UNIT TWO

Windows Network Concept Overview

1
 Windows Network Concept
What is networking?
A basic understanding of networking is important
for anyone managing a server.
Not only is it essential for getting your services
online and running smoothly, it also gives you the
insight to diagnose problems.
In a technology context, network is usually short
for "computer network" or "data networking.
The above description implies that computers are
the things sharing the meaningful information.
2
 Cont’d…
At a conceptual level, all data networks consist of
nodes, which refers to any computer or digital
device using the network and links.
Also the physical connections (either wired or
wireless) that carry messages between nodes.
What are the basic concepts of a corporate network
on the Windows platform?

3
  
DNS Lookup
The domain naming system (DNS) is a
cornerstone of every network infrastructure.
 DNS maps IP addresses to names and names to IP
addresses (forward and reverse respectively).
Thus, when you go to a web-page like
www.windowsnetworking.com, without DNS, that
name would not be resolved to an IP address and
you would not see the web page.
Thus, if DNS is not working “nothing is working”
for the end users.
4
 Cont’d…
DNS server IP addresses are either manually configured
or received via DHCP.
 If you do an IPCONFIG /ALL in windows, you will see
your PC’s DNS server IP addresses.
Types of DNS
The Domain Name System, otherwise known as DNS, is
a key component of the Internet.
DNS is the resolution of a domain name to an IP
address.
There are two approaches to DNS lookups:
1. The "normal" or forward DNS lookup and;
2. The reverse DNS look up.
5
 Forward DNS Lookups
The forward lookup, or simple DNS lookup, is the
most commonly used approach to DNS.
The forward approach to DNS is simply finding out
the IP address of a domain.
People tend to find it difficult to remember long
strings of numbers. Instead, it's easier to remember a
domain name that uses words.
However, electronic devices use streams of 1's and 0's
to communicate.
The only way for one computer to communicate with
another is by uniquely identification.
The method identification used on the Internet is by IP
6
addresses.
 How DNS Works?
Here are the simple steps for DNS resolution:
A user enters a domain name into their Internet browser.
(www.whatismyip.com)
The computer sends the domain name as a DNS request
to the user's Internet Service Provider (ISP).
The ISP determines if it has the IP address associated
with that name.
If not, the ISP forwards the request to other providers in
an effort to located the DNS record that contains the data.
Once the record is found, the IP address of the domain is
returned to the user.
Finally, the user's computer can communicate directly
with the server.
7
 Reverse DNS Lookup
In a reverse DNS lookup, the steps are the same except
that it starts out with an IP address and returns with the
domain name.
 In actual reality this can take a while and when a DNS
is unable to find what it needs whether it is a domain
name or an IP address.
This is due to the servers being busy or the web
browser timing out.

8
 Ethernet & ARP
Ethernet is the protocol for your local area network
(LAN).
 Network interface cards (NIC) connected to
Ethernet cables, to running Ethernet switches
which connect everything together.
Without a “link light” on the NIC and the switch,
nothing is going to work.
What is the difference between MAC and ARP?
What is DHCP?

9
 Cont’d…
ARP (address resolution protocol) is the protocol
that maps Ethernet MAC addresses to IP addresses.
The ARP table is your layer 3 to layer 2
resolution. You examine this on your layer 3
device.
MAC addresses (or Physical addresses) are unique
strings that identify Ethernet devices.
• The mac-address-table is used by the switch. ...
The mac-address-table has nothing to do with IP
addresses
10
 Dynamic Host Configuration Protocol (DHCP)
DHCP is a network protocol that enables a server
to automatically assign an IP address to a computer
from a defined range of numbers
i.e., a scope configured for a given network.
DHCP is a client server protocol
DHCP is an enhancement of an older protocol
called BOOTP
Some example of DHCP options are router(default
gateway),DNS server and DNS domain name

11
 IP Addressing and Sub-netting
What is the difference between IP address and Sub-
netting?
Sub-netting
Given a network IP address, there are three types of
problems involving sub-netting:
 Sub-netting when given a required number of
networks
Sub-netting when given a required number of clients
Given an IP address & Subnet Mask, finding original
network range (reverse engineering a subnet problem)

12
 Cont’d…
Every computer on a network must have a unique
Layer 3 address called an IP address.
IP addresses are 4 numbers separated by 3 periods like
1.1.1.1.
Most computers receive their IP address, subnet mask,
default gateway, and DNS servers from a DHCP
server.
To receive that information, your computer must first
have network connectivity (a link light on the NIC and
switch) and must be configured for DHCP.
The Larger blocks of IP addresses are broken down
13 into smaller blocks of IP addresses and this is called IP
 Cont’d…
Sub-netting Given Number of Networks (1)
A company would like to break its Class B network IP
address 172.16.0.0 into 60 different subnets.
Find ranges of IP addresses for each subnet and new
mask.
Class B network has 16 host bits
Class B subnet mask = 255.255.0.0 =
11111111.11111111.00000000.00000000
60 = 00111100

14
 Cont’d…
we need at least 6 additional network bits
The following New mask
11111111.11111111.11111(1)00.00000000=255.255.252.0
and bit with parenthesis is the increment bit
Start with the given network IP address and add the
increment to the sub-netted octet:
 172.16.0.0
172.16.4.0
172.16.8.0 … etc.

15
 NAT and Private IP Addressing
Today, almost every local LAN network is using Private
IP addressing (based on RFC1918) .
Then translating those private IPs to public IPs with
NAT (network address translation).
Network address translation (NAT)
NAT is a method of remapping one IP address space
into another by modifying network address information.

16
 Default Gateway
A default gateway serves as an access point or IP router that a
networked computer uses to send information to a computer in
another network or the Internet.
Default simply means that gateway is used by default,
unless an application specifies another gateway.
Default Gateway Operation. The default gateway is required
when a router is needed for tasks such as:
 like for forwarding traffic across multiple VLANs.

17
 Firewalls
A part of a computer system or network that is designed to
block unauthorized access while permitting outward
communication.
Firewall filters traffic based on IP address, protocol and port.
Thus, which enables administrators to designate which
systems and services (HTTP, FTP, etc.) are publicly
available.
What is the difference between HTTP and FTP?
Firewall can be run as a transparent bridge to complement
pre-existing firewall.
Firewall allows you to control inbound and/or outbound
access to specifics IPs and ports.
18
 Work Groups
What is a Workgroup?
The workgroup is a collection of computers that are
part of the same network.
All the computers are peers and do not have control
over another computer.
 The workgroup facilitates the detection of the
computers that are part of it and the sharing of
resources like folders or printers.

19
 Cont’d…work group
No Centralized Administration.
Not much security for Data, User & Groups. (Depends
on Configuration)
No Server & Client Matter. Each pc reacts like a Client
as well as Server.
Basically Windows 98 & XP is going to used in
Clients side.
We can assign permission to drives & folder & files
but much security than Domain
All computers must be on the same local network or
subnet. Every PC is responsible for its security own.
 Best suite in school, training institute, cyber café.
20
 Domain
A domain, on the other hand, is a client/server network
in which the security and resource management is
centralized.
This means that a singular administration has control
over the domain and allows which users have access to
which files.
 In a domain, there is a one single database for domain
users. A user can log on at any workstation via their
account and access the files.

21
 Cont’d…Domain
In domain one or more computers are server
Centralized Administration.
Security of Data, User & Groups
Server & Clients Based
Windows 2000 & 2003 Server or Advance Support For
Server Configuration
File, Folder & User & Group Permission we can
assign.
 Best suite in company environments

22
 Domain Controllers
To counter this problem there are actually two types of
domain controllers in a domain:
1. Primary Domain Controller
2. Backup Domain Controller
Primary Domain Controller (PDC): The PDC holds
the writable copy of the domain's account database.
All modifications to domain information are
performed by the Primary Domain Controller, which
updates the database.
There can only be one PDC in each domain.

23
 Backup Domain Controller (BDC):
The BDC holds a read-only copy of the domain's
account database.
A BDC can authenticate user logons providing local
balancing
Also the event of a PDC failure can be manually
promoted to the PDC role.
There can be multiple BDCs in each domain.

24
 Active Directory
What Is a Directory Service?
A service that helps track and locate objects on a network
The term directory service refers to two things a directory
where information about users and resources is stored and
a service or services that let you access and manipulate
those resources.
Active Directory is a way to manage all elements of your
network
It includes computers, groups, users, domains, security
policies, and any type of user-defined objects.

25
 What is AD RMS?
Active Directory Rights Management Services (AD RMS)
is an information protection technology that works with
applications to safeguard digital information
What does AD RMS do?
Allows individuals and administrators to specify access
permissions to documents, workbooks, and presentations
prevent sensitive information from being printed,
forwarded, or copied by unauthorized people
access and usage restrictions are enforced no matter
where the information is located

26
 What is AD LDS?
AD LDS is a hierarchical file-based directory store
AD LDS is both the directory information source and
the service that makes the information available and
usable
Windows
Network
User
Devices
• Account
Information • Config
• Privileges Active Directory LDS • QoS Policy
• Profiles • Security
• Policies Policy
• Manageability
• Security
• Interoperability Applications
Email
Servers • Server
Config
• Mailbox • SSO
Information • App-Specific
• Address Directory
Book Info

27
 What does AD LDS do?
Lightweight Directory Access Protocol (LDAP)
Directory service that provides flexible support for
directory-enabled applications, without the
dependencies and domain-related restrictions of AD DS
provide directory services for directory-enabled
applications without incurring the overhead of domains
and forests
no requirement for a single schema throughout a forest

28
 Cont’d…LDAP
LDAP is based on the client/server model of distributed
computing
LDAP used two main ports.
LDAP has evolved as a lightweight protocol for accessing
information in X.500 directory services.
X.500 has its own Directory Access Protocol (or DAP).
However, it is very large and cumbersome to implement
As a result IEEE industry-standard access protocol was
created, LDAP
The success of LDAP has been largely due to the following
characteristics that make it simpler to implement and use,
compared to X.500
29
 Cont’d…
LDAP runs over TCP/IP rather than the OSI protocol
stack.
TCP/IP is less resource-intensive and is much more
widely available, especially on desktop systems.
The functional model of LDAP is simpler.
 It omits duplicate, rarely-used and esoteric features.
This makes LDAP easier to understand and to
implement.
LDAP uses strings to represent data rather than
complicated structured syntaxes such as ASN.1
(Abstract Syntax Notation One).
30
 Cont’d…
LDAP defines operations for accessing and modifying
directory entries such as:
 Searching for entries meeting user-specified criteria
 Adding an entry
Deleting an entry
Modifying an entry
Modifying the distinguished name or relative distinguished
name of an entry (move)
Comparing an entry

31
Thank You!
Questions???