Windows 8

1. Windows 8 2. Module 1 - Installing and Deploying Windows 8. 3. Windows 8 editions. 4. Advantage of 64 bit Processor. 5. Minimum hardware requirement for Windows 8 6. Option for installing Windows 8 7. Installation of Windows 8 8. Upgrading and Migrating to Windows 8 9. What is Upgrading 10. What is Migration 11. Migrating User Data and Settings 12. Migrating using USMT ( User State Migration Tool ) 13. MBR - Master Boot Record 14. GUID - GPT Disk. 15. Disk Management tools. 16. Simple Volume 17. Spanned and Striped Volumes 18. Maintaining Disks, Partitions, and Volumes 19. Disk Quota 20. Device Driver in Windows 8 21. System Restore 22. LAST KNOWN GOOD CONFIGURATION 23. Configure and Trouble shoot Network Connections 24. What is an IPv4 Address 25. Default Gateway 26. Public and Private IPv4 Address 27. IPv6 Network Connectivity 28. IPv4 Address can be assigned by following types 29. Implementing Name Resolution 30. Trouble Shooting Network Connectivity 31. Implementing Wireless Security 32. Wireless network Technologies 33. What is Wireless Broadband? 34. IEEE 802.11 35. Wireless Network Configuration 36. Security Types 37. Implementing Network Security. 38. Configuring Windows Firewall 39. Ports and Application 40. Important Application, Protocol and Port Number 41. Configure Inbound and Outbound Rules 42. Securing Network traffic 43. Configuring Windows Defender 44. Managing File Access 45. NTFS Standard permission for FOLDER 46. Preventing Permission Inheritance 47. Different ways to Share Folder 48. RULE for setting NTFS + SHARE PERMISSION 49. Managing Printers 50. SkyDrive 51. Securing Windows 8 Desktop 52. User Account Types and Rights 53. Windows Authentication Methods 54. Important Security Features in Windows 8 55. Managing EFS Certificates 56. BitLocker 57. Configuring BitLocker To Go 58. UAC - User Account Control 59. Configuring Application. 60. Application Compatibility Issue 61. Resolve Common Application Compatibility Issues 62. Office 365 63. Windows Store 64. LOB (Line Of Business) and Sideloading 65. Configuring Internet Explorer Settings 66. AppLocker 67. Optimizing and Maintaining Windows 8 Client Computers 68. Performance Monitor 69. Commonly used Performance Counters 70. Resource Monitor 71. Managing Reliability of Windows 8 72. Managing Windows 8 Updates 73. Configuring Mobile Computing and Remote Access 74. Tools for Configuring Mobile Computers and Device Setting 75. Configure VPN Access 76. Data encryption 77. VPN Tunneling Protocols 78. Configure Remote Desktop and Remote Assistance 79. Remote Assistance 80. DirectAccess 81. Hyper-V 82. VHD 83. Managing Snapshot 84. Troubleshooting and Recovery Options for Windows 8 85. Enable and configure Windows 7 File Recovery 86. Advance Troubleshoot now option 87. Windows 8 System Restore 88. Using Windows PowerShell
Pr.Pg Next Pg

VPN Tunneling Protocols tutorials

  • Tunnelling enables the encapsulation of a packet from one type of protocol within the datagram of a different protocol. For example, VPN uses PPTP to encapsulate IP packets over a public network, such as the Internet.

  • Windows 8 support following four VPN Tunnelling Protocols

    • PPTP(Point-to-Point Tunneling Protocol)

    • L2TP/IPsec

    • SSTP

    • IKEv2

PPTP

  • Stands for Point-to-Point Tunneling Protocol.

  • PPTP allows multiprotocol traffic to be encrypted and then encapsulated in an IP header to be sent across an IP network or Internet.

  • PPTP can be used for Remote Access and Site-to-Site VPN connections.

  • When using the Internet as the public network for VPN, the PPTP server is a PPTP-enabled VPN server with one interface on the Internet and a second interface on the intranet.

  • Encapsulation: PPTP encapsulates PPP frames in IP datagrams for transmission over network. PPTP uses a Transmission Control Protocol connection for tunnel management and a modified version of GRE (Generic Routing Encapsulation) to encapsulate PPP frames for tunneled data. Payloads of the encapsulated PPP frames can be encrypted, compressed, or both.

  • Structure of a PPTP Packet Containing an IP Datagram

Description: Structure of PPTP Packet Containing IP Datagram

 

 

  • Encryption: The PPP frame is encrypted with Microsoft Point-to-Point Encryption, by using encryption keys generated from the Microsoft version of the Challenge-Handshake Authentication Protocol v2 (MS-CHAPv2), or the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) authentication process.

 

L2TP

  • Stands for Layer Two Tunneling Protocol

  • L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP or asynchronous transfer mode (ATM).

  • L2TP is a combination of PPTP and Layer 2 Forwarding (L2F).

  • L2TP represents the best features of PPTP and L2F.

  • L2TP relies on IPsec in Transport Mode for encryption services.

  • The combination of L2TP and IPsec is known as L2TP/IPsec.

  • Both the VPN client and server must support L2TP and IPsec.

  • Client support for L2TP is built in Windows XP, Windows Vista, and Windows 8 remote access clients, and VPN server support for L2TP is built in to members of the Windows Server 2008 and Windows Server 2003 family.

 

Encapsulation:

  • Encapsulation for L2TP/IPsec packets consists of two layers:

  • First layer: L2TP encapsulation

  • A PPP frame (an IP datagram) is wrapped with an L2TP header and a UDP header. The following figure shows the structure of an L2TP packet containing an IP datagram.

  • Structure of an L2TP Packet Containing an IP Datagram

Description: Structure of L2TP Packet Containing an IP Datagram

 

  • Second layer: IPsec encapsulation

  • The resulting L2TP message is then wrapped with an IPsec Encapsulating Security Payload (ESP) header and trailer, an IPsec Authentication trailer that provides message integrity and authentication, and a final IP header. In the IP header is the source and destination IP address that corresponds to the VPN client and VPN server.

  • Encryption of L2TP Traffic with IPsec ESP

Description: Encryption of L2TP Traffic with IPsec ESP

  • Encryption

  • The L2TP message is encrypted with either Data Encryption Standard (DES) or Triple DES (3DES) by using encryption keys generated from the Internet Key Exchange (IKE) negotiation process.

 

SSTP

  • Stands for Secure Socket Tunneling Protocol

  • SSTP uses the Secure Hypertext Transfer Protocol (HTTPS) protocol over TCP port 443 to pass traffic through firewalls and web proxies that might block PPTP and L2TP/IPsec traffic.

  • SSTP provides a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol.

  • When a client tries to establish an SSTP-based VPN connection, SSTP first establishes a bidirectional HTTPS layer with the SSTP server.

  • Over this HTTPS layer, the protocol packets flow as the data payload.

Encapsulation:

  • SSTP encapsulates PPP frames in IP datagrams for transmission over the network.

  • SSTP uses a TCP connection (over port 443) for tunnel management and as PPP data frames.

Encryption:

  • The SSTP message is encrypted with the SSL channel of the HTTPS protocol.

 

IKEv2

  • Stands for Internet Key Exchange version 2

  • IKEv2 uses the IPsec Tunnel Mode protocol over UDP port 500.

  • Because of its support for mobility, IKEv2 is much more robust to changing network connectivity.

  • This makes it a good choice for mobile users who move between access points and even switch between wired and wireless connections.

  • An IKEv2 VPN provides resilience to the VPN client when the client moves from one wireless hotspot to another, or when it switches from a wireless to a wired connection.

  • This ability is a requirement of VPN Reconnect.

  • The use of IKEv2 and IPsec enables support for strong authentication and encryption methods.

  • Note that IKEv2 is supported only on computers that are running Windows 7, Windows 8, Windows Server 2008 R2, and Windows Server 2012.

Encapsulation:

  • IKEv2 encapsulates datagrams by using IPsec Encapsulating Security Payload (ESP) or Authentication Header (AH) headers for transmission over the network.

  • Encryption:

  • The message is encrypted with one of the following protocols by using encryption keys that are generated from the IKEv2 negotiation process: Advanced Encryption Standard (AES) 256, AES 192, AES 128, and 3DES encryption algorithms.

Note:

  • To implement PPTP, you must configure your firewall to pass TCP Port 1723.

  • To implement L2TP, you must configure your firewall to pass UDP Port 500, UDP Port 1701, UDP Port 4500, and IP Protocol ID 50.

  • To implement SSTP, you must configure your firewall to pass TCP port 443

  • To implement IKEv2, you must configure your firewall to pass UDP port 500.

 

VPN Reconnect

  • VPN Reconnect uses the IKEv2 (Internet Key Exchange version 2) technology to provide seamless and consistent VPN connectivity.

  • VPN Reconnect automatically reconnects VPN connection when Internet connectivity is available again.

  • For example consider a user with a laptop that is running Windows 8. When the user travels to work in a train, he or she connects to the Internet with a wireless mobile broadband card, and then establishes a VPN connection to the companys network.

  • When the train passes through area without Internet Connection, the Internet connection is lost. After the train enters area with Internet connection, wireless mobile broadband card reconnects to the Internet automatically.

  • With Windows Vista and earlier client operating systems, VPN did not reconnect automatically and user needed to manually repeat the multistep time consuming process of connecting to the VPN.

  • With VPN Reconnect, Windows 7 and Windows 8 automatically reestablish active VPN connections when the Internet connectivity is re-established.

  • Even though the reconnection might take several seconds, users stay connected and have uninterrupted access to internal network resources.

 

Requirements for using the VPN Reconnect feature are:

  • Windows Server 2008 R2 or Windows Server 2012 as a VPN server

  • Windows 7, Windows 8, Windows Server 2008 R2, or Windows Server 2012 client

  • Public Key Infrastructure (PKI), because a computer certificate is required for a remote connection with VPN Reconnect. Certificates issued by either an internal or public Certificate Authority (CA) can be used.

Exercise Implement VPN Server

  • We need to install DHCP and Network Policy and Access Service Role on Windows Server 2008.

  • Select Server Manager

  • Expand Server Manager and Click Add Roles, Click Next

  • In Server Roles Select DHCP Server.

  • In DHCP Server Page click Next Button.

  • In Select Network Connection Bindings, Select the LAN Network Connection having Static IP address that will be used by client to obtain IP Address.

  • Click Next button

  • In Specify IPv4 DNS Server setting, specify Preferred and Alternate DNS Address

  • In Specify IPv4 WINS Server Setting, WINS is not required for application on this network.

  • Click Next.

  • Now create DHCP Scope, Click Add button and define scope as follows.

  • Give Scope name as VPN Clients

    • Starting IP address 192.168.1.151

    • Ending IP address 192.168.1.160

    • Subnet Mask 255.255.255.0

    • Activate this scope

  • Click Ok button

  • In Configure DHCPv6 Stateless Mode, select Disable DHCPv6 stateless mode for this server. Click Next button.

  • In Authorize DHCP Server, Enter administrator detail and click next button.

  • Click Install button for installing DHCP.

  • Again in Server Manager Click Add Roles

  • Select Network Policy and Access Services server role

  • Click Next button,

  • Select Remote Access Service and

  • Routing

  • Click Next button

  • After installing above role, Select Server Manager Expand Network Policy and Access Service Server Role,

  • Click Next button on Routing and Remote Access Server Setup Wizard.

  • In Configuration screen Select Remote Access (Dial-up or VPN) option and click Next.

  • In Remote Access Page select VPN and Click Next.

  • In VPN connection page - Select Network Adapter that will connect this server to the Internet. Click Next button.

  • In IP address assignment select Automatically and click Next.

  • In Managing Multiple Remote Access Server page select No, use Routing and Remote Access to authenticate connection request. Click Next.

  • In Completing the Routing and Remote Access Server setup wizard click Finish Button.

 

On VPN client do as follow.

  • On the Start screen, type Control Panel and select it.

  • In the Control Panel window, under Network and Internet, click View network status and tasks.

  • In the Network and Sharing Center window, under Change your networking settings, click Set up a new connection or network.

  • In the Choose a connection option dialog box, click Connect to a workplace and then click Next.

  • In the Connect to a workplace dialog box, select the Use my Internet connection (VPN) option.

  • In the Type the Internet address to connect to dialog box, specify an Internet address of 192.168.1.151 and a Destination name of cbtsam vpn, and then click Create.

 

Test VPN Connection

  • On the Network Connections page, right-click cbtsam vpn, and then click Connect/Disconnect.

  • In the Networks list on the right, click cbtsam vpn, and then click Connect.

  • Use the following information in the Network Authentication text boxes, and then click OK: Enter Username and Password

  • The VPN connects.

  • On the taskbar, click Windows Explorer and type \\ cbtsam

  • You will be able to connect to VPN server.


 

Pr.Pg border                                              Next Pg