Tải bản đầy đủ - 0 (trang)
Chapter 5. Exam 70-291 Study Guide

Chapter 5. Exam 70-291 Study Guide

Tải bản đầy đủ - 0trang

Implementing,Managing,andMaintainingNetworkSecurity

Designedtotestyourknowledgeofnetworksecurity.

Focusesonusingsecuritytemplatesandnetworkprotocol

securitymonitoring.



Implementing,Managing,andMaintainingRoutingandRemote

Access

Designedtotestyourknowledgeofremoteaccess,remote

accessauthentication,andTCP/IProuting.Alsocovers

secureaccessbetweenprivatenetworks.



MaintainingaNetworkInfrastructure

Designedtotestyourknowledgeofnetworkmonitoringand

networkconnectivitytroubleshooting.Alsocovers

troubleshootingserverservices.

Thesectionsofthischapteraredesignedtoreinforceyour

knowledgeofthesetopics.Ideally,youwillreviewthischapter

asthoroughlyasyouwouldyourcoursenotesinpreparationfor

acollegeprofessor'sfinalexam.Thatmeansmultiplereadings

ofthechapter,committingtomemorykeyconcepts,and

performinganynecessaryoutsidereadingsiftherearetopics

youhavedifficultywith.

Aspartofyourpreparation,Irecommendinstallingatest

networkwiththreemachines:

AdomaincontrollerrunningWindowsServer2003

configuredwithDNS,DHCP,andTCP/IProuting.

Aworkstationconfiguredasadomainmember,running



WindowsXPProfessionalorlatertobeusedasyourprimary

systemformanagement.

Aworkstationconfiguredasamemberofaworkgroup,

runningWindowsXPProfessionalorlatertobeusedfor

remoteaccesstesting.

Thesesystemscanbevirtualmachinesinstalledaspartofa

virtualtestenvironment.



5.1.Implementing,Managing,andMaintainingIP

Addressing

Forcomputerstocommunicateonanetwork,theymustbe

configuredwithacommunicationsprotocol.Transmission

ControlProtocol/InternetProtocol(TCP/IP)istheprimary

communicationsprotocolusedbynetworkedWindows

computers.TCP/IPisaprotocolsuite,consistingoftwo

separateprotocols:



TCP

Aconnection-orientedprotocolforend-to-end

communications.



IP

Aninternetworkingprotocolforroutingpacketsovera

network.

DuringinstallationofWindowsXPProfessionalorWindows

Server2003computers,TCP/IPisautomaticallyconfiguredif

theoperatingsystemdetectsanetworkadapter.

ThedefaultconfigurationforbothWindowsXPProfessionaland

WindowsServer2003computersistoautomaticallyobtainan

IPaddressfromaDHCPserver.IPaddressesautomatically

obtainedfromaDHCPserverarereferredtoasdynamically

assignedIPaddresses,orsimply,dynamicIPaddresses.Two

othertypesofIPaddressesareused:



StaticIPaddresses

Addressesmanuallyassignedtocomputers.Althoughsome

typesofservers,includingDHCPservers,requirestatic,IP

addressingmostotherserverscanuseeitherstaticor

dynamicIPaddressing.



AutomaticprivateIPaddresses(APIPA)

AddressesusedwhenacomputerisconfiguredforDHCP

butnoDHCPserverisavailable.APIPAisalsousedwhena

DHCPIPaddressexpiresandcannotberenewed.

RegardlessofwhetherIPaddressingisassignedmanually,

dynamically,orautomatically,thegoalisthesame:toallowa

computertocommunicateonanetwork.Thesectionsthat

followexamineinstalling,configuring,andtroubleshooting

TCP/IPaddressingaswellasmanagingandtroubleshooting

DHCP.Whencomputernamesareused,nameresolutionis

criticaltoproperfunctioningofTCP/IPcommunications.A

computermustbeabletolookuptheIPaddressassociated

withacomputername,referredtoasaforwardlookup,or

determinethecomputernamebasedonanIPaddress,referred

toasareverselookup.OnWindowsServer2003domains,DNS

istheprimarynameresolutionservice.



Tip:Exam70-291testsknowledgeofTCP/IPversion4.TCP/IP

version4uses32-bitIPaddresses.WithTCP/IPversion6,

computersuse128-bitIPaddresses.



5.1.1.InstallingTCP/IP

Aspartofsetup,TCP/IPisconfigurediftheoperatingsystem



detectsanetworkadapter.Eachnetworkadapterinstalledona

computerhasanassociatedLocalAreaNetworkconnection.The

defaultnameofthefirstnetworkadapter'sconnectionisLocal

AreaConnection.IfforsomereasonTCP/IPisn'tinstalledorhas

beenuninstalled,youmayneedtoinstallTCP/IPbycompleting

thefollowingsteps:

1. ClickStart ControlPanel

LocalAreaConnection.



NetworkConnections



2. ClickPropertiestoopentheLocalAreaConnection

Propertiesdialogbox.

3. Scrolldownthroughthelistofprotocolsusedbythe

connection.IfInternetProtocol(TCP/IP)isnotlisted,click

Install.

4. SelectProtocol,andthenclickAdd.

5. IntheSelectNetworkProtocoldialogbox,clickInternet

Protocol(TCP/IP)andthenclickOK.

6. InternetProtocol(TCP/IP)isinstalledandenabledinthe

defaultconfiguration.

7. ClickClose.



Tip:YoumustbeamemberoftheAdministratorsgroupto

installTCP/IPortoconfigureTCP/IPpropertiesonany

computerinthedomain.



5.1.2.ConfigureTCP/IPAddressingonaServer

Computer

ServercomputerscanbeassignedstaticordynamicIP



addresses.IfDHCPisconfiguredbutnoDHCPserveris

available,theserverwilluseAPIPA.APIPAisalsousedwhena

DHCPIPaddressexpiresandcannotberenewed.

Administratorshavefullcontroloverhowstatic,dynamic,and

AutomaticPrivateIPAddressingisused.Inallthree

configurations,TCP/IPaddressingcanuse:



AnIPaddress

IPaddressesidentifycomputersbytheirassociatednetwork

IDandhostIDcomponents.Addressclassesareusedto

subdividetheIPaddressspace.



Asubnetmask

IdentifieswhichpartsoftheIPaddressbelongtothe

networkIDandwhichpartsbelongtothehostID.Subnets

canbeusedtomakemoreefficientuseofIPaddressspace

bysizingnetworksappropriatelyforthenumberofnodes

used.



Adefaultgateway

IdentifiestheIPaddressoftherouterthatwillactasthe

computer'sgateway.Propergatewayconfigurationis

essentialforcommunicationsbetweennetworks.



PreferredandalternateDNSserver

IdentifiestheIPaddressofthepreferredandalternateDNS

serverstousefornameresolution.ProperDNS



configurationisessentialfornameresolution.



5.1.2.1.UnderstandingIPaddressing

IPaddressesarepublicorprivate.PublicIPaddressesare

routableovertheInternetandmustbeassignedbyInternet

serviceproviders(ISPs).PrivateIPaddressesarereservedfor

useoninternalnetworksandarenotroutedoverthepublic

Internet.Ifyou'reconnectingacomputerdirectlytothe

InternetandhavebeenassignedanIPaddress,youcanusea

publicIPaddress.Otherwise,youshoulduseaprivateIP

address,preferablyassignedbyyourorganization'snetwork

administrator.

TheavailableIPaddressesaredividedintonetworkclass

ranges.ForTCP/IPversion4,thestandardclassesareClassA,

ClassB,andClassC.Thesenetworkclassesareusedwith

unicastIPaddresses;whichclassyouuseisbasedonthe

anticipatednumberofnetworksandhostspernetwork.

TCP/IPversion4IPaddressesarecomprisedofsetsof32-bit

numbers.WhenyouassignIPaddresses,each8-bitsection,or

octet,ofthis32-bitnumberisenteredindecimalformatwith

eachsetofnumbersseparatedbyperiods.WithClassA

networks,thefirstoctetidentifiesthenetworkandthelast

threeoctetsidentifythecomputersonthenetwork,allowing

millionsofhostsbutasmallnumberofnetworks.WithClassB

networks,thefirstandsecondoctetidentifythenetworkand

thelasttwooctetsidentifythecomputersonthenetwork,

allowinganequalnumberofnetworksandhosts.WithClassC

networks,thefirstthreeoctetsidentifythenetworkandthelast

octetidentifiesthecomputersonthenetwork,allowingmany

networksandrelativelyfewhostspernetwork.

Table5-1providesanoverviewofprivateIPaddressesbyclass.

ThefirstandlastIPaddressofasubnetarenotusableand



cannotbeassignedtoclientcomputers.ThefirstIPaddressof

asubnetisthenetworkID.ThelastIPaddressofasubnetis

thenetwork'sbroadcastaddress.Withstandardnetwork

configurations,thenetworkIDisthe.0addressofthesubnet,

suchas192.168.1.0,andthebroadcastaddressisthe.255

addressofthesubnet,suchas192.168.1.255.

Table5-1.Privatenetworkaddressesbyclass

Networkclass



NetworkID



Subnetmask



AssignableIPaddressrange



ClassA



10.0.0.0



255.0.0.0



10.0.0.1-10.255.255.254



ClassB



172.16.0.0



255.240.0.0



172.16.0.1-172.31.255.254



ClassC



192.168.0.0



255.255.0.0



192.168.0.1-192.168.255.254



WhenassigningIPaddressranges,you'llneedtospecifyhow

manybitsofanIPaddresstouseforthenetworkIDandhow

manybitstouseforthehostID.Table5-2showsthestandard

bitlengthsandnetworkmasksforClassA,B,andCnetworks.

Table5-2.Networkbitlengthsandsubnetmasks

Networkclass



Bitlength



Subnetmask



ClassA



8



255.0.0.0



ClassB



16



255.240.0.0



ClassC



24



255.255.0.0



Someorganizationsusesubnettingtosubdividenetworksand

createadditionallogicalnetworkswithinstandardnetworkclass

ranges.Whenyouusesubnetting,thestandardclassrulesfor

whichbitsapplytothenetworkIDandwhichbitsapplytothe

hostIDaredeterminedbythesubnetmask.Forexample,you

mightwanttosubnetsothatthefirst26bitsrefertothe

networkIDandthefinal6bitsrefertothehostID.Thisallows

youtohave1,024subnetswithupto62hostspersubnet.

Manyexperiencednetworkadministratorsuseaprefixnotation

whenreferringtoIPaddresseswherethenetworkIDisfollowed

bythenumberofbitsinthenetworkID.So,forexample,

ratherthanwritingorsayingthatthenetwork192.168.1.0has

anetworkmaskof255.255.255.0,youcouldsaythenetwork

192.168.1.0isaslash24network.Thisiswritteninnetwork

prefixnotationas:

192.168.1.0/24



5.1.2.2.ConfiguringstaticIPaddressing

YoucanconfigureastaticIPaddressbyeditingtheTCP/IP

propertiesforthecomputer'snetworkadapter.Toaccessthe

TCP/IPpropertiesoftheLocalAreaConnectionandconfigure

them,followthesesteps:

1. ClickStart ControlPanel

LocalAreaConnection.



NetworkConnections



2. ClickPropertiestoopentheLocalAreaConnection

Propertiesdialogbox.

3. ClickInternetProtocol(TCP/IP)andthenselectProperties.

Becarefulnottoclearthecheckbox.Scrolldownthrough



thelistofprotocolsusedbytheconnectionifnecessary.

4. SelecttheUseTheFollowingIPAddressradiobutton,and

thentypetheIPaddressintheIPAddressfield(seeFigure

5-1).TheIPaddressmustnotbeusedanywhereelseon

thenetwork.

5. Windowsinsertsadefaultvalueforthesubnetmaskinto

theSubnetMaskfield.Asnecessary,changethistowhatis

usedonyoursubnet.

6. TypetheIPaddressofthedefaultgateway.

7. TypetheIPaddressesofthepreferredandalternateDNS

servers.

8. ClickOKtwicetocloseallopendialogboxesandapplythe

changes.



Tip:Ifyouusemultiplegateways,customDNSsettings,WINS,

orIPfiltering,youmaystillneedtoconfigureadvancedsettings.

ClicktheAdvancedbuttonontheGeneraltaboftheInternet

Protocol(TCP/IP)Propertiesdialogbox.



Figure5-1.ConfiguringstaticTCP/IPsettings.



5.1.2.3.ConfiguringdynamicIPaddressing

DynamicIPaddressingisthedefaultconfigurationforWindows

XPProfessionalandWindowsServer2003.Whenacomputer

usesDHCP,theIPaddresssettingsareobtainedautomatically

fromaDHCPserver.SettingsforDNScanbeobtained

automaticallyaswell.Thisisthedefaultsetting.

Youcandeterminewhetheracomputerisusingdynamic

addressingandwhichDHPCserverisbeingusedbytyping

ipconfig/allatacommandprompt.IfDHCPisenabled,the

outputfromthiscommandshowsthecurrentIPaddressing

configuration,includingdetailsontheDHCPserverandIP

addressleasefromthisserver.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 5. Exam 70-291 Study Guide

Tải bản đầy đủ ngay(0 tr)

×