1 / 27

CN1260 Client Operating System

CN1260 Client Operating System. Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS , MCDST, MCP, A+. Agenda. Chapter 4 : Troubleshooting Mobile Connectivity Problems Quiz Exercise. Wireless Networks. Most wireless networks : 802.11b , 802.11g, or 802.11n

shay
Télécharger la présentation

CN1260 Client Operating System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

  2. Agenda • Chapter 4: Troubleshooting MobileConnectivity Problems • Quiz • Exercise

  3. Wireless Networks • Most wireless networks : 802.11b, 802.11g, or 802.11n • All standard are backward compatibility except 802.11a • See Table 4-1 on Page 82

  4. Wireless Operating Modes • Wireless adapters can run in one of two operating modes: • Independent basic service set (IBSS) • Also known as ad hoc • Extended service set (ESS) • Also known as infrastructure, where hosts connects to a wireless access point using a wireless adapter

  5. Wireless Security • Wired Equivalent Privacy (WEP) • Very weak • Wi-Fi Protected Access (WPA) or WPA2 • Temporal Key Integrity Protocol (TKIP) • WPA2 : Advanced Encryption Standard (AES) • Rotate the keys and change the way keys are derived • Personal mode and Enterprise mode

  6. Personal Mode • Both WPA and WPA2 can run in both personal and enterprise mode • Personal mode • Designed for home and small office networks • Authentication via a pre-shared key or password • The session keys are changed often and handled in the background

  7. Enterprise Mode • Authentication using IEEE 802.1X and Extensible Authentication Protocol (EAP) • 802.1X provides an authentication framework for wireless LANs, allowing a user to be authenticated by a central authority such as a RADIUS server • Enterprise mode uses two sets of keys: the session keys and group keys • Both sets of keys are generated dynamically and are rotated to help safeguard the integrity of keys over time. • The encryption keys could be supplied through a certificate or smart card

  8. Configuring Wireless Adapters • Identified by the service set identifier, or SSID • If the SSID is not broadcasted, you will have to enter the SSID manually • The SSID can be up to 32 characters long • See Figure 4-1 on Page 84

  9. Using Group Policies and Scripts • With group policies • Configure a client to automatically connect to wireless network • Keep the computer from connecting to other wireless networks • Scripts or netsh command • Carry the configuration information using USB flash drives

  10. Bootstrap Wireless Profile • Can be created on the wireless client • Authenticates the computer to the wireless network • Connects to the network • Attempts to authenticate to the domain • Authentication can be done either by using • Username and password combination • Security certificates from a public key infrastructure (PKI)

  11. Wireless Connection Problems • If you don’t see any wireless networks, check: • The wireless device is on • The wireless device is enabled in the Network and Sharing Center • The correct wireless device driver is installed and enabled

  12. Wireless Connection Problems (Cont.) • Signal Strength • The distance from access point cause the slower network performance • If connection drops frequently or poor performance, you should: • Check to make sure the wireless access point and wireless device are transmitting at maximum power • Try to move closer • Try adjusting or replace the antenna of the wireless access point

  13. Connectivity Problems • If you cannot connect to a wireless network but you could before • Check the settings, especially the encryption algorithm and the key • Check if the access point is powered on and working properly • If you maintain steady signal strength and have intermittent connections • Check for interference from another device such as radio or any other network device

  14. Remote Access • Remote access server (RAS) • Enables users to connect remotely using various protocols and connection types • Virtual private network (VPN) • Links two computers through a wide-area network such as the Internet • The data will be encapsulated and encrypted • See Figure 4-3 on Page 90

  15. VPN Connection • Routing and Remote Access Server (RRAS) • Under Network Policy and Access Service server role • Servers can receive requests from remote access users located on the Internet • Authenticate these users • Authorize the connection requests • Either block the requests or route the connections to private internal network segments

  16. VPN Connection (Cont.) • The five types of tunneling protocols: • Point-to-Point Tunneling Protocol (PPTP) • Weak encryption technology • Internet Protocol Security (IPSec) • Authenticating and encrypting each IP packet of a data stream • Layer 2 Tunneling Protocol (L2TP) • Used with IPSec to provide security • A computer certificate or a presharedkey is required

  17. VPN Connection (Cont.) • The five types of tunneling protocols: • Internet Key Exchange version 2 (IKEv2) • It uses IPSec for encryption while supporting VPN Reconnect (also called Mobility) • Enables VPN to reestablish if the line was dropped • Secure Socket Tunneling Protocol (SSTP) • Uses HTTPS protocol over TCP port 443 • Both IKEv2 and SSTP does not require a client computer certificates or presharedkey

  18. RADIUS • Remote Authentication Dial In User Service • a networking protocol that provides centralized authentication, authorization, and accounting management for computers to connect and use a network service

  19. VPN Authentication • Password Authentication Protocol (PAP) • Uses plain text (unencrypted passwords) • The least secure authentication • Challenge Handshake Authentication Protocol (CHAP) • A challenge-response authentication • Uses md5 hashing scheme to encrypt the response • Microsoft CHAP version 2 (MS-CHAP v2) • Provides two-way authentication (mutual authentication) • Extensible Authentication Protocol (EAP-MS-CHAPv2) • A universal authentication framework • Allows third-party vendors to develop custom authentication schemes • Provides mutual authentication methods that support password-based user or computer authentication.

  20. Split Tunneling • By default the “Use Default Gateway on the Remote Network” option is enabled • Means split tunneling is not enabled • All traffics will go through ‘corporate’ server • If “Use Default Gateway on Remote Network” option is unchecked • All traffic that is not part of the vpn will use your own internet connection

  21. Troubleshooting VPN Connection • Make sure that the client computer can connect to the Internet • Verify the server name or IP address • Verify that the user has the correct digital certificate and that the digital certificate is valid • Verify the user credentials including the domain name if necessary • Check authentication and encryption methods • Verify the user is authorized for remote access by checking the user properties or by checking the network policies

  22. Troubleshooting VPN Connection • If you are using LT2P with IPSec going through a NAT device • Make sure that you have the proper registry settings • Make sure that the firewall is configured to allow the VPN connection • Verify that you have enough PPTP or L2TP ports available to handle the new connection

  23. Troubleshooting VPN Connection • Issues after successful connection • Verify that routing is configured properly by pinging a remote host through the VPN • Verify that you have the proper name resolution for internal resources • Verify that the VPN connection has the proper IP configuration including that there are enough DHCP addresses available

  24. DirectAccess • A new feature introduced with Windows 7 and Windows Server 2008 R2 • Provides seamless intranet connectivity to DirectAccess client computers when they are connected to the Internet • DirectAccessconnections are automatically established • IPSec and Internet Protocol version 6 (IPv6) are required

  25. DirectAccess (Cont.) • On server side, two NICs are needed • One that is connected directly to the Internet • One that is connected to the intranet • DirectAccessservers must be a member of an AD DS domain • Client must use Windows 7 Enterprise or Windows 7 Ultimate and be members of an AD DS domain

  26. DirectAccess (Cont.) • On the DirectAccessserver • At least two consecutive, public IPv4 addresses assigned to the network adapter are required • At least one domain controller and DNS server that is running Windows Server 2008 R2 • A public key infrastructure (PKI) to issue computer certificates, and optionally, smart card certificates for smart card authentication and health certificates for NAP

  27. Assignment • Submit these before class over on Thursday • Fill in the blank • Multiple Choice • True / False • Submit these before class start on Monday • Lab 4

More Related