CSED 431 Week 7 -- March 15
Networking
State exam
Networks
Brief review of DNS
basics of how lookup of, say, www.cs.luc.edu works, hierarchically.
edu
luc.edu
cs.luc.edu
www.cs.luc.edu
DNS caching
alice.cs.luc.edu and bob.cs.luc.edu do NOT need to have related IP addrs!
To bring up a machine on a local area network, so that it can connect to the internet, it must have:
- an IP address
- a subnet mask
- the IP address of the router it uses to reach the outside world
- the IP address of one or more DNS servers
Problems with sharing folders
- IP addresses
- hosts file entry
- password
getting network browsing to work
Subnet 10.11.12.0/24
What if there is a real 10.11.12.0/24?
Routing traffic to 10.11.12.0/24
State exam
#5: A school uses a central server to provide Internet connections for
classroom computers throughout the school. Which of the following
activities is most likely to defeat the purpose of the server's
firewall?
#6: When scanning a disk for viruses, it is most important to check files having which of the following extenstions?
#7: Network doesn't work the next day.
#8: What is the Device Manager for?
#10: Bad video
Viruses
Spyware Protect 2009
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32%2fFakeSpypro
It appears to be quite effective at installing it as an ordinary user. It is able to:
- provide an endless stream of popup windows advising you that your computer is infected
- provide an endless stream of firefox windows that appear to be virus-related
- block the execution of other programs with the warning "Windows has determined that the file ***.exe is infected, and has blocked execution". I think there's a workaround here.
- Survive logon/logoff and reboots, by making user-specific registry entries to restart itself
Wireless
General view
iwlist wlan0 scan
A "station" (that is, a wireless computer) must associate with an access point before any traffic can flow!
This is sort of a software equivalent of plugging in, except that you
have to be in range (I guess you have to be in range to plug into a
wire too).
Windows Server 2008
Disabling CNTL-ALT-DEL
Roles
Adding Roles
Managing Roles
Windows Firewall with Whatever
Control panel network stuff
Lab
Log into winser8. Enable the following roles:
- Network Policy and Access Services
- DHCP
The network diagram you are heading for is as follows:
+-----------------------------------------------------------+
|
laptop
|
|
|
|
+---------+
|
10.0.5.1
|
| 10.11.12.1
10.11.12.0/24
|
|-------| winser8
|--------------+-----------------+
|
|
|
|
|
| |
|
+---------+
|
| |
|
10.0.5.5
win1
win2 |
|
|
|
|
|
|
+-----------------------------------------------------------+
1. Assign the "inside" network interface of winser08 the static IP address 10.11.12.1.
2. Get win1 or win2 to get its IP address from winser08, via DHCP. You
will have to set up a DHCP "scope" on winser08. For the scope, have the
Start IP Address be 10.11.12.64 and the End IP Address be something like 10.11.12.127 or 10.11.12.255.
Also have DHCP hand out the following information, via Scope Options:
- Subnet mask: 255.255.255.0 (may be automatic?)
- DNS Server: 147.126.68.1
- Default gateway (Router): 10.11.12.1
I used the cmd tool a lot, with commands
ipconfig
ipconfig /all
net use z: \\win1\stuff ....
route print
You can use c:\windows\system32\drivers\etc\hosts (and lmhosts) to provide host-name info, eg
10.11.12.1 winser8
I edited hosts/lmhosts with the edit command in the cmd window.
3. Enable routing on winser08, so that win1 and win2 can reach the outside through winser8. In the previous lab we did this (or maybe didn't get to it) by modifying the following registry entry:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter
However, this time you should be able to do it from the GUI tools
provided. In Server Manager, click on Network Policy and Access Server,
and go to the Action menu to configure it. On the Routing and Remote
Access Properties dialogue box, click
Enable this computer as a:
[ ] IPv4 Router
o Local area network (LAN) routing only
There is another thing that needed to be done: how does the linux host system know that your
private subnet 10.11.12.0/24 is reachable via the tap0 interface
(the internal interface) instead of its normal default interface eth0?
I had to run the following in a linux command window (one of the root windows):
ip route add to 10.11.12.0/24 via 10.0.5.2
where 10.11.12.x is the subnet on my winprivate
network, and 10.0.5.5 was the IP address of the "upstream" interface on
winser08. The above route would be removed with "ip route delete to
10.11.12.0/24".
4. Make sure the "machine name" of winser08 is actually that;
change it with the control panel if necessary. It was winser08-pld on
some machines.
5. Create a folder c:\shared on winser08. Share it. Have win1 mount
that shared folder from winser08. The folder should be read-only, and
available to anyone with an account on win1.
6. Enable network browsing, so that from the network-browser tool on the windows client you can find the server and its shares.
7. (If you have time, which you likely won't because the previous two
items can take a while) Make winser08 a Domain Controller. Have win1 or
win2 (or both) join its domain.