The A+ Certification & PC Repair Handbook (Charles River Media Networking/Security)

Windows XP includes expanded networking technologies not found in any other previous version of Windows. We will discuss the new and upgraded features of Windows XP networking in this section.

The first thing to know is how to view your IP configuration. There are two main ways. If you are familiar with or prefer the command prompt, you can launch CMD (Start > Run > CMD.EXE) and type “ipconfig”. This will give you an overview of your network adapter(s) and their IP configurations. Instructions about the advanced options for ipconfig are available if you type “ipconfig /? | more”. If you prefer to see your statistics inside Windows, then you may double-click on an active connection’s lights in the notification area (near the clock). You may also visit Network Connections in the Control Panel and double-click on an active connection icon. If you double-click on a disabled connection, then Windows will attempt to enable it.

Network Setup Wizard and New Connection Wizard

As with most common tasks in Windows XP, Microsoft has created wizards to guide users through the setup of a small home or office network, or manage Internet connections. The first wizard we will discuss guides you through setting up Internet Connection Sharing (ICS) using the included Internet Connection Firewall, and sharing files, folders, and printers. The Network Setup Wizard (Figure 28.4) is located in Network Connections, which can be found in the Control Panel. The Wizard is quite self-explanatory, and there are included diagrams that will try to describe your current or desired network setup so that you can easily configure it.

Figure 28.4: The Network Setup Wizard.

The New Connection Wizard, which is also available in Network Connections, gives you more flexibility and also allows you to perform Internet connectivity tasks not available in the Network Setup Wizard, such as selecting PPP over Ethernet (PPPoE). PPPoE is a technology used to encapsulate Point-to-Point Protocol (PPP) frames in an Ethernet packet. This is the networking frame type most commonly used with Asymmetric Digital Subscriber Line (ADSL) connections. In the previous versions of Windows, third-party software had to be deployed in order for Windows to support the PPPoE frame type, allowing your system to connect using ADSL. Windows XP now includes a built-in implementation of PPPoE that is more stable, compatible, and easier to use than most third-party PPPoE software. The New Connection Wizard is the best method for connecting a new computer to the Internet, as it has the most options available. If you choose the manual setup of an Internet connection in the New Connection Wizard, you can select from three types of connections. You may connect via a dial-up modem, using a broadband connection that requires a user name and password (most commonly used in ADSL or PPPoE), or just a simple broadband connection that is always on (such as a high-speed cable modem). The New Connection Wizard also allows you to easily set up a Virtual Private Network (VPN) or business-oriented dial-up connection. Finally, if you choose to set up an advanced connection to another computer, you have direct connection options such as serial, parallel, and infrared, or you may configure your computer to be a host for incoming direct cable connections.

Bridging and Internet Connection Firewall

In the Network Connections folder, your current connections and their status are listed. If a connection is present and enabled, but the actual cable is unplugged, you will see an icon of two computers with a red “X” over them. If a connection is present and plugged in, but disabled, you will see an icon with gray computer screens. Finally, if a connection is present and plugged in, and is working properly, the icon for the connection will have light blue screens on the computers. You can change the status of the connections by right-clicking on their respective icons, or selecting the icon and using the File menu. You have the options to repair, bridge, disable, or enable connections. The bridge option is unavailable via the File menu.

A Windows XP network bridge is a software solution for combining two or more local networks into one logical network. Computers on each of the two (or more) networks will be able to communicate with each other, share files and printers, and even share an Internet connection as though a hardware router or gateway were present. To create a network bridge, select two or more local networks by clicking on each network icon while holding the Control key, and right-click on one of the icons. Choose Bridge Connections, and a new local area connection icon is created. When a local network is added to a bridge, it loses its normal properties, such as IP address, client software, protocols, and so forth. The bridged connection will keep track of all IP settings, clients, protocols, and the list of local area connections that are included in the bridge in its Properties.

Windows XP includes a new feature that no other version of Windows has included before. There is a built-in Internet Connection Firewall (ICF) that can protect your network from unwanted incoming connections and traffic (see Figure 28.5). It cannot protect you from unwanted outgoing connections, such as those coming from spyware, malware, Trojan horse virus programs, and other hacker tools, and it is not designed for use on computers that are not directly connected to the Internet. Only users of the Administrator group can enable or disable ICF. You must also understand that if Internet Connection Firewall is enabled on a local area network connection with other computers, it will prohibit file and printer sharing.

Figure 28.5: Enabling Internet Connection Firewall.

To enable ICF, navigate to Network Connections, right-click on an Internet connection, and choose Properties. On the Advanced tab of the connection’s properties there will be a checkbox to enable ICF; and once enabled, the Settings button below it allows you to configure ICF further. On the first tab of Advanced Settings, called Services, you can enable access from the Internet to certain services on your firewalled machine. This basically prevents these services from being firewalled (blocked). The next tab, Security Logging, allows you to choose whether to log dropped packets, successful connections, or change the location and size of the log file. The log file is called PFIREWALL.LOG, and it is stored in C:\WINNT or C:\WINDOWS (depending on your installation) by default. The last tab, ICMP, contains options for enabling or disabling incoming Internet Control Message Protocol (ICMP) packets. ICMP is a special error message, status, and diagnostics protocol; and in contrast to TCP, it is connectionless. The common ICMP messages listed here, such as echo, are used to relay error and diagnostics information. ICMP echo, also known as PING (for use with the PING program), is used to determine whether a remote computer is responding, and to check the latency and integrity between your computer and the destination. Any ICMP echo data sent to a remote computer will be returned unmodified as soon as possible. The PING program will also report how long it took to relay the information and will even glean how many route hops a given packet had to take. The Time-To-Live (TTL) value reported by the PING program refers to how long the packet will route around the Internet before it is discarded (see Figure 28.6). If there were no TTL, packets would float aimlessly on the Internet for eternity. An example of a practical use for the PING TTL is as follows: if your PING packet’s TTL value is 255, and a PING response comes back with a TTL of 240, then you will know it took 15 hops through routers and other computers on the Internet before your packet reached its destination. Most TTL values are based on powers of two, with the exception of 255. Common TTLs include 32, 64, 128, and 255. If a TTL value is too small, the packet will not reach its destination and will be discarded prematurely.

Figure 28.6: Pinging localhost (127.0.0.1)

If an ICMP echo does not return at all, it does not necessarily mean the machine is down. It may be that there is a firewall, such as ICF, on the destination machine that is blocking ICMP echo (PING) requests. This tab is where you would specify whether you wish to block such messages. Other ICMP messages you can block deliver routing, status, and troubleshooting data, such as “destination unreachable,” and “parameter problem.” The practical uses for the other ICMP types listed here are beyond the scope of the test. At the most, you will only need to understand ICMP echo and the use of the PING program.

File and Printer Sharing

Like previous versions of Windows, Windows XP includes a peer-to-peer file and printer sharing client. It uses a packet protocol called Server Message Block (SMB). NetBIOS relies heavily on SMB packets to access network shares, networked printers, and send network messages. You can install File and Printer Sharing as a ‘client’ via the Properties of any connection icon in the Network Connections folder.

Windows XP Home contains only simple file sharing, but Windows XP Professional has two levels of detail for file and printer sharing. When you first enable File and Printer Sharing in Windows XP Professional, it is in simple mode. In simple mode, you do not specify which users and permissions will go to which files, folders, and printers. All users have access to all shares. Windows XP prefers that you use the Network Setup Wizard to safely share files and printers. To share files locally, you simply drag files or folders into the Documents folder for the All Users profile (located in C:\Documents and Settings\). If you wish to share files or printers remotely, Microsoft recommends you use the Network Setup Wizard.

For more power and flexibility in sharing files, folders, and printers, you can enable Advanced File Sharing (in Windows XP Professional only). To do this, open any folder (or My Computer), choose the Tools menu, then Folder Options. Under the View tab there is a list of checkboxes for folder options. The very last item is usually “Use simple file sharing (Recommended)”. If you uncheck this checkbox, you will have enabled Advanced mode. In Advanced mode, you must right-click on a folder or printer, choose Sharing and Security . . . , and you will be able to change all the typical settings for shared folders, such as the name of the share, the users, groups, and permissions for each object you are sharing, and even shared files caching (for offline use). The test is not likely to go into shared files caching. This type of sharing uses an Access Control List (ACL), just like all of the other secured objects in a Windows NT family operating system.

Категории