KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY IT375 Window Enterprise Administration Course Name – IT Introduction to Network Security Instructor – Jan McDanolds, MS, Security+ Contact Information: AIM – JMcDanolds Phone: Office Hours: Tuesday, 7:00 PM ET or Thursday, 7:00 PM ET

UNIT 6 REVIEW File Services and Print Services Chapter 7: Discuss File Services in Windows Server 2008 Install the Distributed File System (DFS) Discuss and create shared file resources Chapter 8: Discuss the Windows Printer Model and how it is implemented Install the Print Services components of Windows Server 2008 Deploy printers with Windows Server 2008 Configure printers on a Windows Server 2008 network No quiz Any questions about File Services, DFS or Print Services?

UNIT 7 What is a router? Unit 7 covers Chapter 9 – Network Policy and Access Services in Windows Server 2008 A router is a device that holds information about the state of its own network interfaces and contains a list of possible sources and destinations for network traffic. A router directs incoming and outgoing packets based on source and destination information. In Chapter 3, routers were introduced (pg. 84). TCP/IP addresses enable routers to interconnect subnets or networks. Do you need a dedicated hardware router, a software-based router, or a combination of both?

UNIT 7 Network Policy and Access Services in Windows Server 2008 Chapter 9 Configure routing in Windows Server 2008 Configure Routing and Remote Access Services (RRAS) in Windows Server 2008 Describe Network Policy Server Discuss wireless networking with Windows Server 2008

UNIT 7 Configuring RRAS as a Router Windows Server 2008 can act as a software-based router for small networks. It can also act as a DHCP relay agent.

UNIT 7 Configuring Routing in Windows Server 2008 Routing and Remote Access Services (RRAS) Only recommended for use in small networks that require simple routing directions - Not recommended for large and complex environments Dial-up remote access server Virtual private network (VPN) remote access server Internet Protocol (IP) router for connecting subnets of a private network Network address translator (NAT) for connecting a private network to the Internet Dial-up and VPN site-to-site demand-dial router

UNIT 7 Viewing local routes Open the command prompt and type route print

UNIT 7 Working with Routing Tables Routing tables are composed of routes Routes - direct data traffic to its destination based on the information it contains Routing tables - can be managed in the RRAS console or from the command line using the route command

UNIT 7 Configuring RRAS as a Router RRAS in Windows Server 2008 supports remote user or site-to-site connectivity by using virtual private network (VPN) or dial-up connections. RRAS consists of the following components: Remote Access - deploy VPN connections to provide end users with remote access to your organization's network. You can also create a site-to-site VPN connection between two servers at different locations. Routing - as a software router it offers routing services to businesses in local area network (LAN) and wide area network (WAN) environments or over the Internet by using secure VPN connections. Routing is used for multiprotocol LAN-to-LAN, LAN-to- WAN, VPN, and network address translation (NAT) routing services.

UNIT 7 Configuring Routes Static routing is limited for the following reasons: Requires manual creation and management Should not be used on networks with more than 10 subnets All affected routers require reconfiguration if the network changes Dynamic protocols Route traffic based on information they discover about remote networks from other routers Routing Information Protocol version 2 (RIPv2) Uses partner routers, or RIP neighbors, in determining the dynamic routes it can use for forwarding packets of data

UNIT 7 Configuring a DHCP Relay Agent DHCP relay agent – Manages communication between a DHCP server and clients on subnets without a DHCP server. With RRAS, network adapters listen for DHCP broadcast messages Type netsh ? To view syntax and options

UNIT 7 Configuring Dial-on-Demand Routing Demand-dial routing Allows a server to initiate a connection only when it receives data traffic bound for a remote network Can use dial-up networks instead of more expensive leased lines

UNIT 7 Configuring Remote Access Services Dial-up networking Connects remote users to their networks using a standard phone line Virtual Private Networks (VPN) Allows client connections to a network from remote locations Works by creating a secure tunnel for transmitting data packets between two points VPN tunneling protocols: Point-to-Point Tunneling Protocol, Layer 2 Tunneling Protocol, Secure Socket Tunneling Protocol

UNIT 7 Routing and Remote Access Properties Routing and Remote Access IPv4 and IPv6

UNIT 7 VPN Firewall Ports Outbound and Inbound

UNIT 7 Network Address Translation (NAT) NAT allows you to shield internal IP address ranges from public networks by allowing internal clients to access the Internet through a shared IP address ( , etc.)

UNIT 7 Introduction to Network Policy Server Network Policy Server (NPS) Role service that provides a framework for creating and enforcing network access policies for client health Can be used to: Configure a RADIUS server (Remote Authentication Dial-in User Service) Configure a RADIUS proxy Configure and implement Network Access Protection (NAP) NPS Console - Central utility for managing RADIUS clients and remote RADIUS servers Network health and access policies NAP settings for NAP scenarios Logging settings

UNIT 7 Introduction to RADIUS RADIUS - Industry-standard protocol that provides centralized authentication, authorization, and accounting for network access devices Components of RADIUS RADIUS clients Network access servers RADIUS proxy RADIUS server User account database

UNIT 7 RADIUS with proxy server

UNIT 7 RADIUS without proxy server

UNIT 7 RADIUS message flow EAP - Extensible Authentication Protocol

UNIT 7 RADIUS Server Used on networks to perform authentication, authorization, and accounting for RADIUS clients RADIUS client Can be an NPS, which replaces the IAS from previous versions of Windows Server RADIUS - Standardized network protocol that centralizes the following process for user connections Authentication Authorization Accounting

UNIT 7 RADIUS Proxy and NAP NPS - Can be configured as a RADIUS proxy RADIUS proxies Route RADIUS messages between RADIUS clients and RADIUS servers Network Access Protection (NAP) Provides a tool for you to block external and internal network threats Can be broken into three parts Health policy validation Health policy compliance Limited access

UNIT 7 Authentication Protocols Supported authentication protocols: -Extensible Authentication Protocol–Transport Layer Security (EAP-TLS) -Protected Extensible Authentication Protocol– Transport Layer Security (PEAP-TLS) -Protected PEAP–Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP- MSCHAPv2)

UNIT 7 Wireless Access Configuration 802.1x standard - Developed by the Institute of Electrical and Electronics Engineers (IEEE) On 802.1x networks - Network access control provides an authentication mechanism to allow or deny network access based on port connection Categories of EAP implementations EAP over local area network (LAN) EAP over wireless 802.1x uses a three-component model for authenticating access to networks Supplicant Authenticator Authentication server

UNIT 7 Wireless Configuration 802.1X authentication process

UNIT 7 Unit 7 Part A - Assignment Part A – Complete nine Chapter 9 labs.

UNIT 7 Unit 7 Part B - Assignment Part B – Synopsis of Windows Server 2008 Essay