Microsoft MTA 98-366 Networking Fundamentals – Bonus videos Part 2
- Create a network with Windows Server 2008/2012
What is a server? I want to make sure we’re on the same page here. That’s why I decided to record a video and show you some basics. Make sure that you understand what a server is, what a peer to peer network is. We’ll talk about some previous versions of Windows servers as well. There are two solutions that you can go for. You can have a peer to peer network or a server based network. As you can imagine, this is Windows seven administration fundamentals course.
That’s why of course, our main focus will be on the second solution a server based network. It is really important to understand a peer to peer network as well because it is a popular solution. For instance, for a home network or even for a really small company. That is a topology that you can see on the screen. And now I circled one device and that is a question to you. What is that? What is it? Well, in most cases it is a switch. A device that allows you to connect more than one computer. You can connect laptops, printers, servers and so on. Now, the idea for a peer to peer network is that you have a group of computers, a group of devices, they can see each other, they can talk to each other.
However, there is no server. There is no central location for things like files, authentication, printers, access, remote control and so on. I like to give the following example. Let’s say this guy downloaded a really cool video from the Internet and he wants to share it with everybody. Well, he will have to email or send it to all guys. Imagine there are like 30 PCs over here. It’s not an easy task. We move to a server based network. In this case we have a server.
Yes, we have a server. The servers over here, we need a switch anyway because they have to see each other. Okay? It doesn’t change anything. We need a switch. Okay, we have a server. It means that this guy can put a clip like that on the server and all guys can download it from the server directly. That’s a good thing. Of course you can share files, you can access printers, servers can give you remote access. There are a lot of roles and things that you can implement and that’s what our training is all about.
We are going to talk and implement a lot of interesting features. Now, a question that you can ask okay, fair enough, that makes sense. Do we have any disadvantages? Because that is like the best solution possible. Why would you go for a peer to peer network where if you can have a server based network? Well, there are two main things that you have to consider.
First of all, it is cost. You have to pay for the server. Is it expensive? Well, it all depends. For a small company, you can buy a server for like £500. That will be a small server. You can buy a decent server for £500. If you want more features, you have more users. You have to, you know, invest maybe two, three k at least for a server. And in most cases you need more than one server. For instance, for redundancy. Or you go for a server with more than one power supply and so on.
The second problem is that you need someone who knows how to configure add features and then tweak everything that you want. It means you need a support engineer, you need an It guy. For a small company, it is a problem. They cannot really hire a fulltime It guy. Of course they can go and sign a contract with a support company and they are very happy to assist, set it up for you, connect remotely, sort out any issues that you can have. In my opinion, these two things are to be considered if you want to go for a server based network. On the other hand, you don’t really have a choice. A peer to peer network is really limited. And it’s not only that, oh, I have to send a clip three times.
No, there is no authentication. It’s very difficult to implement security policies and control. Every time you want to change something, you have to go to every single PC. We don’t really do that anymore. And even when you think about that, £500, that’s not a lot for a small company. When you think about the time and issues that you can have if you go for a peer to peer network, remember, it’s not only that you’re going to save some money if you implement a PeerToPeer network.
The problem is that it will it will take forever to implement a new solution or for instance, add a new user. You have to go to every single PC and do that. On the other hand, there are some applications that can help you and you can manage a peer to peer network. It’s not a good solution. And you should go for a server based network.
For Microsoft. It all started with Microsoft Windows Nt Seven many, many years ago. Then they created a really good Windows Seven. Even better 2003 than a really awesome Windows Server 2008 2012. Now, I know it might be boring to look at slides and listen to a guy like me. That’s why it makes sense to see something in action.
Okay? That’s why I will connect to two servers that are running in my network at the moment and you will see how they work. Okay? The first one is my SBS 2008. There is a video dedicated to additions. It’s the following video we are going to talk about that. It is based on Windows Seven 2008. I use it as a file server, backup server DHCP server DHCP. It means I can assign IP addresses to my network devices. It is a DNS Server as well. Domain name server.
It means that if I want to go to Google. com, well, I need an IP address and a DNS server can do that for me. I use some VPN solutions, virtual private networks on that server as well. I have been using that box for, well, I think three, four years now. I’ve been really happy with it. What I can show you here is Server manager. It is like a dashboard that summarizes everything that you have to know about the server roles, features. That is like a dashboard, a place where you can start. The second one is Windows Server 2012. In this case, essentials. It is designed for a small company, Microsoft.
They implemented a few additional features that can help you make backups, updates and so on. It is much cheaper as well. Again, a dashboard. Please note, it is redesigned. It looks like windows. Eight. Unfortunately, that’s all I have to say about that. MTA our main focus is on Windows Seven 2008. However, I am going to include Windows Seven 2012 as well, because it is something that you can find in the real world as well.
Okay, so these two guys, let’s say this guy as you can see, Microsoft, they have spent many, many years creating the same platform you can imagine. They have designed and implemented a lot of interesting features. And that’s what our training is all about. We’re going to talk about we’re going to start from scratch. The following video we are we’ll discuss several additions and then we will just go and install Windows Server 2008.
After that after that we are going to add some roles, implement Active Directory, talk about virtual PCs, storage, remote access, everything that Microsoft they implemented for you in Windows Seven 2008 and 2012. As you probably know, everything moves to the cloud. Okay? It is really popular.
Yeah, it’s in the cloud. We don’t need a box anymore. And the same applies to operating systems, to servers, windows 78, Microsoft Office and everything else. It is just licensed now. You can download it from the Internet in like 30 minutes.
You pay for a license, you pay for a key and you can download a Microsoft Server, Windows Seven, Microsoft Office, from Microsoft directly or from one of their partners. All you have to do is just pay well, sometimes a lot of money for a license. And then you can activate and take advantage of all great features that Microsoft decided to implement for you. In this video, we talked about service. I showed you what a peer to peer network is all about.
We discussed the main roles of a server and then we saw that Microsoft, they have spent a lot of time preparing features that we’re going to talk about. Yes, I remember. Well, I’m too young to remember. Ah. Windows. Nt. However, I remember Windows 2000 when it was released first time. That’s when I started my career. In it. Thank you very much.
- Wireless Security
General networking network fundamentals wireless networks security. Yes, we want to make our network secure. It’s not an easy task for wireless. That’s what we want to discuss in this video. Why? What I mean is, why isn’t that easy? It is not. Because first of all, if you have a cable in your network, then you have a door, you have a window. Nobody can get into your office and connect to your corporate network. With wireless, it doesn’t work like that.
You can have the best solution available and your neighbor can keep trying break into your network and there is absolutely nothing you can do about that. That’s the main problem with wireless. I’m pretty sure you have set up a few routers in your life and access points. I hope you have watched my previous videos and you know how to do that. When you go to wireless security options, you will have a few modes available to choose from. We can say that there are three options available WEP WPA and WPA Two.
WWP is not in use anymore. It was created many, many years ago when people were amazed by wireless. They said wow, wireless is great. I want to have it everywhere. And then someone said, well, okay, what about, well, security, mate? What do you mean security? Oh, everybody can connect to my network. Oh crap, that’s not good. That’s how WEP was created. They didn’t really have time to test it and implement everything as they wanted. It was broken without any problems.
Unfortunately, the issue was that all these devices were on the market already. People had laptops, wireless cards, access points. It was not easy to tell people, oh, by the way, you have to buy a new laptop, you have to buy a new access point, a new router. That’s how WPA was created. The challenge was you have to use the same hardware.
The only thing that you can do is an update of your firmware or an image on a device. That’s it. You’re not allowed to use a new piece of hardware. Don’t ask your users to upgrade or buy a new device. That’s how WPA Two was created, which was a big step forward and was secure for many years. WPA Two is something that we use today.
The reason for that is it is not based on TKIP, it is based on AES encryption, which is much better. And that’s what you should use today. You should use WPA two. There is one more thing that you will notice in many places. It says WPA two PSK or WPA two Enterprise. Sometimes the first one is WPA personal as well. What does it mean? The difference is that PSK is appreciated key mode. It’s great for home networks. It means you will have a password, a key, appreciate key. It’s not good for a company because if Mike leaves tomorrow, well, he’s got a key, right?
That’s not good. WPA Two Enterprise is much better because we are going to use a Radius server that’s great for medium sized companies and enterprise solutions. We use protocols like 802, One, X and Radius to make it more secure. In most cases, we’re going to integrate that with Active Directory as well. It means that a user will need a username and password that he uses every day to log into Windows.
If the species on the domain, then he doesn’t have to do anything. Can push it using GPO group policy. Object. That’s a lot of information. The idea is that WPA Two PSK is based on a key on a preserved key. WPA Two Enterprise, on the other hand is something that is designed to, for instance, use certificates and radio service and more sophisticated solutions, everything to make it, first of all, more secure and allow you to scale your network. It’s very easy to in this environment. It’s very easy to tell a user you’re not allowed to connect to the network anymore.
All you have to do is block his account in Active Directory. That’s it. That will do or remove him from a group that he should belong to. I found a really nice explanation on Tplink website WPA to Personal. Here we have an access point to devices that’s it jobs done with WPA Enterprise. We have a server. We use this protocol to talk to a server that can be a Windows server. There is a version, a free version of Radius for Linux. You can set it up and these devices will be authenticated using a server like that a really nice short article that Tplink decided to put. I really like when companies do that. To make you more aware of solutions that are available around you. I want to show you how easy it is to deploy WPA to Enterprise in your network.
If you have an existing radio server. I’ll show you what I have set up. This is my let me just put it in. So this is my access point that is connected to a switch. And then I have a Windows Server 2008. That is my Radius server as well. NPS in Windows Network Protection Server. It’s pretty easy to set up. You just have to add a feature, a role like that to Windows Seven 2000 and 812 and so on.
This access point is here connected to switch and there is a wireless laptop over here that we want to connect to the network. This time we want to use WPA Two Enterprise. Unfortunately, setting up everything from scratch is beyond our training. However, I want to show you what steps you have to take and show you how I have done it in my network. We’ll try and connect a laptop to the network like that as well. Let’s start with the server. On the server. I have the network policy server window open. There are two, maybe three things that you have to do.
First of all you have to create a Radius client that has been done. Linksys 170, 216, one dot, eleven. All you do, you just add a new client. You put his name, IP address and a password that will be used. Then you need a network policy. A network policy is something that will tell your server what to do and when your users are allowed to be authenticated. In my case I specified that first of all, it’s for wireless. And second of all, my users have to be in this group wireless.
That’s a group that I created, okay? And this is a standard one saying allow for wireless. That’s what you have to do in Windows to make it happen. Windows will create logs here in this folder. We’ll use that to see and make sure that we were authentic. Of course we’ll be connected. You can check if something goes wrong and why. Here in the logs, I am connected to the laptop using a wired connection. For now, we’ll connect to the links router and will enable WPA to Enterprise. That’s the IP address of Ruta. In this case, it’s more an access point. Change the password, that’s fine. And in security you will see this. WPA, WPA, it doesn’t matter, it’s personal. It means it’s not going to use a server. Radius server.
We’ll change that to WPA? To Enterprise. And here it’s going to ask for two things. First of all, a Radius server address. That’s what I put here. That’s my SBS server. Windows 2008 Radius port and pre shared key that we specified on the server. Go here, manage wireless networks. And this one is what was it? Test 19. You create a new profile. If you have a server, then you can use, for instance, a Group Policy object and push it to all users. You can try and double click and connect, but sometimes it’s not going to work. It can complain about your certificate.
It makes sense to add a new network like that. You specify. That is test 19. Security is WPA to Enterprise. You want to use AES. In here you have to change this option. If you don’t have a valid certificate. You have to check with your infrastructure engineers. Of course you should have one. If you don’t, then unfortunately you have to untake that and take this one if you’re not under the domain, because you don’t have the same username and password.
And in here I want to use user authentication. That’s what I, in most cases change. Again, all these things can be pushed to your users laptops using Group Policy objects. Now I can try and connect. I ask for a username and password that’s domain name, because this PC is not on the domain. See if it works now. Here we go. I am connected. If I go to status wireless properties, you will see I use WPA to Enterprise.
AES. Let’s check on the server. Now we have our logs and there should be a log here we go. That I was authenticated using my username WiFi. That’s my username links is the client. It was the access points that I used in this video. We talked about wireless security. I showed you what the main difference between WPA and WPA Two is when we can use appreciate key and enterprise solutions. And I even showed you how to deploy WPA Two enterprise using Windows Seven 2008. Thank you very much. You.
- Learn more about Virtual Private Networks and encryption
Network security, virtual private Networks encryption. We are going to have symmetric and asymmetric encryption. Later on we’ll focus on hashing, which is a very, very important topic in VPNs as well. Let’s start with encryption. We have two types of encryption solutions. It’s symmetric and asymmetric encryption. Symmetric Encryption sometimes you can hear it’s a shared key or a shared secret encryption. In this solution, you have a single key that will be used to encrypt and decrypt your data. When you look at this picture here, you will see that we have a message. Let me just change it here. You can see a message here hello world. Encrypt using a shared secret key. We’ll get a cipher text, something that nobody can recognize and understand. That’s the idea for encryption. And then the other side will use the same secret key to decrypt that message and see hello world.
We have a lot of well, not a lot, but we have quite a lot encryption algorithm that we can use for symmetric encryption. Just show you that. Here we go. The most popular ones are Des Three, Des and AES three Days and AES are really popular because they are combined and they are used in IPsec and all kind of VPNs. There is RC four that can be seen in wireless networks. The advantage of symmetric encryption is that it is fast and it allows your traffic to be encrypted and decrypted on the fly. That’s why we use that for VPNs because it’s really fast. The second one is asymmetric encryption. In this case, sometimes we call it public key cryptography. In this case, we have two keys. One key is used to encrypt your data and second key is used to decrypt the message. Let’s check it here. We are going to use one key to encrypt this message and another key to decrypt that message. Comparing to symmetric encryption, asymmetric is slower.
That’s why we do not use that for all our VPN traffic. In most cases, we use asymmetric encryption to exchange our keys that will be used for symmetric encryption. We are going to talk about PKI in a moment. For now, you have to remember that these two keys, sometimes they are called a public key and a private key. What we mean by that is that a public key is something that can be used by everybody. Everybody can see a public key. The advantage of that is that I can send my public key to you. You can encrypt a message using my public key. And who owns the private key? Well, that’s me. It means that you cannot use the same public key to decrypt that message. I can do that because I have my private key. And of course, private key, that’s the name.
I will never ever share it with anyone. And it can work both ways. I can encrypt something using a private key. What does it mean? Well, it means that everybody can decrypt that and you all go, okay, why would you do that? That’s not good. Well, sometimes it is. Why? Because it proves that I created this message. You were able to open decrypt that message using my public key. It means that I had created that message. Let’s talk about PKI public key infrastructure in cryptography. PKI is designed to manage, create, store and revoke digital certificates, public keys. The idea for PKI is really simple. You have a server, a CA, something that certificate authority, somebody, a server, a service provider, a company you will trust.
You say, well, because it was signed by Microsoft, I trust it. That’s what we do every day, right? Microsoft, they introduced a feature like that many years ago. For instance, for drivers, they will warn you if the driver has not been certified. Why? Well, we trust Microsoft. Well, in most cases we trust Microsoft and we say yeah, because it was signed by Microsoft, it’s okay. The same idea is for PKI public key infrastructure. When you receive a certificate from a trusted server, then everybody will trust it and will say, well, because this certificate was issued and signed by someone I trust as well, it means that you’re okay, I can trust you. I can start, I don’t know, a VPN connection or allow you to connect to my network because we trust that certificate, that certificate authority. I am pretty sure you have seen a message like that when you browse the Internet.
Firefox, Internet Explorer, Chrome. All browsers will do that. In most cases people just say, yeah, whatever, I don’t know what’s that and it makes sense to read what your browser is trying to tell you at the moment. Let’s check. Firefox wants to connect to 170 216 one eight, but we cannot confirm the connection is secure. And that is not a perfect sentence because what do you mean it’s not secure? It’s not going to be encrypted? No, that’s why we have some problems or Firefox is not going to trust because we cannot verify the identity. Why? 170 216 one eight is my Microsoft Server and it generated its own certificate. It signed the certificate by itself. And of course Firefox is not going to trust a server like that. That is why you are going to get a message like that. And if you are okay with that, you can confirm and connect.
Please note that Firefox will tell you that the connection to this website is secure. The main issue is that we cannot verify the certificate. This certificate was issued, was sent, was created by a device that we don’t really trust. And that’s not good because the whole idea of a certificate is to get it from a place that we trust. If you go to Options in Firefox, there is certificates in advance, you will see authorities, you have certificates on Fire that identify. Here is a list of companies that we trust. And of course my server is not going to be on the list. You will find, for instance, GoDaddy, a well known company, and they are allowed to issue certificates. If I had received a certificate from GoDaddy, I would have connected without a warning message in Firefox.
The last picture I want to show you is how strong our encryption can be. Here it is Des and as 128, the most popular 1256. In one of the videos where I connect to a Firewall using LTDP, I use 256 bit key that is really, really secure. Most people go for 128. If you connect to many websites, that’s what you’re going and VPN, that’s what you’re going to use. It is more than enough to make your connection very secure. We should avoid using this. This is not secure.
Three days is not bad here. This is on the list here. Still, three days is in most cases slower than as and is not as secure as AES. Today, almost all devices and service support AES. That’s why, if possible, should go for AES. In this video we talked about encryption. I showed you the main difference between Symmetric and Asymmetric encryption and we discussed a public key infrastructure. Thank you very much.