354 Chapter 6  Configuring Networking FIGURE 6.17 Windows Firewall Settings, General tab FIGURE 6.18 Windows Firewall Settings, Exceptions tab 65348.book Page 354 Monday, October 22, 2007 4:27 PM Configuring Wireless Networking 355 Advanced tab Finally we have the Advanced tab. The Advanced tab has but two options. You can select which networks to use Windows Firewall with, leaving the unselected network open to all traffic, and you can restore the firewall defaults. Restoring the defaults removes all the exceptions you may have added and returns the firewall to its original state. Configuring Wireless Networking Wireless networking has come on strong in the past few years. Wireless networking is defined by the IEEE 802.11 standard. Also known as Wi-Fi, 802.11 comes in three flavors: a, b, and g. The differences relate mainly to the operating frequency and the available bandwidth. Understanding Your Wireless Network Table 8.2 outlines the various frequencies and bandwidths of the 802.11 standards. To utilize wireless networking in a permanent setting where a wireless network needs to exist full time, you need both a Wireless Access Point (WAP) and a wireless NIC in each com- puter. A wireless network that uses a WAP is known as an infrastructure network. All the devices must support the same standard of Wi-Fi; in other words, 802.11b NICs can only talk with 802.11b access points. It is not uncommon to find WAPs and wireless NICs that support multiple standards. When running in infrastructure mode, the WAP is hard-wired to the phys- ical network. All wireless clients must connect to a WAP in order to communicate with other wired and wireless devices. You can also create an ad hoc network using 802.11 wireless NICs. In an ad hoc network, several machines with wireless cards can communicate with one another without the use of an access point. Each machine in effect acts as both an access point and as a client. Ad hoc net- works are great for small meetings or for transferring large files from one machine to another in an area where a network connection is unavailable. TABLE 6.2 802.11 Wireless Type, Frequencies, and Bandwidth Wireless Type Frequency Max Data Rate 802.11a 5.15–5.825GHz 54Mb/sec 802.11b 2.4–2.5GHz 11Mb/sec 802.11g 2.4–2.5GHz 54Mb/sec 65348.book Page 355 Monday, October 22, 2007 4:27 PM 356 Chapter 6  Configuring Networking In either type of wireless network, you need several key pieces of information in order to have your machine participate: Service set identifier The service set identifier (SSID) is basically the name of the wireless net- work to which you are connecting. Depending on the security of the wireless network, the SSID may be broadcast for anyone with a wireless NIC to see. In some cases, to provide a more secure environment, the SSID will not be discoverable, so you must already know the SSID to connect to the wireless network. Security type When wireless networks are set up, the administrator needs to decide whether to use security. With an unsecured network, any person in range of the access point can con- nect to the wireless network and the resources on the wired network beyond. In many cases, administrators of wireless networks will choose to utilize security to prevent unauthorized access. With the security also comes data encryption. Several kinds of wireless security are available; the kind your organization is using will be based on the capabilities of the WAP that is being used. We will discuss wireless security and the requirements to connect to each one in the next section. Configuring Wireless Network Security You configure security on a wireless network by managing the properties for that wireless net- work connection. The pros, cons, and details of these various security methods are beyond the scope of this book; what is important is that you know how to configure Windows Vista to match the corresponding settings in use on your network. Managing wireless connection is done via the Manage Wireless Networks applet, which is available, like all other network applets in Windows Vista, via the Network and Sharing Center. To open the Manage Wireless Networks applet, shown in Figure 6.19, first launch the Network and Sharing Center and then select Manage Wireless Networks from the task list on the left side of the screen. Right-clicking on an available wireless network connection and selecting Properties opens the Wireless Network properties dialog box. To configure wireless security, select the Security tab. Depending on the type of security and encryption in use, you will see different options on this tab. Wired Equivalent Privacy (WEP) Wired Equivalent Privacy (WEP) is part of the 802.11 standard and is a means of securing a wireless network. The purpose of WEP is to make the communication between the computer’s NIC and the access point more secure than that of a standard radio broadcast. If the access point you are connecting to is using WEP, you need to configure Windows Vista for WEP and provide the correct security key and key index. To do so, open the Manage Wireless Networks applet from the Network and Sharing Center, right-click the network you want to set up, select Properties, and then select the Security tab. To configure WEP, set Security Type to Shared and select WEP as the Encryption Type. Doing so displays the WEP options shown in Figure 6.20. 65348.book Page 356 Monday, October 22, 2007 4:27 PM Configuring Wireless Networking 357 FIGURE 6.19 The Manage Wireless Networks applet FIGURE 6.20 The WEP options for wireless network security 65348.book Page 357 Monday, October 22, 2007 4:27 PM 358 Chapter 6  Configuring Networking WEP encryption uses a shared key encryption; that is, you have to enter the same key in the access point and on the wireless client. On an access point, you can enter up to four different keys, only one of which is used to secure the wireless connection. That is the purpose of the Key Index setting; it tells Windows Vista which key you have entered. If you correctly match both pieces of information in Windows Vista to that of the access point, you will be able to connect to the wireless network. The problem with WEP is that it’s weak. There are numerous, free programs available on the Internet that can crack your WEP encryption in less than 60 seconds, allowing unautho- rized users access to your network. Does that mean WEP is useless? It’s like the old saying, locks only stop honest criminals. If you use WEP, a casual user who stumbles across your wire- less network probably won’t take the time to hack you. On the other hand, if a malicious user wants into your network, WEP will not stop them from achieving this goal. Wi-Fi Protected Access (WPA) To address the weakness of WEP security, the Wi-Fi Alliance introduced a new wireless secu- rity standard called Wi-Fi Protected Access (WPA). If you use WPA, your wireless networks are much less susceptible to hacking. Two types of WPA are available: WPA-Personal and WPA-Enterprise. With WPA-Personal you need to specify a password, on both the access point and the NIC to secure the communication. This password should be long—at least 20 characters—and contain a mix of upper- and lowercase letters, numbers, and special characters. Again, as long as the settings on the access point and Windows Vista match, you will be able to communicate wirelessly. WPA-Enterprise is a bit more complicated. In order to implement the enterprise flavor of WPA, you need a Remote Authentication Dial-In User Service (RADIUS) server to authenti- cate your users. Using a RADIUS server also enables you to use smart cards for user authen- tication. Smart cards add an extra layer of security since that requires you have a physical card and know a password to access the wireless network. This is a solution appropriate only for larger businesses because of its expense and complexity. Summary Most companies and homes these days use some form of networking. This can mean a wired or wireless connection, and often this means access to the Internet. People use networks for just about everything, from banking to communication to shopping. Because of the increased popularity, networks have become more critical than ever before. We have also had recent breakthroughs in networking technology and equipments. All this increased network reliance and innovation has forced operating systems to keep up. Without at least a passing under- standing of networking, you will have a hard time configuring any operating system, and Win- dows Vista is no exception. 65348.book Page 358 Monday, October 22, 2007 4:27 PM Exam Essentials 359 This chapter examined network configuration as it relates to Windows Vista. We looked at the new hub of network configuration and management, the Network and Sharing Center. We learned how to view information on network discovery, network file sharing, and network printer sharing and how to change their configurations. We also looked at IP and the two protocols available, IPv4 and IPv6. For both technologies we examine the requirements and configuration options you need to understand in order to get Windows Vista working on an IP network. We talked about DNS and DHCP and how you go about configuring Windows Vista to utilize these network services. Next we looked at configuring connections to remote networks and computers. Using VPN, you can connect to remote networks, and using Remote Desktop and Remote Assistance, you can connect directly to the desktops of other machines. We looked briefly at how you configure wireless networks in Windows Vista. We also looked at setting up your wireless connections to work with different kinds of wireless security. Finally we took a quick look at two tools that will help you to secure Windows Vista on a network: IPSec and Windows Firewall. Exam Essentials Know how to configure the IP protocols. You should understand how to configure a machine with an IP address, subnet mask, and default gateway and be able to explain the function that each of these items provides. Understand the difference between IPv4 and IPv6. Know how to navigate the Network and Sharing Center. You should be able to identify when you should go to the Network and Sharing Center to find current status and make config- uration changes. Know how to access file sharing, Public folder, and printer sharing configuration options in the interface. Also understand how to read the setup and view network discovery infor- mation. Be familiar with the configuration changes necessary to share media on the local network using Windows Media Player. Know how to configure Windows Vista to work with network services. You should be able to configure Windows Vista to use both DNS and DHCP. You should also understand where to go to view this configuration information. Understand how to configure wireless networks. You need to know how to get Windows Vista to participate in a wireless network. You also need to understand how to configure wire- less security. Understand the network security options. Understand IPSec and how you configure Win- dows Vista to work with it. In addition, you need to know what Windows Firewall does and how to configure it. 65348.book Page 359 Monday, October 22, 2007 4:27 PM 360 Chapter 6  Configuring Networking Review Questions 1. In Windows Vista, nearly all network configuration settings can be managed from a single Control Panel applet. What is the applet? A. Network and Sharing Center B. Internet Options C. Windows Firewall D. Administrative Tools 2. After the initial setup of a Windows Vista machine, you notice that you cannot access any local network resources, such as shared folders, but you can access the Internet. You’ve verified that IP settings and DNS settings are all correct. What feature do you need to check? A. IPSec B. Windows Firewall C. Network Discovery D. DHCP 3. In a small office, your users have a need to share files with one another; these files are mixed file types and need to be updated in an ad hoc fashion. What is the simplest, yet secure, method for users to share these files with one another? A. Install SharePoint Server. B. Enable Public Folder Sharing on each PC. C. Have the users e-mail one another the files. D. Use a third-party file sharing application. 4. You are creating a file share for users on the network. You want to give them the ability to read the files from the share as well as write to the share with new files. What permission setting should you use? A. Read Write B. Contributor C. Reader D. Change 5. You have a user who cannot access her small office’s network-connected printer. Before any work is done, you ask the user to run IPConfig and read you the IP address of the PC before you begin troubleshooting and looking up the IP address of the network printer. The user reads you the following address: 2001:0:4136:e388:2cff:bd8:b9c4:3337, and the printer’s IP address is 192.168.64.12. What is the first step in correcting the connectivity issues? A. Check whether IPv4 is installed and configured correctly for the computer. B. Add a second network card to the computer with a 192.168.65.x address. C. Check Windows Firewall for blocked ports. D. Attach a local printer to the computer; Windows Vista does not support network printing in IPv6. 65348.book Page 360 Monday, October 22, 2007 4:27 PM Review Questions 361 6. You have just installed Windows Vista on a new laptop, and you are configuring it for your customer’s internal network. There is no DHCP server, so you need to manually configure a static IPv4 address. Your customer sent you information for the new PC, saying it should be set with an IP address of 192.168.65.30/16 and a default gateway of 192.168.10.1. What do you enter as the subnet for this IP address? A. 255.255.255.128 B. 255.255.255.0 C. 255.255.0.0 D. 255.0.0.0 7. In order for a PC to communicate with computers on its local network as well as a remote network, what pieces of information must be supplied to the network interface? (Choose all that apply). A. IP address B. WINS C. Default gateway D. IPSec filter E. DNS IP address F. Subnet mask 8. For an IPv6 IP address of 2001:fe32:4136:e388:2cff:bd8:b9c4:3337, with a subnet prefix length of 32, what is the subnet? A. 2001 B. 2001:fe32 C. 2001:fe32:4136:e388 D. b9c4:3337 9. You are configuring a Windows Vista computer that will be used in two different networks: one at the user’s company network and one used at the user’s home office. The company net- work issues IP addresses via DHCP; the home office uses static IP addresses. How do you con- figure the computer’s network connections to always work regardless of location without user intervention, and with the least amount of work? A. Install two network cards. Configure one for each network. B. Write a batch script to change the network settings based on location; have the user run the script when they change locations. C. Install a DHCP server at the regional sales office. D. Configure the network card’s connection settings to use DHCP, and configure its alternate configuration to use a static IP address. 65348.book Page 361 Monday, October 22, 2007 4:27 PM 362 Chapter 6  Configuring Networking 10. Several new Windows Vista computers were ordered and delivered to a remote office. The users in the office unpacked, set up, and powered up their own machines. You get a call shortly afterward saying that, while users can connect to one another, they cannot connect to the Inter- net. Additionally, they cannot use existing network printers, nor can they connect to their file server. There is no DHCP on the network in their office; what configuration change must take place to resolve this issue? A. Assign static IP addresses with the correct subnet masks. B. Reconfigure the network location to Public. C. Have the users disable Windows Firewall. D. Install IPv4. 11. You have set up a new inkjet printer and installed it on your local Windows Vista computer. There are two other computers that connect to the wireless LAN and use the Internet through the home router. You would like to allow others to use this new printer without connecting to the USB cable now connected to your computer. What should you do? A. Turn Printer Sharing on. B. Turn Windows Firewall off. C. Go to the Properties of the Printer and select Share. D. Provide the other users with your password. 12. What Windows Vista feature allows a single connection, such as a dial-up modem connection, to be shared among multiple computers from a single computer on the local network? A. File Sharing B. Internet Connection Sharing C. Remote Desktop D. IPSec 13. What information do you need to configure a connection to a wireless network running WEP? A. The security key and the password B. The security key and the key index C. The password and the RADIUS connection information D. The key index and the password 14. Which of the following are valid IPv6 addresses? (Choose all that apply.) A. 2001:0:4136:e388:2cff:bd8:b9c4:3337 B. 3ffe:0501:0008:0000:0260:97ff:fe40:efab C. ff02::1 D. 2626:E3D7:0000:0000:0000:51F4:9BC8:C0A8:6420 65348.book Page 362 Monday, October 22, 2007 4:27 PM Review Questions 363 15. A user is trying to write a file to your computer’s Public folder but is receiving an error. He knows he can access the share because he can see and open files from the Public folder from his computer. What can you do? A. Set the Public folder permissions to Modify for that user. B. Modify the properties of the share. C. Change the Network and Sharing Center option Public Folder Sharing to Turn On Sharing So Anyone with Network Access Can Open, Change, and Create Files. D. Change the Network and Sharing Center option File Sharing to Turn On File Sharing. 16. You want to set up a share, but need to restrict access to those who have accounts on the local computer. This will prevent all users but those who have an account from getting access to the share. What should you do to achieve this configuration? A. Go to the Network and Sharing Center and turn on Network Discovery. B. Go to the Network and Sharing Center and turn on File Sharing. C. Go to the Network and Sharing Center and turn off Password Protected Sharing. D. Go to the Network and Sharing Center and turn on Password Protected Sharing. 17. Users are trying to access a file share on your computer, but they get prompted for a password. You want users to access the file share without the need for a local account. What can you do to avoid a prompt for a user name and password? A. Modify the permissions of the share to Contributor. B. Change the permissions of the individual files to Modify. C. Open port 445 in the Windows Firewall. D. Open Network and Sharing Center and set Password Protected Sharing to off. 18. You installed a wireless network in your home, via the addition of an 802.11a wireless access point. You need to configure your Windows Vista machine to use the wireless network. After obtaining the security information for the access point and configuring your 802.11b wire- less card with the correct settings, you cannot access the wireless network. What needs to be changed? A. Install an 802.11a wireless card in your machine. B. Update the drivers for your network card. C. Unblock the corresponding ports in Windows Firewall. D. Install IPv6; 802.11b is only supported on IPv6 networks. 65348.book Page 363 Monday, October 22, 2007 4:27 PM [...]... pinging Google.com from a Windows Vista machine: C:\>tracert google.com Tracing route to google.com [64.233.167.99] over a maximum of 30 hops: 1 1 ms 1 2 2 ms 2 3 56 ms 56 [67.42. 184 .1 98] 4 56 ms 56 [67.42. 184 .93] 5 56 ms 56 [205.171.152.65] 6 56 ms 56 [205.171.152. 58] 7 69 ms 70 [205.171 .8. 1 98] 8 82 ms 83 [67.14 .8. 10] 9 83 ms 83 [205.171.139.162] 10 82 ms 83 11 83 ms 90 12 84 ms 84 13 83 ms 92 ms ms ms . cls-core-02.inet.qwest.net [205.171.152. 58] 7 69 ms 70 ms 70 ms kcm-core-02.inet.qwest.net [205.171 .8. 1 98] 8 82 ms 83 ms 82 ms cer-core-01.inet.qwest.net [67.14 .8. 10] 9 83 ms 83 ms 100 ms chx-edge-01.inet.qwest.net [205.171.139.162] . chx-edge-01.inet.qwest.net [205.171.139.162] 10 82 ms 83 ms 84 ms 63.144.64.134 11 83 ms 90 ms 83 ms 216.239.46.5 12 84 ms 84 ms 83 ms 66.249.94.135 13 83 ms 92 ms 89 ms 72.14.232 .70 653 48. book Page 372 Monday,. TTL=1 28 Reply from 192.1 68. 0.2: bytes=32 time<1ms TTL=1 28 Reply from 192.1 68. 0.2: bytes=32 time<1ms TTL=1 28 Reply from 192.1 68. 0.2: bytes=32 time<1ms TTL=1 28 Ping statistics for 192.1 68. 0.2: