Network Access Protection

Windows 2008 Server has Network Access Protection which is also known as NAP or NPS. This tool serves an administrative purpose to help organizations compare the security level in a computer on the network to the Server 2008′s policies. This comparison helps to determine if the computer is safe enough to join and use the Server. This is another way to help find if the computer’s ‘health’ is adequate as far as policy and the NAP can also analyze both the anti-virus program and if the firewall is installed. In an upcoming series, Windows 2008 Server will be reviewed.

Information on NAP from TechNet

Microsoft’s Deployment Guide

nps

Windows 7 VPN Setup

A Virtual Private Network is used to encrypt data from one computer to another.  If you need to setup a VPN in Microsoft Windows 7, create a user and shared folder on the host computer.  Once this is done, follow these steps-

On the Hosting Computer

1. Go to Control Panel and open Network and Sharing Center.

2. Click on Change adapter settings

3. Press Alt+F and select New Incoming connection…

4. Put a check mark by the user who will have access to this computer or configure a new account by clicking on Add someone… Click Next.

5. Put a check mark on Through the Internet. Click Next.

6. Select the protocols for this connection. Click Allow access.

USE IPV4

7. Make note of the Computer name as this will be used by the client to connect to this computer. Click Close.

8. An Incoming Connections icon will be in Network Connections. Your computer is now ready to accept incoming VPN connections.

On the Computer Dialing In

Open up network and sharing center from the Control Panel, and choose Set up a new connection or network.

Use My Internet Connection (VPN)

Type in the IP Address of the Hosting Computer – Click Next (leave the user information blank to be safe)

You will now have a small icon on your network icon (by the time) that will show the connection.  Clicking on this icon allows you to enter your username and password to connect.

AlphiMAX PTP Estimator provides an excellent way to align your wireless antennas

Need an excellent program to estimate your wireless bridges from building to building?  AlphiMAX provides an excellent online program to estimate your wireless links.

Sign up is easy and fast.  The PTP Estimator requires that you have the Latitude and Longitude of both buildings.  You can get an estimated Lat. and Long. from Google maps.  Find your location on Google maps (you should use a GPS) and right click on the location you want then select “What’s here?” .    This will provide the numbers you need.  Remember, it is best to use a GPS on each site where you intend to erect an antenna.

PTP Estimator

You can also search for a location by name by clicking the area in the center of the online application.  icon

Once you have the Lat. and Long., enter the numbers at the top of the online application.  Click Estimate.

Entering LatandLong

The interface will show you the terrain, Antenna height, compass information, Fresnel Zone Clearance, approximate altitude,  along with product information they provide.

Aligned

 

The estimator also offers a 3D view of your project if you have an active subscription.

AlphiMAX Company Overview
AlphiMAX provides products to help you with your wireless needs.

Your business and home needs a firewall…why?

So what happens when you install a firewall and make sure all operating systems on your home network are fresh installs?

craziness

 

You’ll probably see hits from foreign and U.S. IP addresses trying to make connections to your computers, phones and other devices on your network.   You’ll also notice common port numbers in the above log.  So what would happen if any of the services and ports were open?  It could result in the loss of data.

What should you do?  Install a hardware SOHO firewall and keep your OS firewall on.  While there are tons of other precautions you also need to take, ultimately this is a form of protection most home users and business users fail to implement.

Credit: Chris Davis

The Network folder specified is currently mapped

If you try to map a network drive and an error that specifies you are already mapped to the drive but are not, you can try several things.

Run services.msc
Stop the Workstation Service (This in turn will stop the Browser Service)
Restart BOTH services

Try to map the drive

Another fix may be to run the following from a command prompt.

cd \
net use * /d /y
NET USE /persistent:no
nbtstat -R
nbtstat -RR
ipconfig /release
ipconfig /flushdns
arp -d *
ipconfig /renew

 

This can be put into a batch file as a tool.  Open notepad and copy and paste the following:

net stop workstation
y
net start workstation
net start browser
cd \
net use * /d /y
NET USE /persistent:no
nbtstat -R
nbtstat -RR
ipconfig /release
ipconfig /flushdns
arp -d *
ipconfig /renew

Save the file as dumpcache.bat (be sure to change the extension to all).

You can now run this in an administrative command prompt window.

Best IT Professional sites on the web

It’s hard to find great quality information that can be used by IT professionals.  One of the best sites on the web is GEGeek.  This site offers information that is updated often and covers a wide range of IT resources and troubleshooting.  This versatile site offers answers to IT questions covering a plethora of topics from legacy to modern day resources.

No where on the net can you find this amount of information.

GEGeek

 

Rick over at What’s On My PC has another site that is one of the most resourceful sites on the web.
Bookmarks 4 Techs links to over 700+ sites and blogs on the web.  The site offers links, RSS Feeds, news and hundreds of other links.

Bookmarks4techs

How to flush the DNS cache on Mac, Linux or Windows

If websites are not appearing correctly, connections time out or if you cannot find a computer on a network, you may need to flush the DNS cache.  Here’s how to do it-

Microsoft Windows

- Go to a command prompt as an administrator
- Type ipconfig /flushdns

Linux

- Go to the terminal
-Type /etc/rc.d/init.d/nscd

Mac OS X Mountain Lion or Lion:-

- Go to the terminal
_ Type sudo killall -HUP mDNSResponder

Mac OS x

- Go to the terminal
- Type sudo dscacheutil -flushcache

iPad

Reboot it to flush the cache or turn Airplane Mode on and off.

Ultimately resetting the network settings on the iPad will flush the DNS cache.
To reset the Network Settings-

  • Tap the Settings icon
  • Tap General
  • At the bottom of the column tap Reset
  • Choose Reset Network Settings

iPhones and Androids can be repbooted (powered down) to flush the DNS cashe

Why do you subnet?

Why? The Golden Question

All over the internet you will find information on ‘How to Subnet’.   Suddenly you are thrown into a world of bits and binary and given charts of ‘How to Subnet’.   But why do you subnet?

Subnets are created to separate areas of your network for security and/or to hold down broadcasts.  Computers constantly ‘talk’ to each other.   If you have a network of 10 computers, the talking (opening files or programs) or broadcasting packets that are sent out during networking is not much traffic at all.   However if you have 10,000 computers talking and passing data, you will have thousands of computers passing data and your network will slow down from all of the information.   If you still don’t understand, invite 10 friends over for a get together.  It’ll get noisy but you can still hear every conversation.    Now, go to a rock concert with 10,000 screaming fans.   Get the picture.

Subnetting allows you to divide areas of your network out to prevent this.   So here comes the golden question.  How can you get them to ‘talk’ when you need to?   With the installation of a Layer 3 Switch or a router, these subnets can talk.

And for all of the folks who know a ton of details on the subject, this is just an example for people who are searching why to subnet.

Other Ways to Divide Your Network

Are there other ways to divide your network?  You can use VLANs.  Devices such as switches allow virtual lans to be set up.    By purchasing managed switches, you can separate different areas of your network thus separating areas for security and holding down traffic.

So now I know why – but how and don’t give me binary and all the fuzzy stuff!

The best explaination I have found is at this link.   A simple chart with examples!

Here’s my example -

Subnetting allows your network to become more efficient and allows you to separate your network by subnets.

Let’s say your network is on a 192.168.1.x numbering scheme.

How do you know what your network is?  Open a command prompt and type ipconfig.   See the gateway?  That is your starting number for your network.   The network allows 254 computers to be in the broadcast domain.

So if you do an ipconfig and see this-

192.168.1.125      - your ip address
255.255.255.0    - your current subnet
192.168.1.1           – your gateway (This is your router or firewall – the point leading to the internet)

Now let’s say you have 20 devices in your network.   How can you effectively hold down broadcast and prevent your router from building tables for each device?  How can you make it more effective and hold down traffic?   Actually without understanding binary, you can do this.   Remember this is basics and should help you understand.

You see under the current network, you can have 254 devices in your network.  Printers, routers, computers, tablets, netbooks, notebooks, etc.    The last set of numbers called an octet only goes from 1-254.   But lets narrow this down.

You can use a CIDR calculator online to determine how to tweak your network.   A good site is Subnet Calculator.   Go there and enter your router’s number in the ip field.   Now go down and enter a number close to the number of devices you have on your network.  In this example, enter 30.

Did you see where the subnet changed to 255.255.255.224?    (Did you notice that 224 + 30 is 254?)

Ok, now open your adapter settings by clicking the network icon at the bottom right corner and selecting Open Network and Sharing Center.

Now click on the adapter settings.

Right click and select properties on your adapter that is active.

Now select Internet Protocol v4

Enter an ip address statically (manually put it in).  Put in your new subnet and your gateway.   You must also put in your DNS or a public DNS server.  You should keep a list of each devices number to avoid any problems.  All ip addresses must be different on each device.

The only valid numbers in this broadcast domain now is – 192.168.1.1, 192.168.1.2, 192.168.1.3 continuing until you get to 192.168.1.30 (remember you chose to have up to 30 devices on your network.)  If you enter any number above this, you will get an error.

Error screen showing an ip address above what you selected.

If you get the above error screen, you have entered an invalid number.

After you select a number between 192.168.1.1 and 192.168.1.30, click OK and exit all screens by clicking OK.

If you do an ipconfig now, you will see this-

When you change subnets as the above example shows, you have to remember that you may lose connectivity to devices such as routers or network printers.   You will need to set devices such as servers and these devices on the same subnet so that whoever is assigned this subnet can communicate with them.

This by no means is a thorough subnetting lesson.   It can become much more complex by introducing multiple routers into your network, DHCP servers or other devices.   This is a simple how-to that shows you how broadcast domains can be more efficient.

Optimizing your server with more than one network card

New IT professionals may think that adding a second network card will improve throughput.  While this can be true, IT personnel need to be aware of several rules behind configuring multiple network cards.

Assuming the server will be in the same subnet, once the network cards are installed, several decisions have to be made.  Will the cards be independent and have separate IP addresses or will the cards be bridged and have the same IP address?

Two IP addresses

If you plan on installing two nic cards in your server and you want to use two ip addresses-

  • Make sure that licensing of software is not based on the MAC address of one of the NIC cards
  • Do NOT enable NetBIOS over TCP/IP – This can cause the name of the server to appear on the network more than once and an error will occur (multiple NetBT Event ID 4319 Errors stating “A duplicate name has been detected on the TCP network)
  • Use an internal DNS server – Client computers will use a DNS round-robin and routing tables will be built

One IP Address, multiple NIC cards

If you plan on using aggregation or the bridging of your network cards-

  • USE HP, Intel, Broadcom or other NICs that support teaming (drivers) – this is important so that the cards will be used together

Note- (Our recommendations)

  • Connect each NIC to a separate switch to ensure switchport flooding does not occur.”  Use switches that support IEEE 802.3ad
  • USE RSS and modify the registry appropriately to use multiple CPUs
    In Windows Server 2008, administrators can set the maximum number of RSS CPUs with the MaxNumRssCpus registry keyword in HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\Ndis\Parameters. TheMaxNumRssCpus value is a DWORD type and, if it is not present, NDIS uses the default value of 4.
    More information:
    http://msdn.microsoft.com/en-us/library/windows/hardware/ff570795(v=vs.85).aspx
  • To enable RSS:
    1. Open a command prompt as an administrator
    2. Type the following command, and then press ENTER:
      netsh int tcp set global rss=enabled
  • You may want to also enable TCP Chimney if your NIC card supports it. http://support.microsoft.com/kb/951037

Is TCP Chimney working? Type netstat -t if you see Offloaded during a connection, this feature is working

An excellent article on the use of multiple NIC cards http://blogs.technet.com/b/josebda/archive/2010/09/03/using-the-multiple-nics-of-your-file-server-running-windows-server-2008-and-2008-r2.aspx

Zyxel MWR102 tiny router/AP

Finally got my Zyxel Routers / APs in.  Promised pics earlier with our blog post earlier last week.  With a router/ap switch on the side and the ability to act as a router, ap or bridge, the routers came with two power supplies each, a CAT5 cable and a very powerful wireless signal.

IMG_3105

IMG_7049

tiny

As we go through the CWTS curriculum, students are exposed to many different types of routers.  The Zyxel MWR102 is a tiny router (only 2.9″ x 2.3″ x .6″) that you can use when in a pinch or even in a small apartment.

Zyxel

This tiny router packs a ton of features.  Under $20, the router’s specs prove it gives a full size router a run for the money.

Zyxel Specs- USB Powered 150Mbps Wireless-N Fast Ethernet Travel Router

Features:

  • Pocket-sized router/AP for internet access on-the-go
  • 3-in-1 Functionality – Router, Access Point, and Client Bridge
  • Wirelessly share a wired Internet connection with multiple friends, colleagues, or devices.
  • 802.11n wireless connectivity for data transfer rates of up to 150 Mbps
  • USB or AC power provide flexibility for any situation
  • Hardware Specifications:
  • Ports:
  • Two (2) 10/100 Mbps (1x WAN, 1x LAN)
  • One (1) MiniUSB (For Power)Power:
  • 5V DC USB
  • System Specifications:
  • Wireless Standard:
  • IEEE802.3, IEEE 802.3u
  • IEEE802.11n auto rate up to 150Mbps
  • IEEE802.11b/g compatible auto rate up to 54Mbps
  • IEEE802.1x MDI/MDI-X adaptive flow-control
  • IEEE802.1p
  • IEEE802.3x
  • IEEE802.3az
  • Operating Modes:
  • Router
  • Access Point
  • WiFi Client Bridge   Yep, even a wireless bridge…Wireless Security:
  • WEP, WPA-PSK, WPA2-PSK
  • Security:
  • 64/128-bit WPA/WPA2
  • SPI Firewall
  • WPS Setup
  • Routing and IP Management:
  • Static IP
  • DHCP
  • PPPoE
  • NATUnit Dimensions:
  • 0.61 x 2.93 x 2.32-inches (H x W x D)   Is anything smaller?

Where can you buy it?

Do you know about decimal formats and websites?

Over the years, you have learned that you can go to a website by simply typing the name of the website.  Such as -

http://www.wordpress.com

Did you know if you ping it, it will return the webserver’s address and you can use it to surf the web?

http://76.74.254.120

You can use this to troubleshoot your ISP.  How?  If your internet appears to be down, simple ping one of you favorite sites and then put the IP address into a browser.  If you can get to the website by doing this, more than likely your ISP’s DNS is down.

Now, did you know you can convert it to a decimal format and go to the website by typing the decimal value?

HTTP://1279983224

As mysterious as this may seem, networking gets even more complex.  DNS entries determine the name resolution to IP address.   Webservers can be clustered and have different entries for the hundreds or even thousands of variations of naming conventions.

The network command NSLookup can be used to see these servers.   Example:  Go to a command prompt – type
NSLookup http://www.wordpress.com and you’ll see multiple servers.

C:\Users\raven>nslookup http://www.wordpress.com

Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: lb.wordpress.com
Addresses: 76.74.254.123
72.233.69.6
66.155.11.238
66.155.9.238
76.74.254.120
72.233.2.58
Aliases: http://www.wordpress.com

If you ever get a decimal format in an email header and you wish to report the address as spam or as an abusive email, you can decoded it here.

To convert an IP address to a decimal format, use this site.

Here’s another small lesson using NSLookup.  Did you know you can find the email server’s information for more troubleshooting?  How?

First type nslookup and hit enter, then set the type by typing set type=mx and enter again.  Next type the website address and hit enter.

C:\Users\itisme>nslookup
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8

> set type=mx
> ttcshelbyville.edu
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
ttcshelbyville.edu MX preference = 10, mail exchanger = mail.ttcshelbyvill.edu
>

For more information on set type, visit Microsoft’s TechNet Library.

Improve Windows 7 networking

Here’s a set of quick tweaks to adjust Windows 7 networking.  Always backup your computer before performing any tweak.

Open a command prompt as an administrator and type the following -

netsh int tcp set global congestionprovider=ctcp
netsh int tcp set global ecncapability=default
netsh int tcp set global chimney=enabled
netsh int tcp set global dca=enabled
netsh int tcp set global netdma=enabled
netsh int tcp set global autotuninglevel=disabled
netsh int tcp set heuristics disabled

CTCP or Compound TCP – Improves throughput
ECN-provides routers with an alternate method of communicating network congestion
TCP Chimney Offload – Offloads all TCP processing for a connection to your network adapter
Direct Cache Access (DCA) – or direct cache access allows a network controller to deliever data directly to your cpu cache
NetDMA – enables support for advanced direct memory access.
TCP Autotuning – RWIN auto tuning behavior
Heuristics – Windows 7 has the ability to automatically change its own TCP Window auto-tuning behavior

To return to your default settings, go to a command prompt as an administrator and type -

netsh int tcp set heuristics default
netsh int tcp set global chimney=default
netsh int tcp set global autotuninglevel=normal
netsh int tcp set global congestionprovider=default
netsh int tcp set global ecncapability=default
netsh int tcp set global netdma=disable
netsh int tcp set global dca=auto

If you have trouble navigating to sites and time out to Facebook or Microsoft for example, or you want to improve your download speeds -you may need to set your MTU settings -

So what do you set your MTU to?  Normally your MTU is set to 1500.   Every connection is different.  First log into your router if you have one and set it to 1492.  Retry the sites that are timing out.  If this did not work, you may need to set the MTU on your network card.

Use TCPOptimizer for Windows XP, Vista or Windows 7 (easy) -

or you can go to a command prompt (as an administrator with elevated privileges) and type -

netsh interface ipv4 show subinterface

(to see the name of your network Interface – it is important to write down the MTU settings and network interface name at this time)

To set the MTU value to 1492, type the following command at a a command prompt (Note: You MUST substitute the name of your network connection  -

netsh interface ipv4 set subinterface “The Name of Your Connection” mtu=1492 store=persistent

Many users have reported an increase in download and internet speeds after adjusting their MTU to 1492.  This setting may not be the optimal setting everyone.

Optimize your Nvidia video card by overclocking it… Link