mcse 04 planning of a network infrastructure 01 theory
TRANSCRIPT
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
1/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Services
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
2/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Topics of Discussion Certificate Authority overview
Certificate Authority configuration
Smart card logon
Troubleshooting Certificate Authority
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
3/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Authority Overview Windows 2003 CA policies
Enterprise CA
Stand-alone CA
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
4/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Authority OverviewWindows 2003 CA policies
Enterprisepolicies
Stand-alone policies
Active Directory
Authentication
Certificate templates
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
5/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Authority OverviewEnterprise CA
Active Directory
Windows 2003 security model
Templates
CA certificate templates CA e nrollment
CA security model
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
6/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Authority Enterprise CA
CA enrollment
User domain authentication Computer auto-enrollment
CA security model
Controlling enrollment through DACLs (discretionary accesscontrol lists)
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
7/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Authority Enrollment
Web-based
Gr oup Policy
Hierarchy of Certificate Authorities
Enterprise
Intermediate Subordinate
Offline root CA
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
8/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Authority Enterprise CA security model
DACLS
Revoking certificates Renewing the CA
Certificate revocation lists CDP (certificate distributionpoints)
Publication
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
9/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Authority Stand-alone CA
Active Directory
Templates
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
10/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Certificate Authority Configuration Stand-alone CA
Stand-alone subordinate CA
Root CA
Enterprise CA
Root CA
Intermediate CA
Enterprise subordinate CA
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
11/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Smart Card Logon What is a smart card?
What is PKI (public key infrastructure)?
Active Directory and Kerberos concepts Authentication
Deployment
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
12/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
What Is a Smart Card?A smart card is essentially a miniature computer,
embedded inplastic in the form of a credit card, with
limited storage andprocessing capability.
The circuitry in a smart card derivespower from a
smart card reader after the card is inserted into the
reader.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
13/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
What is PKI?Apublic key infrastructure (PKI) is a set of
components that manages certificates and keys used by
encryption and digital signature services.
A good PKI must provide services for cryptographic
operations, certificate enrollment and renewal,
certificate distribution and validation, certificaterevocation,plus administrative tools and services for
managing all of the above.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
14/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Active Directory and KerberosConcepts
Kerberos
PKINIT Key Distribution Center
Authenticating service
TGS (ticket granting service)
Active Directory
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
15/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Authentication Interactive logon
Logon request
Certificate verification Offline logon
Remote access
Local versus domain logon
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
16/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Deploying Smart Cards Who should use smart cards?
Whatpolicies are needed?
Smart card required On smart card removal
Personal identificationnumbers
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
17/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
How Should Smart Cards BeIssued?
Smart Card Enrollment Station
Enrollment agent
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
18/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Troubleshooting Smart Card Logon
Strategies
Optimizations
Considerations
DSSTORE tool
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
19/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Effects of latency caused by Active Directoryreplication
Time lag for validity of Smart Card Enrollment Station
Authenticating domain controllers may not be aware of a newCA
Enrollment against an enterprise CA requires a root certificateto be in the chain
StrategiesStrategies
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
20/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Optimizations
Certificate revocation lists (CRL)
When a certificate is revoked, it appears in theissuers CRL
Smart card logon uses Microsoft Cryptographic
Application Program Interface (CryptoAPI) 2.0
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
21/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
CRLs are cached in the context of the useror
computer and updates occur after its expiration
Recommended CRL lifetime of 24 hours
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
22/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Considerations
Properly removing a root CA
Remove root CAs certificate from manually createdGroup Policy objects
Remove the root CA certificate from the rootcertificate store
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
23/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Delete certificates for the root CA
Properly removing a subordinate CA
The certificate should be revoked by its issuer
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
24/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
DSSTORETool Included in the Windows 2003 Resource Kit
Provides the following abilities:
Force auto-enrollment events Manage and verify certificates
List certificates in the enterprise
Troubleshoot certificate chains
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
25/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Wireless Networking
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
26/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Wireless Networking - any networking
that doesnt use a wire
Radio Waves - electromagnetic waves
that travel through the air and are used to
carry signals backand forth between
your device and an access point (twoways)
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
27/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Acc
ess Points - networknodes connecteddirectly to a wired local area network
(air wire)
Wireless Ports - devices that you plug intoa computer to enable wireless connection
-- PCMCIA wireless cards forportables
-- PCI and USB adapters for desktops
* Some computers nowadays come with thesedevices already built into the computers
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
28/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Used For Portables:
PCMCIA
wireless
card
PCMCIA wireless card
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
29/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
PCI and USB adapters
Used For Desktops:
PCI adapter
(inside)USBadapter
(outside)
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
30/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Common Types of Wireless Networking
IrDA
Bluetooth
IEEE 802.11
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
31/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
IrDA
Established in 1993
Cheap
Infrared connection (same basictechnology as
is used in a TV remote control)
Low power Very short range (3 - 6 ft)
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
32/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Bluetooth
Introduced in 1998
Emerging replacement for IrDA to
connect peripherals/devices to computers
or cell phones
Can connect up to 8 devices
Very low power Short range (typically within a room)
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
33/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
IEEE 802.11
Multiple flavors (802.11a, b, & g)
802.11b was first widespread technology.
802.11g is the latest technology and it offersthe same data rate as 11a, but uses the same
frequency as 11b.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
34/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Uses for Wireless Networking
Connecting mobile professionals/workers tocompany networks and to the Internet (instantdata when you need it)
-- Store clerks doing inventory
-- Store clerks helping customers get more infoona product
-- Airport gatepersonnel getting informationonplane status,passengers,
-- Managers in a meeting room sharing information
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
35/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
WLANs
Wireless networks come in three majormodes:
Ad hoc Infrastructure
Hybrid.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
36/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Ad hoc
Ad hoc mode refers to a wireless peer-to-peernetwork: that is, a network in which each device
(usually a PC) connects via wireless radio to
every other PC directly.
The primary technical distinction between ad
hoc and infrastructure networks is that
infrastructure networks use an access point,
while ad hoc networks do not.
you connect each PC as you require it, but in a
completely non-centralized way.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
37/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Ad hoc
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
38/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Infrastructure
Infrastructuremode refers to a wirelessnetwork controlled through a wireless access
point that generates the signals for the
individual devices to read through their wireless
network adapters.
The access point acts as a central traffic cop for
the signals, and because you place it physically
for the best possible reception, it provides more
reliable connectivity than ad hoc networks.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
39/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Infrastructure
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
40/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Hybrid mode Hybridmode consists of a combination of ad
hoc and infrastructure networks.
In this mode, you create an infrastructurenetwork, and you then create ad hoc networksamong the devices connected to theinfrastructure.
Hybrid mode maximizes the bandwidth of awireless network by relieving the access point ofthe need to handle all traffic; instead, PCstransmit data to one another when possible,leaving the access point free to relay data to and
from the wired LAN and to other access points.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
41/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Hybrid mode
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
42/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Wireless Security
Wireless SecurityVery Important!!!
Why is it important?
-- to control who is allowed in-- toprevent eavesdropping
Two mechanisms for enforcing security:-- Authentication (who are you?)
-- Encryption (coded)
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
43/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
IEEE Standards
IEEE 802.11 Multiple flavors (802.11a, b, & g)
802.11b was first widespread technology.
802.11g is the latest technology and it offers thesame data rate as 11a, but uses the same
frequency as 11b.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
44/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
IEEE 802.11b,a, & g
STANDARD 802.11b 802.11a 802.11g
SPEED
11 Mbps 54 Mbps 54 Mbps
RANGE
100 150 feet indoors 25 75 feet indoors 100 150 feet indoors
FREQUENCY
2.4Ghz, a band already
crowded with cordless
phones
5Ghz, an uncrowded
band
2.4Ghz, still a crowd
of cordless phones and
microwaves
ACCEPTANCE
Hot spots are already
established using b.
Equipment is readily
available.
More common in
corporate and office
environments.
g is compatible with
the specs for b,
meaning it can be used
on a networkbased on
b or g versions.
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
45/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Uses ofWireless Networking
Connecting mobile machines to support orservice centers
-- Elevators (Kone has 100,000 elevators in
Florence under service contract)
-- Cars (airbag discharged)
-- Vending machines
-- Tracking movement and status of big,expensive machines (forestry logging
equipment, )
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
46/47
ADVANTAGE PRO Chennais Premier Networking Training Centre
Uses ofWireless Networking
Making all ofour lives easier and better
-- Access to personal data and records while
away from home-- Entertainment
-- Use our computing devices throughout the
house rather than just one spot
-- Microwaves do all of the work for you
-- Groceries get sent straight to your door
-
8/6/2019 MCSE 04 Planning of a Network Infrastructure 01 Theory
47/47
ADVANTAGE PRO Ch i P i N t ki T i i C t
ALL THE BEST