Windows Network Concept

What is networking?
• A basic understanding of networking is important for anyone managing a server.
• Not only is it essential for getting your services online and running smoothly, it
also gives you the insight to diagnose problems.
• In a technology context, network is usually short for "computer network" or "data
networking.
• The above description implies that computers are the things sharing the meaningful
information.
• At a conceptual level, all data networks consist of nodes, which refers to any computer
or digital device using the network and links.
• Also the physical connections (either wired or wireless) that carry messages between
nodes.
Concepts in windows networking
• What are the basic concepts of a corporate network on the Windows platform?
DNS Lookup
• The domain naming system (DNS) is a cornerstone of every network
infrastructure.
• DNS maps IP addresses to names and names to IP addresses (forward and
reverse respectively).
• Thus, when you go to a web-page like www.windowsnetworking.com,
without DNS, that name would not be resolved to an IP address and you
would not see the web page.
• Thus, if DNS is not working “nothing is working” for the end users.
Cont’d…

• DNS server IP addresses are either manually configured or received via

DHCP.
• If you do an IPCONFIG /ALL in windows, you will see your PC’s DNS
server IP addresses.
• Simple example of DNS???
@@@Searching phone number on the mobile
Types of DNS?
• The Domain Name System, or DNS, is a key component of the Internet.
• DNS is the resolution of a domain name to an IP address.
There are two approaches to DNS lookups:
1. The "normal" or forward DNS lookup and;
2. The reverse DNS look up.
Forward DNS Lookups

• The forward lookup, or simple DNS lookup, is the most commonly used
approach to DNS.
• The forward approach to DNS is simply finding out the IP address of a
domain.
• People tend to find it difficult to remember long strings of numbers.
Instead, it's easier to remember a domain name that uses words.
• However, electronic devices use streams of 1's and 0's to
communicate.
• The only way for one computer to communicate with another is by
uniquely identification.
• The method identification used on the Internet is by IP addresses.
Cont’d…
How DNS Works?
Here are the simple steps for DNS resolution:
• A user enters a domain name into their Internet browser. (www.whatismyip.com)
(www.jju.edu.et.com)
• The computer sends the domain name as a DNS request to the user's Internet
Service Provider (ISP).
• The ISP determines if it has the IP address associated with that name.
• If not, the ISP forwards the request to other providers in an effort to located the
DNS record that contains the data.
• Once the record is found, the IP address of the domain is returned to the user.
• Finally, the user's computer can communicate directly with the server.
 Reverse DNS Lookup

In a reverse DNS lookup, the steps are the same except that it starts out
with an IP address and returns with the domain name.
 In actual reality this can take a while and when a DNS is unable to find
what it needs whether it is a domain name or an IP address.
This is due to the servers being busy or the web browser timing out.
Ethernet & ARP
Ethernet is the protocol for your local area network (LAN).
 Network interface cards (NIC) connected to Ethernet cables, to running
Ethernet switches which connect everything together.
Without a “link light” on the NIC and the switch, nothing is going to
work.
Cont’d…
• What is the difference between MAC and ARP?
• What is DHCP?
• ARP (address resolution protocol) is the protocol that maps Ethernet
MAC addresses to IP addresses.
• MAC addresses (or Physical addresses) are unique strings that identify
Ethernet devices.
• The mac-address-table is used by the switch. ... The mac-address-table
has nothing to do with IP addresses
• Dynamic Host Configuration Protocol (DHCP) is a network protocol
that enables a server to automatically assign an IP address to a computer
from a defined range of numbers (i.e., a scope) configured for a given
network.
 IP Addressing and Sub-netting

 What is the difference between IP address and Sub-netting?

Every computer on a network must have a unique Layer 3 address called
an IP address.
IP addresses are 4 numbers separated by 3 periods like 1.1.1.1.
Most computers receive their IP address, subnet mask, default gateway,
and DNS servers from a DHCP server.
To receive that information, your computer must first have network
connectivity (a link light on the NIC and switch) and must be configured
for DHCP.
The Larger blocks of IP addresses are broken down into smaller
blocks of IP addresses and this is called IP sub-netting.
 NAT and Private IP Addressing

• Today, almost every local LAN network is using Private IP addressing

(based on RFC1918) .
• Then translating those private IPs to public IPs with NAT (network
address translation).
• The private IP addresses always start with 192.168.x.x or
172.16-31.x.x or 10.x.x.x (those are the blocks of private
IPs defined in RFC1918).
Network address translation (NAT)
• NAT is a method of remapping one IP address space into another by
modifying network address information.
Default Gateway
A default gateway serves as an access point or IP router that a
networked computer uses to send information to a computer in
another network or the Internet.
Default simply means that gateway f(entering ways of data )is used
by default, unless an application specifies another gateway.
Default Gateway Operation. The default gateway is required when a
router is needed for tasks such as:
 like for forwarding traffic across multiple VLANs.
 Firewalls
• A part of a computer system or network that is designed to block
unauthorized access while permitting outward communication.
• Firewall filters traffic based on IP address, protocol and port.
• Thus, which enables administrators to designate which systems and
services (HTTP, FTP, etc.) are publicly available.
• What is the difference between HTTP and FTP?
• Firewall can be run as a transparent bridge to complement pre-existing
firewall.
• Firewall allows you to control inbound and/or outbound access to
specifics IPs and ports.
Work Groups
• What is a Workgroup?
• The workgroup is a collection of computers that are part of the
same network.
• All the computers are peers and do not have control over another
computer.
• The workgroup facilitates the detection of the computers that are part
of it and the sharing of resources like folders or printers.
Cont’d…
1) No Centralized Administration.
2) Not much security for Data, User & Groups. (Depends on Configuration)
3) No Server & Client Matter. Each pc reacts like a Client as well as Server.
4) Basically Windows 98 & XP is going to used in Clients side
5) We can assign permission to drives & folder & files but much security
than Domain
6) All computers must be on the same local network or subnet. Every PC is
responsible for its security own.
7) Best suite in school, training institute, cyber café.
Domain
1) Centralized Administration.
2) Security of Data, User & Groups
3) Server & Clients Based
4) Windows 2000 & 2003 Server or Advance Support For Server
Configuration
5) File, Folder & User & Group Permission we can assign.
6) Best suite in company environments
Domain Controllers
• To counter this problem there are actually two types of domain
controllers in a domain:
1. Primary Domain Controller
2. Backup Domain Controller
1.Primary Domain Controller (PDC): The PDC holds the writable
copy of the domain's account database.
• All modifications to domain information are performed by the
Primary Domain Controller, which updates the database.
• There can only be one PDC in each domain.
2.Backup Domain Controller (BDC):

• The BDC holds a read-only copy of the domain's account database.

• A BDC can authenticate user logons providing local balancing
• Also the event of a PDC failure can be manually promoted to the PDC
role.
• There can be multiple BDCs in each domain.
 LDAP(Lightweight Directory Access Protocol )

LDAP is based on the client/server model of distributed computing

LDAP used two main ports.
LDAP has evolved as a lightweight protocol for accessing information in
X.500 directory services.
X.500 has its own Directory Access Protocol (or DAP).
However, it is very large and awkward to implement
As a result IEEE industry-standard access protocol was created, LDAP
The success of LDAP has been largely due to the following characteristics
that make it simpler to implement and use, compared to X.500
Cont’d…
LDAP runs over TCP/IP rather than the OSI protocol stack.
TCP/IP is less resource-intensive and is much more widely available,
especially on desktop systems.
The functional model of LDAP is simpler.
 It omits duplicate, rarely-used and esoteric features. This makes
LDAP easier to understand and to implement.
LDAP uses strings to represent data rather than complicated structured
syntaxes such as ASN.1 (Abstract Syntax Notation One).
 Cont’d…
LDAP defines operations for accessing and modifying directory entries
such as:
 Searching for entries meeting user-specified criteria
 Adding an entry
Deleting an entry
Modifying an entry
Modifying the distinguished name or relative distinguished name of an
entry (move)
Comparing an entry
Active Directory
Active Directory (AD) is a directory service
that Microsoft developed for the Windows
domain networks. It is included in most Windows Server
operating systems as a set of processes and services.
Initially, Active Directory was only in charge of centralized domain
management.
A server running Active Directory Domain Services
(AD DS) is called a domain controller.
It authenticates and authorizes all users and computers
in a Windows domain type network—assigning and
enforcing security policies for all computers and
installing or updating software.
 Cont…

A server running Active Directory Domain Service (AD DS)

is called a domain controller.
It authenticates and authorizes all users and computers in
a Windows domain type network—assigning and enforcing
security policies for all computers and installing or
updating software.
 For example, when a user logs into a computer that is
part of a Windows domain, Active Directory checks the
submitted password and determines whether the user is
a system administrator or normal user.
Also, it allows management and storage of information,
provides authentication and authorization mechanisms,
and establishes a framework to deploy other related
services.
Cont…
The term directory service refers to two things.
₋ Where information about users and resources is stored and
₋ A service or services that let you access and manipulate those
resources.
• Active Directory is a way to manage all elements of your
network
• It includes computers, groups, users, domains, security policies,
and any type of user-defined objects.
What do we Need the Active Directory For?

40MB maximum practical database size

Replication limitations

No way to delegate control

concept of physical location

Static database format

File Permissions in Linux

• There are three Classes – Owner, Group, Others.

• The Owner is the usually the creator of the files/folders.
• In Linux, files or folders that you created in your Home directory are
usually owned by you, unless you specifically change the ownership.
• The Group contains a group of users who share the same permissions
and user privilege.
• Others means the general public.
• As for permissions, there are 3 type of actions that you can perform on
a file/folder. You can either read, write or execute.
Cont’d…
Read – You can only view the file, but cannot modify the content of the
file.
• When applied on Folder, you can only view the files in the folder, but
you can’t delete from or add files into the folder.
Write – You can edit and modify the file. For Folders, you can delete and
add files into the folder.
Execute – Execute is mainly used when you need to run the file
(commonly used when you need to run a script).
What’s about the number?
• With the basic understanding of the Classes and Permissions, let’s delve
into it further and see how the “777” or “775” come about.
 Cont’d…
• Every file and folder contain a 8-bit data that control the permissions.
• At its basic binary form, it will be “000”, which means no permissions
of any form is granted.
• When you set a “Read” permission, it will add 4-bit to the data, making it
“100” (in binary format) or a “4” in the usual decimal format.
• Setting a “Write” permission will add 2-bit to the data, making it “010”
and “2” in decimal form.
• Lastly, setting an “Execute” permission adds 1-bit to the data, which will
result in “001”, or “1” in decimal form. In short:
 Cont’d…
• Read is equivalent to ‘4’.
• Write is equivalent to ‘2’.
• Execute is equivalent to ‘1’
• When we want to set permissions, we just add up the number.
• For example, to set the permissions to read and write, we will use ‘6’ (4 +
2) for the permission.
• For read, write and execute, we will use ‘7’ (4 + 2 + 1) for the permission.
Cont’d…
0 – no permission
1 – execute
2 – write
3 – write and execute
4 – read
5 – read and execute
6 – read and write
7 – read, write, and execute
Cont’d…
• What about the 3 digits ‘777’?
• Well, the first digit is assigned to the Owner, the second digit is
assigned to the Group and the third digit is assigned to the Others.
• So for a file with ‘777’ permission, everyone can read, write and
execute the file.
Here are some of the commonly used permissions:
• 755 – This set of permission is commonly used in web server.
• The owner has all the permissions to read, write and execute.
• Everyone else can only read and execute, but cannot make changes to
the file.
 Cont’d…
• 777 – Everyone can read write and execute.
• In a web server, it is not advisable to set ‘777’ permission for your files
and folders as it allows anyone to add malicious code to your server.
• However, in some cases, you will need to set the 777 permissions
before you can upload any file to the server (For example, uploading
images in WordPress)
• 644 – Only the owner can read and write. Everyone else can only read.
No one can execute the file.
• 655 – Only the owner can read and write, but not execute the file.
• Everyone else can read and execute, but cannot modify the file.
Package Management
Apt-Get
• The apt-get command is a powerful command line tool.
• Which is used to work with Ubuntu's Advanced Packaging Tool (APT)
performing such functions as installation of new software packages,
• Upgrade of existing software packages, updating of the package list
index, and even upgrading the entire Ubuntu system.