CSED 431 Week 7

CSED 431 Week 7 -- March 15

Networking
State exam

Networks

Brief review of DNS
basics of how lookup of, say, www.cs.luc.edu works, hierarchically.
            edu
            luc.edu
            cs.luc.edu
            www.cs.luc.edu
DNS caching
alice.cs.luc.edu and bob.cs.luc.edu do NOT need to have related IP addrs!

To bring up a machine on a local area network, so that it can connect to the internet, it must have:

an IP address
a subnet mask
the IP address of the router it uses to reach the outside world
the IP address of one or more DNS servers

Problems with sharing folders

IP addresses
hosts file entry
password

getting network browsing to work

Subnet 10.11.12.0/24
What if there is a real 10.11.12.0/24?
Routing traffic to 10.11.12.0/24

State exam

#5: A school uses a central server to provide Internet connections for classroom computers throughout the school. Which of the following activities is most likely to defeat the purpose of the server's firewall?

#6: When scanning a disk for viruses, it is most important to check files having which of the following extenstions?

#7: Network doesn't work the next day.

#8: What is the Device Manager for?

#10: Bad video

Viruses

Spyware Protect 2009

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Win32%2fFakeSpypro

It appears to be quite effective at installing it as an ordinary user. It is able to:

provide an endless stream of popup windows advising you that your computer is infected
provide an endless stream of firefox windows that appear to be virus-related
block the execution of other programs with the warning "Windows has determined that the file ***.exe is infected, and has blocked execution". I think there's a workaround here.
Survive logon/logoff and reboots, by making user-specific registry entries to restart itself

Wireless

General view

iwlist wlan0 scan

A "station" (that is, a wireless computer) must associate with an access point before any traffic can flow! This is sort of a software equivalent of plugging in, except that you have to be in range (I guess you have to be in range to plug into a wire too).

Windows Server 2008

Disabling CNTL-ALT-DEL

Roles
Adding Roles
Managing Roles

Windows Firewall with Whatever

Control panel network stuff

Lab

Log into winser8. Enable the following roles:

Network Policy and Access Services
DHCP

The network diagram you are heading for is as follows:

        +-----------------------------------------------------------+
        |                        laptop                             |
        |                                                           |
        |       +---------+                                         |
       10.0.5.1 |         | 10.11.12.1    10.11.12.0/24           |
        |-------| winser8 |--------------+-----------------+    |
        |       |         |        |                 |        |
        |       +---------+            |                 |        |
        |    10.0.5.5            win1              win2       |
        |                                                           |
        |                                                           |
        |                                                           |
        +-----------------------------------------------------------+

1. Assign the "inside" network interface of winser08 the static IP address 10.11.12.1.

2. Get win1 or win2 to get its IP address from winser08, via DHCP. You will have to set up a DHCP "scope" on winser08. For the scope, have the Start IP Address be 10.11.12.64 and the End IP Address be something like 10.11.12.127 or 10.11.12.255.

Also have DHCP hand out the following information, via Scope Options:

Subnet mask: 255.255.255.0 (may be automatic?)
DNS Server: 147.126.68.1
Default gateway (Router): 10.11.12.1

I used the cmd tool a lot, with commands
    ipconfig
    ipconfig /all
    net use z: \\win1\stuff ....
    route print

You can use c:\windows\system32\drivers\etc\hosts (and lmhosts) to provide host-name info, eg
    10.11.12.1   winser8
I edited hosts/lmhosts with the edit command in the cmd window.

3. Enable routing on winser08, so that win1 and win2 can reach the outside through winser8. In the previous lab we did this (or maybe didn't get to it) by modifying the following registry entry:
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter

However, this time you should be able to do it from the GUI tools provided. In Server Manager, click on Network Policy and Access Server, and go to the Action menu to configure it. On the Routing and Remote Access Properties dialogue box, click
    Enable this computer as a:
    [ ] IPv4 Router
       o Local area network (LAN) routing only

There is another thing that needed to be done: how does the linux host system know that your private subnet 10.11.12.0/24 is reachable via the tap0 interface (the internal interface) instead of its normal default interface eth0? I had to run the following in a linux command window (one of the root windows):

    ip route add to 10.11.12.0/24 via 10.0.5.2

where 10.11.12.x is the subnet on my winprivate network, and 10.0.5.5 was the IP address of the "upstream" interface on winser08. The above route would be removed with "ip route delete to 10.11.12.0/24".

4. Make sure the "machine name" of winser08 is actually that; change it with the control panel if necessary. It was winser08-pld on some machines.

5. Create a folder c:\shared on winser08. Share it. Have win1 mount that shared folder from winser08. The folder should be read-only, and available to anyone with an account on win1.

6. Enable network browsing, so that from the network-browser tool on the windows client you can find the server and its shares.

7. (If you have time, which you likely won't because the previous two items can take a while) Make winser08 a Domain Controller. Have win1 or win2 (or both) join its domain.