communication, which works in unilateral motion between two programs, allowing a constant exchange and comparison in unilateral motion between two programs, allowing a constant exchange and comparison of data. It allows for a very efficient usage of the communication resources available to a of data. It allows for a very efficient usage of the communication resources available to a network. SSTP is based on SSL as opposed to IPSec or PPTP, and thereby uses port 443 network. SSTP is based on SSL as opposed to IPSec or PPTP, and thereby uses port 443 for traffic.for traffic.

VPN uses public wires to join nodes to create a network. There are a large number of VPN uses public wires to join nodes to create a network. There are a large number of security systems at play within the VPN, such as encryption and other security measures, security systems at play within the VPN, such as encryption and other security measures, which makes certain that no data is intercepted by unauthorized users.which makes certain that no data is intercepted by unauthorized users.

RADIUS is protocol used for controlling access to network resources by authenticating, RADIUS is protocol used for controlling access to network resources by authenticating, authorizing, and accounting for access, referred to as an AAA protocol.authorizing, and accounting for access, referred to as an AAA protocol.

Windows Server 2008 Microsoft has replaced IAS with a new feature called NPS, which is Windows Server 2008 Microsoft has replaced IAS with a new feature called NPS, which is the Microsoft implementation of a RADIUS server and proxy in Windows Server 2008.the Microsoft implementation of a RADIUS server and proxy in Windows Server 2008.

NAP, when used in unison with NPS, creates a “total system health policy enforcement NAP, when used in unison with NPS, creates a “total system health policy enforcement platform.” platform.”

Copyright line. Slide 4

Configuring Wireless AccessConfiguring Wireless Access

The SSID is a 32-character unique identifier attached to the header of packets that are sent The SSID is a 32-character unique identifier attached to the header of packets that are sent over a WLAN. No device will be permitted to join the BSS, unless it can provide the unique over a WLAN. No device will be permitted to join the BSS, unless it can provide the unique SSID. SSID.

In Windows Server 2008, an additional wireless network configuration setting has been In Windows Server 2008, an additional wireless network configuration setting has been added that can indicate whether a wireless network is broadcast or non-broadcast. This added that can indicate whether a wireless network is broadcast or non-broadcast. This allows Windows Server 2008-based wireless clients to detect non-broadcast networks allows Windows Server 2008-based wireless clients to detect non-broadcast networks when they are in range.when they are in range.

Windows Server 2008 has a command-line configuration of wireless settings that can help Windows Server 2008 has a command-line configuration of wireless settings that can help deployment of wireless networks.deployment of wireless networks.

WPA was designed to provide a much higher level of security for wireless users than WPA was designed to provide a much higher level of security for wireless users than existing WEP standards provide. The WPA specification makes allowances both for existing WEP standards provide. The WPA specification makes allowances both for network-based authentication for corporate networks, and for a special home mode for use network-based authentication for corporate networks, and for a special home mode for use in a SOHO or home-user environment. WPA is capable of interoperating with WEP devices.in a SOHO or home-user environment. WPA is capable of interoperating with WEP devices.

Windows Server 2008 includes full support for WPA2 for an ad hoc mode wireless network, Windows Server 2008 includes full support for WPA2 for an ad hoc mode wireless network, including the Fast Roaming settings.including the Fast Roaming settings.

On wireless computer networks, ad hoc mode is a method for wireless devices to directly On wireless computer networks, ad hoc mode is a method for wireless devices to directly communicate with each other. Operating in ad hoc mode allows all wireless devices within communicate with each other. Operating in ad hoc mode allows all wireless devices within range of each other to discover and communicate in peer-to-peer fashion without involving range of each other to discover and communicate in peer-to-peer fashion without involving central access points. central access points.

Infrastructure mode requires a wireless AP for wireless networking. To join the WLAN, the Infrastructure mode requires a wireless AP for wireless networking. To join the WLAN, the AP and all wireless clients must be configured to use the same SSID. The AP is then AP and all wireless clients must be configured to use the same SSID. The AP is then cabled to the wired network to allow wireless clients access to, for example, Internet cabled to the wired network to allow wireless clients access to, for example, Internet connections or printers.connections or printers.

Copyright line. Slide 5

FAQFAQ

Q:Q: What is Static Routing?What is Static Routing? A:A: Static routing describes a system that Static routing describes a system that

does not implement adaptive routing in its does not implement adaptive routing in its configuration. In these systems, routes configuration. In these systems, routes through a network are defined by set paths through a network are defined by set paths referred to as static routes.referred to as static routes.

Copyright line. Slide 6

FAQFAQ

Q:Q: What changes have been made to Windows Server 2008 in regards to routing?What changes have been made to Windows Server 2008 in regards to routing?A:A: These are the major changes present in Windows Server 2008 in regards to routing:These are the major changes present in Windows Server 2008 in regards to routing:

·· BAP is no longer supported by Windows Server 2008.BAP is no longer supported by Windows Server 2008.·· X.25 is also no longer supported.X.25 is also no longer supported.·· SLIP, an encapsulation of IP meant for use over serial ports and modems, has SLIP, an encapsulation of IP meant for use over serial ports and modems, has also also been excluded due to infrequency of use. All SLIP-based connections will been excluded due to infrequency of use. All SLIP-based connections will

automatically be updated to PPP-based connections.automatically be updated to PPP-based connections.·· ATM, which was used to encode data traffic into small fixed cells, has been ATM, which was used to encode data traffic into small fixed cells, has been

discarded.discarded.·· IP over IEEE 1394 is no longer supported.IP over IEEE 1394 is no longer supported.·· NWLink IPX/SPX/NetBIOS Compatible Transport Protocol has been omitted.NWLink IPX/SPX/NetBIOS Compatible Transport Protocol has been omitted.·· Services for Macintosh (SFM) Services for Macintosh (SFM) ·· OSPF routing protocol component in Routing and Remote Access is no longer OSPF routing protocol component in Routing and Remote Access is no longer

present.present.·· Basic Firewall in Routing and Remote Access has been replaced with the new Basic Firewall in Routing and Remote Access has been replaced with the new

Windows Firewall feature.Windows Firewall feature.·· Static IP filter APIs for Routing and Remote Access are no longer viable, and Static IP filter APIs for Routing and Remote Access are no longer viable, and have have been replaced with Windows Filtering Platform APIs.been replaced with Windows Filtering Platform APIs.·· SPAP, EAP-MD5-CHAP, and MS-CHAP authentication protocols for PPP-SPAP, EAP-MD5-CHAP, and MS-CHAP authentication protocols for PPP-based based connections are no longer used by Windows Server 2008.connections are no longer used by Windows Server 2008.

Copyright line. Slide 7

FAQFAQ

Q:Q:Is IAS still a feature of Windows Server 2008 and if Is IAS still a feature of Windows Server 2008 and if not, what has replaced it?not, what has replaced it?

A:A: In previous incarnations of Windows Server 2003 IAS In previous incarnations of Windows Server 2003 IAS snap-in was Microsoft’s implementation of a RADIUS snap-in was Microsoft’s implementation of a RADIUS server and proxy. It was capable of performing server and proxy. It was capable of performing localized connection AAA Protocol for many types of localized connection AAA Protocol for many types of network access, including wireless and VPN network access, including wireless and VPN connections. For Windows Server 2008, Microsoft connections. For Windows Server 2008, Microsoft has replaced IAS with a new snap in called NPS. has replaced IAS with a new snap in called NPS. NPS is the Microsoft implementation of a RADIUS NPS is the Microsoft implementation of a RADIUS server and proxy in Windows Server 2008, and server and proxy in Windows Server 2008, and promises to be even simpler to use than IAS.promises to be even simpler to use than IAS.

Copyright line. Slide 8

FAQFAQ

Q:Q: What is an SSL VPN? What is an SSL VPN?

A: A: An SSL VPH is a VPN that uses SSTP as its An SSL VPH is a VPN that uses SSTP as its tunneling protocol. With SSLVPN, static IP tunneling protocol. With SSLVPN, static IP addresses are not required, clients are addresses are not required, clients are unnecessary in most cases, and since unnecessary in most cases, and since connections are made via a browser over the connections are made via a browser over the Internet, the default connection protocol is Internet, the default connection protocol is TCP/IP. This makes connections transparent TCP/IP. This makes connections transparent to the user. to the user.

Copyright line. Slide 9

FAQFAQ

Q:Q: How is Windows Firewall with Advanced Security better than previous How is Windows Firewall with Advanced Security better than previous versions?versions?

A:A: This new version of WFAS has a number of advanced components that This new version of WFAS has a number of advanced components that will help with your security needs.will help with your security needs.·· New GUI InterfaceNew GUI Interface MMC is a snap-in that is available to MMC is a snap-in that is available to

help configure the advanced firewall. help configure the advanced firewall. ·· Bi-directional FiltersBi-directional Filters Unlike past versions of Windows Unlike past versions of Windows

Firewall, WFAS filters both outbound traffic and inbound traffic. Firewall, WFAS filters both outbound traffic and inbound traffic. ·· Better IPSec CompatibilityBetter IPSec Compatibility WFAS rules and IPSec WFAS rules and IPSec encryption encryption configurations are both integrated into the same configurations are both integrated into the same singular singular interface. interface. ·· Enhanced Rules GenerationEnhanced Rules Generation Using WFAS, you can create Using WFAS, you can create

firewall rules for Windows Active Directory service accounts firewall rules for Windows Active Directory service accounts and and groups. This includes source/destination IP addresses, groups. This includes source/destination IP addresses, protocol protocol numbers, source and destination TCP/UDP ports, ICMP, IPv6 numbers, source and destination TCP/UDP ports, ICMP, IPv6

traffic, and interface all on the Windows Server.traffic, and interface all on the Windows Server.

Copyright line. Slide 10

FAQFAQ

Q:Q: When does ad hoc mode work best for When does ad hoc mode work best for wireless access?wireless access?

A: A: Ad hoc networks work best when building a Ad hoc networks work best when building a small, all-wireless LAN quickly, with the small, all-wireless LAN quickly, with the lowest cost possible for equipment. Ad hoc lowest cost possible for equipment. Ad hoc networks also work well as a temporary networks also work well as a temporary fallback mechanism if normally available fallback mechanism if normally available infrastructure mode gear (APs or routers) fail infrastructure mode gear (APs or routers) fail to function.to function.

Copyright line. Slide 11

Exam WarningExam Warning

Some of the old familiar aspects of Windows Routing Some of the old familiar aspects of Windows Routing and Remote Access have changed since Windows and Remote Access have changed since Windows Server 2003. Be sure to familiarize yourself with the Server 2003. Be sure to familiarize yourself with the improvements and discontinuations to these features improvements and discontinuations to these features before test day. before test day.

Don’t get caught off guard by confusing old Don’t get caught off guard by confusing old functionality with new functionality, such as the functionality with new functionality, such as the differences between Windows Firewall with Advanced differences between Windows Firewall with Advanced Protection and the old Windows Firewall. Also be Protection and the old Windows Firewall. Also be aware of technology that is no longer supported in aware of technology that is no longer supported in this new build. This will help you to stay focused and this new build. This will help you to stay focused and result in better retention for the exam. result in better retention for the exam.

Copyright line. Slide 12

Test Day TipTest Day Tip

Take advantage of the fundamentals of Take advantage of the fundamentals of routing by practicing with routing tables and routing by practicing with routing tables and configuring your traffic flow. Remember that configuring your traffic flow. Remember that even the most complicated networks can find even the most complicated networks can find a need for the use of static routing. Be aware a need for the use of static routing. Be aware of how static routing can affect a system as of how static routing can affect a system as opposed to dynamic routing. opposed to dynamic routing.

Copyright line. Slide 13

Test Day TipTest Day Tip

When using Windows Server 2008, When using Windows Server 2008, remember that the output of the route remember that the output of the route command will now show IPv6 options by command will now show IPv6 options by default. For the exam, make sure that you are default. For the exam, make sure that you are familiar with the options of IPv6 and the route familiar with the options of IPv6 and the route command. command.

Copyright line. Slide 14

Exam WarningExam Warning

As of this writing, the OSPF routing protocol As of this writing, the OSPF routing protocol component is no longer present in Windows component is no longer present in Windows Server 2008. Although this may not be Server 2008. Although this may not be covered in the exam extensively, knowledge covered in the exam extensively, knowledge regarding this protocol will help you better regarding this protocol will help you better understand RIP and other routing protocols understand RIP and other routing protocols by comparison, and will help with real-world by comparison, and will help with real-world applications that may occur as a applications that may occur as a consequence of the removal of this element. consequence of the removal of this element.

Copyright line. Slide 15

Exam WarningExam Warning

Remote access is an important part of the exam, and Remote access is an important part of the exam, and will weigh heavily into the overall grade. Be sure to will weigh heavily into the overall grade. Be sure to familiarize yourself with all of the aspects of the familiarize yourself with all of the aspects of the objective. Also be sure to familiarize yourself with objective. Also be sure to familiarize yourself with usage of MMC, Network Policy Server (NPS), and usage of MMC, Network Policy Server (NPS), and NAP, which are additional tools that maybe be NAP, which are additional tools that maybe be covered in a small portion of the exam. Remember, covered in a small portion of the exam. Remember, every question counts and a comprehensive every question counts and a comprehensive knowledge of the subject matter will ensure total knowledge of the subject matter will ensure total retention for usage in real-world environments. retention for usage in real-world environments.

Copyright line. Slide 16

Test Day TipTest Day Tip

As you can see there are many similarities between As you can see there are many similarities between the new features available in Windows Server 2008 the new features available in Windows Server 2008 and previous versions of Windows Server. Try to be and previous versions of Windows Server. Try to be certain of the distinguishing elements that separate certain of the distinguishing elements that separate the two. Although two features may have similar uses the two. Although two features may have similar uses and applications, their exact functionality may be very and applications, their exact functionality may be very different.different.

For example, you should remember that although For example, you should remember that although STTP may be closely related to SSL, no cross STTP may be closely related to SSL, no cross comparison can be made between the two. You comparison can be made between the two. You should be sure not to confuse the two, as SSTP is should be sure not to confuse the two, as SSTP is only a tunneling protocol, unlike SSL. only a tunneling protocol, unlike SSL.

Copyright line. Slide 17

Exam WarningExam Warning

SSL uses a cryptographic system, which uses two encrypted SSL uses a cryptographic system, which uses two encrypted keys to secure data. One is the public key and the other is the keys to secure data. One is the public key and the other is the private key. The public key is recognizable to everyone and the private key. The public key is recognizable to everyone and the private can only be identified by the recipient. A secure private can only be identified by the recipient. A secure connection between a client and a server is created by this connection between a client and a server is created by this method of encryption. You can thereby establish secure remote method of encryption. You can thereby establish secure remote access from almost any Internet-connected Web browser, which access from almost any Internet-connected Web browser, which was not possible using traditional VPN. was not possible using traditional VPN.

Please remember that while SSTP is a strong method for client-Please remember that while SSTP is a strong method for client-to-site VPN connection, it is not designed for site-to-site VPN to-site VPN connection, it is not designed for site-to-site VPN connections. If you need a site-to-site VPN connection, you connections. If you need a site-to-site VPN connection, you should use a traditional VPN. should use a traditional VPN.

Copyright line. Slide 18

Test Day TipTest Day Tip

Be familiar with all of the tools available to Be familiar with all of the tools available to you in Server Manager. Windows Server you in Server Manager. Windows Server 2008 provides a number of roles and snap-in 2008 provides a number of roles and snap-in features that help immensely with your job as features that help immensely with your job as an administrator. When you are prepping the an administrator. When you are prepping the day of the exam, make sure you can identify day of the exam, make sure you can identify and locate roles like RRAS and Network and locate roles like RRAS and Network protection and Access roles. This will help protection and Access roles. This will help you gain a better understanding of the design you gain a better understanding of the design structure for Windows Server 2008, and help structure for Windows Server 2008, and help you to apply what you know on your exam. you to apply what you know on your exam.

Copyright line. Slide 19

Exam WarningExam Warning

There are a number of server types that can There are a number of server types that can be set up in a given real-world situation. It is be set up in a given real-world situation. It is up to you to determine which suits your up to you to determine which suits your clients’ needs the best. For the exam, clients’ needs the best. For the exam, however, you must be aware of what type of however, you must be aware of what type of information concerning what type of access is information concerning what type of access is being asked of you. Remember that RRAS being asked of you. Remember that RRAS and NPS are two different means of setting and NPS are two different means of setting up many of the available services. Be sure to up many of the available services. Be sure to double check the type of server information double check the type of server information the question is calling for. the question is calling for.

Copyright line. Slide 20

Test Day TipTest Day Tip

Remember to know your hardware. The installed Remember to know your hardware. The installed wireless network adapter must be able to support wireless network adapter must be able to support the wireless LAN or wireless security standards the wireless LAN or wireless security standards that you require. For example, Windows Server that you require. For example, Windows Server supports configuration options for the Wi-Fi supports configuration options for the Wi-Fi Protected Access (WPA) and Wi-Fi Protected Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) security standards. However, if Access 2 (WPA2) security standards. However, if the wireless network adapter does not support the wireless network adapter does not support WPA2, you cannot enable or configure WPA2 WPA2, you cannot enable or configure WPA2 security options.security options.