Download pdf - Course Title : Operating System Concepts and … Papers - IGNOU Forum – IGNOU Articles @ IGNOUGuess.com Course Code : MCS-022 Course Title : Operating System Concepts and Networking

For More Papers Visit http://www.IGNOUGuess.com

IGNOU Papers - IGNOU Forum – IGNOU Articles @ IGNOUGuess.com

Course Code : MCS-022

Course Title : Operating System Concepts and Networking

Management

Assignment Number : MCA (2) / 022 / Assign/06

Maximum Marks : 100

Weightage : 25%

Last Date of Submission : 15th

October, 2006

Answer each part of the question should be confined to about 300 words.

Question 1. Describe the basic characteristics of modern operating system with appropriate

examples.

Answer. An operating system (OS) is a software program that manages the hardware and software

resources of a computer. A key component of system software, the OS performs basic tasks, such as

controlling and allocating memory, prioritizing the processing of instructions, controlling input and

output devices, facilitating networking, and managing files. Modern operating systems are able to

simulate execution of many processes at once (multi-tasking) even under a single CPU. Modern

operating systems offer many cool interface features to make our lives easier. Some examples of

modern operating systems are: Linux, Windows, Solaris, Mac, etc.

Some services and features provided by most modern operating systems are listed below:

• Process management: Every action on a computer, be it background services or applications, is

run inside a process.

• Memory management: The memory manager in an OS coordinates the memories by tracking

which one is available, which is to be allocated or deallocated and how to swap between the

main memory and secondary memories.

• Disk and file systems: Operating systems have a variety of native file systems.

• Networking: Most modern operating systems are capable of using the now-universal TCP/IP

networking protocols. This means that one system can appear on a network of the other and

share resources such as files, printers, and scanners.

• Security: Security as it pertains to the operating system is the ability to authenticate users prior

to access, categorize the level of access the user has, and limit access based on a policy placed

by administration.

• Graphical user interfaces: Today, most modern operating systems contain Graphical User

Interfaces (GUIs, pronounced gooeys). A few older operating systems tightly integrated the GUI

to the kernel—for example, the original implementations of Windows and Mac OS. More

modern operating systems are modular, separating the graphics subsystem from the kernel (as is

now done in Mac OS X and all Windows versions based on Windows NT)

• Device drivers: A device driver is a specific type of computer software developed to allow

interaction with hardware devices.

Example 1: Features of Multics operating System

• Segmented memory

• Virtual memory



• High-level language implementation

• Multi-language support

• Relational database

• Security

• Dynamic linking

• On-line reconfiguration

• Accounting & administration softwares

Example 2: Some Features of Windows vista operating System

• Windows Aero: Windows Aero is an environment with an additional level of visual

sophistication, one that is even more responsive and manageable, providing a further level of

clarity and confidence to Windows users.

• Live taskbar thumbnails: Resting the mouse pointer over a taskbar item displays a live

thumbnail of the window, showing the content of that window.

• Windows Search: significantly faster and more thorough search capabilities.

• Windows Sidebar: A new panel on the right-hand side of the screen where a user can place

Desktop Gadgets, which are small applets designed for a specialized purpose (such as

displaying the weather or sports scores).

• Parental controls: Allows administrators to control which websites, programs, and games each

standard user can use and install.

• Speech recognition is fully integrated into Vista, which can be "trained" to understand a user's

voice, to activate commands in any Windows application, and to enable voice dictation.

• SuperFetch is a memory management strategy that intelligently maintains optimal memory

content based on historic usage patterns on the Window-based PC.

• ReadyBoost The use of a flash device that supports Windows ReadyBoost technology extends

the disk caching capabilities of Windows Vista main memory.

• ReadyDrive uses Hybrid Hard Disk Drives (H HDD), which are standard rotating media

augmented with a large cache of nonvolatile flash memory, to speed up operations.

• User Account Control is a new security technology that allows Windows to operate effectively

as a "standard" user with fewer privileges.

• BitLocker Drive Encryption is a data protection feature that provides encryption for the entire

OS volume that will only be included in the Enterprise and Ultimate editions of Vista.

• Windows Service Hardening prevents Windows Services from doing operations on file systems,

registry or networks which they are not supposed to by automatically running each service in a

separate user account, thereby preventing entry of malware by piggybacking on system services.

• Windows Firewall with Advanced Security: Supports filtering both incoming and outgoing

traffic.

• Windows Defender: Microsoft's Anti-spyware product has been incorporated into Windows,

offering protection against spyware and other threats.

• The WIM image format is the cornerstone of Microsoft's new deployment and packaging

system.



• The Windows Communication Foundation or WCF, formerly code-named Indigo: a service-

oriented messaging subsystem which will enable applications and systems to interoperate

locally or remotely using Web services.

• Windows CardSpace or WCS, formerly code-named InfoCard, is a software component which

securely stores digital identities of a person, and provides a unified interface for choosing the

identity for a particular transaction, such as logging into a website.

Question 2.

Examine the LAN set up at your study centre and answer the following questions:

(i) Sketch the diagram showing various components: Switch, Hub, Nods, Cables,

Router, and Bridges.

(ii) LAN topology

(iii) Bandwidth of the channel.

(iv) What Networking O/S is installed?

Answer. A computer network is a group of computers and devices like printers, scanners, modems,

etc. that are connected together. Computer networking provides the communication tools that allow

computers to share information and services. Working on a network allows you to share resources

like data, programs and peripherals. Our study centre uses a hub and switches to connect computers

in the network. They are not using any bridge. The topology used is star topology. The following

figure shows the schematic diagram of the network:

Number of machines connected in the network along with their complete configuration.

A total of 8 computers have been connected to the network. The company uses the Ethernet LAN.

Configuration :- P-III Processor, 20GB Hard disk, 12 8 MB Ram, Monitor 17” and Mouse etc.



Server: P IV, 60 GB hard disk RAD technology, 256 MB ram, 17 inch monitor.

Number of ports of the hub with specifications.

In data communications, a hub is a place of convergence where data arrives from one or more

directions and is forwarded out in one or more other directions. Hubs are multi port repeaters, and

as such they obey the same rules as repeaters. Hubs are used to provide a Physical Star Topology.

At the center of the star is the Hub, with the network nodes located on the tips of the star. The hub

acts as a termination point for all the nodes. The Hub used is of DLink Limited. It contains 16

ports. This means a total of 16 computers can be connected to the network using the hub. The

following figure shows how a hub connects the computers in a star topology:

Applications running on the network with their brief description.

The various application running on the network. There are

a. Send mail system (Email)

b. Printer services

c. Turbo C

d. Active directory services

e. Internet using proxy server

f. FTP

g. Tel net

1) Send mail system (E—Mail) : Electronic mail; E mail is a system used over internet to

transfer messages. It consists of two subsystem. The user agents which allow people to reads

and send mail and the massage transfer agents, which move the message form source to

destination.

E-mail system supports following give basic function



• Composition

• Transfer

• Reporting

• Displaying

• Disposition

2) Printer services : When we do work on network we need printer services. Printing services is

very important thing when we need some paper work.

3) Turbo C: Turbo C is used for C programming. Its is a compiler

4) FTP: File transfer protocol is used to access and download files over internet. It require a

FTP server to run FTP protocol for a FTP server starts with ftp://. Faster fetching IP address

of host from DNS using host name the browser than established a TCP connection to host

over that connection. It sends the file name using ftp:// prefix.

Speed of the LAN and the protocol

Local Area Network is a collection of interconnected computers that can share data, applications,

and resources, such as printers. Computers in a LAN are separated by distances of up to a few

kilometers and are typically used in offices or across university campuses. A LAN enables the fast

and effective transfer of information within a group of users and reduces operational costs. The

speed of LAN in our study centre is 100 mbps and it is an ethernet LAN.

Specification of cable used and its length.

The LAN has been connected using fiber optical cable. The specification of cable is 100BaseF, fiber

optics. It covers a maximum segment of 2000m and supports a maximum of 1024 nodes.

Networking features of the server operating system.

Windows Server 2003 is the server operating system that helps you do more with less—both today

and in the future, as the new product roadmap reveals.

Networking and Communications

Secure network

communications

End-to-end encrypted communications across your company

network using the IPSec standard. Great for protecting sensitive

internal communications from intentional or accidental viewing.

Active Directory provides central policy control for its use to

make it deployable.

Routing and Remote Access

Service

Connects remote workers, telecommuters, and branch offices to

the corporate network through dial-up, leased line and Internet

links.

Virtual private networking

(VPN)

A full-featured gateway that encrypts communications to

securely connect remote users and satellite offices over the

Internet. Now with an updated PPTP support and advanced



security with Layer 2 Tunneling Protocol encrypted by IPSec.

Dynamic DNS The Active Directory integrated, Internet standards-based

Domain Name System (DNS) service simplifies object naming

and location through Internet protocols, and improves scalability,

performance and interoperability. Systems that receive addresses

from a Dynamic Host Configuration Protocol (DHCP) server are

automatically registered in DNS. Replication options with legacy

DNS systems and through Active Directory can simplify and

strengthen name replication infrastructure.

Microsoft Connection

Manager Administration Kit

and Connection Point

Services

These wizard-driven tools let administrators centrally configure

and deploy customized remote access dialers that can integrate

automatic-update phonebooks, custom connect actions (like

firewall authentication and client virus inspection), driver

updates and more.

Internet Connection Sharing Enables multiple users within small business or workgroups to

share a single external Internet connection, making connection to

the Internet easier.

Windows Telephony

Applications Programming

Interface (TAPI) 3.0

TAPI is a software abstraction layer that allows software

applications from one vendor to work with a wide variety of

telephone systems for great customer choice and flexibility.

TAPI 3.0 adds media streaming and better IP telephony support

with built-in H.323 and IP Multicast features, building on its

existing support for traditional, client-server telephony

applications, such as call centers, Interactive Voice Response,

and more. And with TAPI's new Component Object Model

architecture, you can telephony-enable your application using a

variety of programming languages.

Networking Windows 2000 Server works with networking devices that

support the latest networking technologies, including Plug and

Play, DSL, VPN, routing, NAT, DHCP, Quality of Services

switches and routers, Directory-Enabled Networking devices,

IPSec, SSL, and Asynchronous Transfer Mode.

Question 3.

(i) What is the difference between network and O/S security?

(ii) List and describe networking supports in Windows 2000 O/S.

Answer. i) Network security: It is protection of networks and their services from unauthorized

modification, destruction, or disclosure, and provision of assurance that the network performs its

critical functions correctly and there are no harmful side-effects. Network security includes

providing for data integrity.



In other words, network security is the process of taking both physical and software means of

protecting data from misuse by others or from a malfunction or system crash.

The next level of computer security is operating system security (OSS). The DOD has defined

seven levels of computer OSS in the Trusted Computer Standards Evaluation Criteria, otherwise

known as the Orange Book. The levels are used to evaluate protection for hardware, software, and

stored information. The definition centers around access control, authentication, auditing, and levels

of trust. D1 is the lowest form of security available and states that the system is insecure. A D1

rating is never awarded because this is essentially no security at all. C1 is the lowest level of

security. The system has file and directory read and write controls and authentication through user

login. However, root is considered an insecure function and auditing (system logging) is not

available. C2 features an auditing function to record all security-related events and provides

stronger protection on key system files, such as the password file.

A B-rated system supports multilevel security, such as secret, top secret, and mandatory access

control, which states that a user cannot change permissions on files or directories. B2 requires that

every object and file be labeled according to its security level and that these labels change

dynamically depending on what is being used. B3 extends security levels down into the system

hardware; for example, terminals can only connect through trusted cable paths and specialized

system hardware to ensure that there is no unauthorized access. A1 is the highest level of security

validated through the Orange Book. The design must be mathematically verified; all hardware and

software must have been protected during shipment to prevent tampering. A word of caution on

secure operating systems must be mentioned: the features and capabilities require significant

amounts of central processing unit (CPU) processing power and disk space. In low-end servers,

enabling the security features may seriously affect the number of users a server can support.

Elements of Networking Security

Password Mechanisms

Passwords are a way to identify and authenticate users as they access the computer system.

Unfortunately, there are a number of ways in which a password can be compromised. For Example,

someone wanting to gain access can listen for a username password as an authorized user gains

access over a public network. In addition, a potential intruder can mount an attack on the access

gateway, entering an entire dictionary of words (or license plates or any other list) against a

password field. Users may loan their password to a co-worker or inadvertently leave out a list of

system passwords. Fortunately, there are password technologies and tools to help make your

network more secure. Useful in ad hoc remote access situations, one-time password generation

assumes that a password will be compromised. Before leaving the internal network, a list of

passwords that will work only one time against a given username is generated. When logging into

the system remotely, a password is used once and then will no longer be valid.

Encryption, Authentication, and Integrity

A firewall system is a hardware/software configuration that sits at perimeter between a company's

network and the Internet, controlling access into and out of the network. Encryption can be

understood as follows:



• the coding of data through an algorithm or transform table into apparently unintelligible garbage

• used on both data stored on a server or as data is communicated through a network

• a method of ensuring privacy of data and that only intended users may view the information

Encryption mechanisms rely on keys or passwords. The longer the password, the more difficult the

encryption is to break. DES relies on a 56-bit key length, and some mechanisms have keys that are

hundreds of bits long. There are two kinds of encryption mechanisms used—private key and public

key. Private-key encryption uses the same key to encode and decode the data. Public-key encryption

uses one key to encode the data and another to decode the data. The name public key comes from a

unique property of this type of encryption mechanism—namely, one of the keys can be public

without compromising the privacy of the message or the other key. In fact, usually a trusted

recipient, perhaps a remote office network gateway, keeps a private key to decode data as it comes

from the main office. VPNs employ encryption to provide secure transmissions over public

networks such as the Internet.

Authentication and Integrity

Authentication is simply making sure users are who they say they are. When using resources or

sending messages in a large private network, not to mention the Internet, authentication is of the

utmost importance. Integrity is knowing that the data sent has not been altered along the way. Of

course, a message modified in any way would be highly suspect and should be completely

discounted. Message integrity is maintained with digital signatures. A digital signature is a block of

data at the end of a message that attests to the authenticity of the file. If any change is made to the

file, the signature will not verify. Digital signatures perform both an authentication and message

integrity function. Digital signature functionality is available in PGP and when using RSA

encryption. Kerberos is an add-on system that can be used with any existing network. Kerberos

validates a user through its authentication system and uses DES when communicating sensitive

information—such as passwords—in an open network. In addition, Kerberos sessions have a

limited lifespan, requiring users to login after a predetermined length of time and disallowing

would-be intruders to replay a captured session and thus gain unauthorized entry.

Answer. ii) List and describe networking supports in Windows 2000 O/S.

The Windows 2000 network layers are listed below:

Network Driver Interface Specification (NDIS) Layer: NDIS is the layer that provides a

communication path from a network transport to a physical device, such as a network adapter.

Network Protocol Layer: The network protocols provide services for clients. These services allow

applications or clients to send data over a network. Network protocols include TCP/IP, ATM,

NWLink Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX), NetBEUI,

Infrared Data Association (IrDA), AppleTalk and Data Link Control (DLC). Systems Network

Architecture (SNA) protocols are available with the addition of Microsoft® SNA Server.

Transport Driver Interface Layer: The transport driver interface (TDI) provides a standard interface

between network protocols and clients of these protocols (such as applications, network redirectors

or networking Application Programming Interfaces (APIs)).



Network Application Programming Interface Layer: The network application programming

interface (API) provides standard programming interfaces for network applications and services.

They support Winsock, NetBIOS, Telephony API (TAPI), Messaging API (MAPI), WNet API and

other services.

Interprocess Communications Layer: Interprocess communications (IPC) support client/server

computing and distributed processing. Some of the services that they support are remote procedure

calls (RPC), Distributed Component Object Model (DCOM), named pipes, mailslots, and Common

Internet File System (CIFS).

Basic Network Services Layer: Basic network services support network user applications by

providing services. These include network address management, name services, file services and

advanced network services such as Internet Protocol Security (IPSec) and Quality of Service (QoS).

The following figure shows Windows 2000 network architecture.

Windows 2000 supports many different protocols. The packets of information are moved up and

down the protocol stack, and across the transmission media. Network protocols include:

1. Transmission Control Protocol/Internet Protocol (TCP/IP): Transmission Control

Protocol/Internet Protocol (TCP/IP) has been adopted by Microsoft as the strategic enterprise

transport protocol for Windows 2000. The Windows 2000 TCP/IP suite is designed to make it easy

to integrate Microsoft enterprise networks into large scale corporate, government, and public

networks, and to provide the ability to operate over those networks in a secure manner.

2. Asynchronous Transfer Mode (ATM): ATM is supported by Windows 2000 architecture with the

following components.



• LANE (LAN Emulation)

• IP over ATM

• PPP over ATM

• Native ATM through Winsock 2.0

3. NetWare Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX): NWLink is a

Microsoft-compatible IPX/SPX protocol for Windows 2000. NWLink does not allow a computer

running Windows 2000 to access files or printers shared on a NetWare server, or to act as a file or

print server to a NetWare client. To access files or printers on a NetWare server, a redirector must

be used, such as the Client Service for NetWare on Microsoft® Windows® 2000 Professional, or

the Gateway Service for NetWare on Microsoft® Windows® 2000 Server.

4. NetBIOS Enhanced User Interface (NetBEUI): NetBEUI is included with Windows 2000 Server

and Windows 2000 Professional. It is primarily a legacy protocol to support existing workstations

that have not been upgraded to Windows 2000.

5. AppleTalk: Windows 2000 includes support for AppleTalk which allows Windows 2000 to be a

router and a dial-up server.

6. Data Link Control (DLC): Data Link Control (DLC) was originally developed for IBM

mainframe communications. The protocol was not designed to be a primary protocol for network

use between personal computers. The other use of DLC is to print to Hewlett-Packard printers

connected directly to networks.

7. Infrared Data Association (IrDA): Infrared Data Association (IrDA) has defined a group of short-

range, high speed, bidirectional wireless infrared protocols, generically referred to as IrDA. IrDA

allows a variety of devices to communicate with each other. Cameras, printers, portable computers,

desktop computers, and personal digital assistants (PDAs) can communicate with compatible

devices using this technology.

Question 4.

i) What is a networking management system? Explain.

ii) Briefly describe the Microsoft’s 2000 DNS management.

iii) Write the purpose of VPN and name the VPN technologies supported by Windows 2000.

Answer i) Network management, typically applied to large-scale networks such as computer

networks and telecommunications networks, refers to the maintenance and administration of such

networks at the top level. Network management is the execution of the set of functions required for

controlling, planning, allocating, deploying, coordinating, and monitoring the resources of a

network. This includes performing functions such as initial network planning, frequency allocation,

predetermined traffic routing to support load balancing, cryptographic key distribution

authorization, configuration management, fault management, security management, performance

management, bandwidth management, and accounting management.



A large number of protocols exist to support network and network device management. Common

protocols include SNMP, CMIP, WBEM, Common Information Model, Transaction Language 1,

Java Management Extensions - JMX, and netconf.

Data for network management is collected through several mechanisms, including agents installed

on infrastructure, synthetic monitoring that simulates transactions, logs of activity, sniffers and real

user monitoring.

A Network Management System (NMS) is a combination of hardware and software used to monitor

and administer a network. A network management system (NMS) provides operational and

maintenance capabilities at various levels in a network by interfacing with the many different types

of devices in today’s network.

Service providers rely on their NMS to provide

• information that allows the following:

• Peak Optimization — Ensures the network is optimized for highly efficient performance under

all load conditions

• Service Support — Configures network equipment to support the services offered to customers

by the service provider at all times

• Usage Monitoring — Ensures that network usage is monitored for availability and that data is

collected for billing purposes

• Continuous Operation — Identifies network problems related to the operation of the network

equipment, facilities, and communications protocols that could compromise reliable service

delivery

• Proper Access — Protects the network, its equipment, and data from unauthorized access or

fraudulent use and by extension, protects customer information and privacy.

A Typical Network Management Architecture Maintains Many Relationships and is shown below:



Types of Management

Fault Management: To provide high availability and “five-nines” reliability, fault management

must be able to detect, log, notify users of, and automatically fix network problems when desirable

in order to keep the network running effectively whenever possible. Since faults can result in

downtime or unacceptably degraded network response, fault management is one of the most

important network management functions.

Configuration Management: Configuration management tracks the various versions of hardware

and software elements within the network and manages the affects of these variations for

functionality and performance. Among the elements tracked are operating systems, Ethernet

interfaces, TCP/IP software, and many others. Version information is normally stored in a database

that is optimized for easy access when a problem arises.

Accounting management: The goal of accounting management is to measure network utilization

parameters so that individual or group uses on the network can be regulated appropriately. Such

regulation minimizes network problems (because network resources can be apportioned based on

resource capacities) and maximizes the fairness of network access across all users.

Performance Management: Performance management monitors network performance variables to

ensure that it is maintained at an acceptable level. Network throughput, user response times, and

line utilization are good examples of variables that are monitored.

Security Management: Controlling access to network resources through security management has

become increasingly critical. Protecting a network from sabotage and guarding sensitive

information (including customer information) from unauthorized access requires constant vigilance.

Answer. ii) Briefly describe the Microsoft’s 2000 DNS management.



DNS in Windows 2000 provides a unique DNS Server implementation that is fully interoperable

with other standards-based implementations of DNS Server. DNS is the name service of Windows

2000. It is by design a highly reliable, hierarchical, distributed, and scalable database. Windows

2000 clients use DNS for name resolution and service location, including locating domain

controllers for logon.

Downlevel clients (Windows NT 3.5 and 3.51, Windows NT 4.0, Windows 95, and Windows 98),

however, rely on NetBIOS which can use NBNS (WINS), broadcast or flat LmHosts file. In

particular, the NetBIOS name service is used for domain controller location.

Since DNS as implemented in Windows 2000 is Windows Internet Name Services (WINS)-aware, a

combination of both DNS and WINS can be used in a mixed environment to achieve maximum

efficiency in locating various network services and resources. Additionally, WINS in a legacy or

mixed environment plays an important interoperability role while also preserving current

investment. Windows NT 4.0–based clients can register themselves in Windows 2000 WINS and

Windows 2000–based clients can register in Windows NT 4.0 WINS.

The Domain Name System is implemented as a hierarchical and distributed database containing

various types of data including host names and domain names. The names in a DNS database form

a hierarchical tree structure called the domain name space.

Domain names consist of individual labels separated by dots. For example:

mydomain.microsoft.com. A Fully Qualified Domain Name (FQDN) uniquely identifies the host's

position within the DNS hierarchical tree by specifying a list of names separated by dots on the path

from the referenced host to the root. The following figure shows an example of a DNS tree with a

host called mydomain within the microsoft.com. domain. The FQDN for the host would be

mydomain.microsoft.com.



The new features of Windows 2000 DNS include:

• Active Directory service Integration: The implementation of DNS in Windows 2000 has the

option of using the Active Directory services as the data storage and replication engine.

• Incremental Zone Transfer (IXFR): To reduce latency in propagation of changes to a DNS

database, an algorithm has to be employed that actively notifies name servers of the change.

This is accomplished by the NOTIFY extension of the DNS. The NOTIFY packet, which is sent

by a Master server, does not contain any zone changes information. It merely notifies the other

party that some changes have been made to a zone and that a zone transfer needs to be initiated.

• Dynamic Update and Secure Dynamic Update: The Windows 2000 DNS service supports

Dynamic DNS (DDNS) as covered in RFC 2136. The RFC introduces a new opcode or message

format called UPDATE. The update message can add and delete RRs from a specified zone as

well as test for prerequisite conditions. Update is atomic, that is, all prerequisites must be

satisfied or else no update operation will take place.

• Unicode Character Support: The Windows 2000 DNS server can be configured to allow or

disallow the use of UTF-8 characters on a per-server or per-zone basis. A non-UTF-8–aware



DNS server may accept a zone transfer of a zone containing UTF-8 names, but it may not be

able to write back those names to a zone file or reload those names from a zone file.

• Enhanced Domain Locator: The Windows 2000 Domain Locator, implemented in the Netlogon

service, is a service that enables a client (the machine locating a Domain Controller (DC)) to

locate a DC. It contains the IP/DNS compatible and Windows NT 4.0 compatible locators which

provide interoperability in a mixed Windows 2000- and Windows NT-based 4.0 environment.

• Enhanced Caching Resolver Service: The Windows 2000 implementation of DNS introduces a

client-side caching resolver for DNS name resolution. Caching resolver is a Windows 2000

service with the sole purpose of improving name lookup performance, and reducing network

traffic associated with name lookups by minimizing the number of name resolution round trips.

• Enhanced DNS Manager: The Windows 2000 implementation of DNS introduces a new DNS

Manager as a Microsoft Manager Console Snap-in. It provides all the functionality necessary to

administer DNS server, its zones, security, and so forth.

iii) Write the purpose of VPN and name the VPN technologies supported by Windows 2000.

Answer. A virtual private network (VPN) is a private communications network often used within a

company, or by several companies or organizations, to communicate confidentially over a publicly

accessible network. VPN message traffic can be carried over a public networking infrastructure

(e.g. the Internet) on top of standard protocols, or over a service provider's private network with a

defined Service Level Agreement (SLA) between the VPN customer and the VPN service provider.

A well-designed VPN can provide great benefits for an organization. It can:

• Extend geographic connectivity.

• Improve security where data lines have not been ciphered.

• Reduce operational costs versus traditional WAN.

• Reduce transit time and transportation costs for remote users.

• Simplify network topology in certain scenarios.

• Provide global networking opportunities.

• Provide telecommuter support.

• Provide broadband networking compatibility.

• Provide faster ROI (return on investment) than traditional carrier leased/owned WAN lines.

• Show a good economy of scale.

• Scale well, when used with a public key infrastructure.

Types of VPN Technologies Supported by Windows 2000

Point-to-Point Tunneling Protocol (PPTP): Introduced in Windows NT 4.0, PPTP leverages Point-

to-Point Protocol (PPP) user authentication and Microsoft Point-to-Point Encryption (MPPE) to

encapsulate and encrypt IP, IPX, and NetBEUI traffic. With version 2 of the Microsoft Challenge

Handshake Authentication Protocol (MS-CHAP v2) and strong passwords, PPTP is a secure VPN

technology. For nonpassword-based authentication, Extensible Authentication Protocol-Transport

Level Security (EAP-TLS) can be used in Windows 2000 to support smart cards. PPTP is widely

supported, easily deployed, and can be used across network address translators (NATs).



Layer Two Tunneling Protocol (L2TP): L2TP leverages PPP user authentication and IP Security

(IPSec) encryption to encapsulate and encrypt IP, IPX, and NetBEUI traffic. This combination,

known as L2TP/IPSec, uses certificate-based computer identity authentication to create a secure and

encrypted channel (an IPSec security association), and then uses PPP-based user authentication to

create the L2TP tunnel. L2TP/IPSec provides data integrity and data authentication for each packet.

However, L2TP/IPSec requires a public key infrastructure (PKI) to allocate computer certificates

and is only supported by Windows 2000 VPN clients.

IPSec tunnel mode: IPSec tunnel mode uses Encapsulating Security Payload (ESP) in tunnel mode

to encapsulate and encrypt unicast IP traffic. Windows 2000 IPSec tunnel mode is used only for

router-to-router VPN connections because the current IPSec standards do not specify a method for

providing user authentication and address assignment for remote access connections.

Question 5. Briefly describe the installation procedure of Linux OS.

Answer. Starting the Installation

I will take an example of how I installed the LINUX on a system which already has Windows

installed, it is almost certainly on a primary partition. Now, all you have to do before installing

Linux is to create additional partitions that can hold Linux.

Step 1. First get hold of the bootable setup CDs of RHL 7.2 then start up your PC, while repeatedly

pressing the DEL key, to enter the BIOS settings. Then, change the first boot device to CDROM

drive, second boot device to FDD A(Floppy Disk Drive A) and third boot device to HDD 0 (Boot

sector of Hard Disk Drive).

You can setup Linux from CDs, DVDs, the hard drive or over a network. I would recommend CD

based install which is quite hassle free. If your first installation CD is bootable, great! Otherwise

you have to create a boot floppy. For RHL, you can do this in Windows or DOS using rawrite.exe

or rawritewin.exe in the dosutils folder on the 1st disk. If you are using a boot floppy, you need not

change the boot priority as I did.

Step 2. Next insert the first setup disk into the CDROM drive and restart the computer.

Step 3. The graphical setup program starts. Select English as the language for setup. The program

detects the keyboard and mouse. It now asks for the partitions to install Linux on. There are 3

options: One to partition automatically and the other two to partition manually with Disk Druid or

Linux FDISK. Choose to partition manually.

Step 4. Next, I choose to format the 3 GB partition as root (/) with ext3 file system. Since I am

installing Linux on a logical partition, I am warned that the partition may not meet boot

requirements and strongly recommended to create a boot diskette.

Step 5. When installing Linux, its best that LiLo (the boot loader) is installed to the root superblock

(boot sector equivalent) of the Linux partition, not the Master Boot Record (MBR). You can let the



setup modify the MBR, but if you reinstall Windows, Linux will be rendered inaccessible. Don’t

forget to create a boot diskette!

That’s about it! The rest of the setup should proceed without any glitches and you will have a dual

boot computer. You will be presented a convenient menu by the bootloader (GRUB or LiLo or a

commercial bootloader that you have installed) every time your computer starts. From this menu,

you can choose the OS to boot: either Linux or DOS (Windows).