Windows Enterprise Architecture
By Lawrence Hardy of N/A
The Infrastructure of Microsoft Windows 2000 Server
Project Background A hypothetical company Ebony Pharmaceuticals Corporation (EPC) is used to transition the paper to different topics. Ebony Pharmaceuticals employs more than 10,000 people nationwide. Ebony specializes in providing low cost generic prescription medicines and over-the-counter pharmaceuticals for humans and animals in the United States and in third world nations. A breakdown of employees by occupation show there are 3401 sales consultants, 1700 members of medical research, 2200 administrators, accountants, and office workers, 1635 truck drivers and dockworkers, and more than 2230 production line workers. EPC corporate headquarters are in Chicago. The Chicago offices are responsible for the overall administrative decisions for the company and executing the stated mission. The Chicago offices are, also, responsible for marketing, the hiring of top executives at the satellite branches, federal and state lobbyist, and the allocation of company resources. EPC operate four regional centers in Kansas City, Missouri, Yakima, Washington, Houston, Texas, and San Diego, California. The Kansas City site specializes in medical research and development. The Yakima site focuses on sales and accounting. The San Diego and Houston sites serve as hubs for domestic and international shipments to Southeast Asia, Latin America, and Africa. The current computing network for EPC is a menagerie of Macintosh, Linux, and Netware computing products that slow convergence of routers and replication on the WAN connections. In addition, the pluralistic computing environment increases the administrative problems. Operational Structure The first task in designing a network infrastructure is to understand how the company is organized — operationally, physically, and administratively. The operational environment of Ebony Pharmaceuticals defines how it distributes and manages its resources. The size of a company influences its operational structure. Most companies fits neatly into one of four categories local, regional, national, and international. EPC is not a large multinational conglomerate. It does not have offices in Jamaica, Nigeria, Thailand, or Latin America. It limits its business operations to inside the United States and contracts it products to third parties inside other nations. Nor does EPC fit the definitions of either a local or a regional organization. Therefore, EPC is a national organization. The Chicago headquarters organizes four regional hubs. The organizational structure at each regional hub consists of seven departments: marketing, human resources, training, sales, receiving, shipping, and administration.
Ebony Pharmaceuticals operational environment.
Table 1
Ebony Pharmaceutical Operational Environment
Design Criteria Details
Operational Size
Ebony Pharmaceuticals as a national organization with offices in San Diego, Houston, Chicago, Kansas City, and Yakima, Washington
Operational Structure
The Four satellite locales perform administrative, receiving, shipping, human resources, sales, and training. The Chicago offices dictate the direction each locale take in marketing (Kone, Boggs, & Perez, 1999).
Physical Structure The second phase in developing a design for deployment of network services requires assessment of the physical environment of the company. Important categories to consider while assessing the physical environment include the following: the number of employees at each location, the bandwidth, and speed at each of the satellite branches, the speed of the WAN links between the LANs, the TCP/IP networks, and the future growth of the company. The table below Table 2 Ebony Pharmaceuticals Physical Environment
Design Criteria Details Number of Employees Houston, Tex 1500 user
San Diego, CA 2200 users
Kansas City, MO 1100 users
Chicago, IL 4500 users
Yakima, WA 1600 users Speed of local network All LANs are 10MB switched, collapsed into a 100MB fiber backbone Speed of remote network links
Chicago - Houston 1.544 Mbps
Chicago - San Diego 1.544 Mbps
Yakima – Chicago 512 Mbps
Kansas City – Chicago 512 Mbps TCP/IP
Chicago 172.20.0.0
San Diego 172.21.0.0
Houston 172.22.0.0
Yakima 172.23.0.0
Kansas City 172.24.0.0 Organization of remote links, All locations joined at the Chicago core (Kone, Boggs, & Perez, 1999). Proposed Solution The following solution is proposed for Ebony Pharmaceuticals. First, upgrade the servers to Windows 2000. Second, upgrade all client computers to Windows 2000 professional. Third, replace computers where needed either client computer or server that does not meet the standards established for Window 2000. Finally, establish a uniformed wireless network that is readily accessible by client computers company-wide. Utilize Windows 2000 to plan for the future of WLAN technology and growth potential. Benefits According to Rist (2001), the list of advantages Windows 2000 has over Windows NT: better security, better performance, better stability, a better web server, and better management capabilities. The old Windows NT Directory Service (NTDS) delivered a flat, non-hierarchical directory architecture that segments portions of a corporate directory into domains, forcing administrators to establish trust relationships. Setting up and maintaining inter domain relationships proved arduous. Windows 2000 eliminates the labor overhead with Active Directory. Administrators can transfer their flat file system and convert them into Windows 2000 hierarchical structures with domain trees and organizational units with their own internal hierarchy (Davis, 1997). Domain Naming Service (DNS) is an integral component of Windows 2000. Unlike Windows NT, which relied on NetBIOS and WINS to provide name resolution, Windows 2000 relies on TCP/IP. The use of TCP/IP reduces network traffic created by NetBIOS broadcasts and speeds convergence of domain servers. Furthermore, DNS when integrated with DHCP creates Dynamic Domain Naming Server (DDNS) to automate renewal of DHCP leases. DDNS allows DNS clients not revolvers to update DNS databases. When DNS zone data is stored in Active Directory, good things occur. The combination of DNS and Active Directory crates the Active Directory Integrated Zone (ADI). ADI zones have distinct advantages over regular DNS zones. In ordinary DNS zones, data is store in plain text, unsecured with authentication, and not replicated. With ADI zones, Active Directory encrypts the files and is responsible for replications (Robichaux & Chellis, 2001). Another factor influencing the decision to migrate to Windows 2000 is cost. For example, when a company upgrades its infrastructure it is trying to reduce overall labor expenses for a given period. In a study sponsored by Microsoft, the analyst firm NerveWire Inc. concludes businesses experience significant time and cost savings from the increased manageability of Microsoft Windows 2000. Specifically, businesses deploying and configuring Windows 2000 Professional can expect an average cost savings of $279 per client versus the Windows NT 4.0 operating system with Workstation, Windows 95, or Windows 98 clients (Microsoft, 2000). Risk Management All projects are vulnerable to a variety of disruptions. Among them are personnel changes, improper planning, inadequate testing, equipment failure, vendor shortages, fire, staff training, and economic downturns. Implementing technical and contingency management plans as part of the organization’s overall project plan may mitigate many vulnerabilities and political issues. Examples of risks with this project are listed below: • The schedule is an optimistic baseline rather than the expected baseline and does not have built in slack time for more testing.
• Project lacks an effective upper management sponsorship
• Costs and benefits of project not adequately analyzed
• End-Users introduce new variable after an agreed upon specifications are complete.
• The consultants under estimates the time constraints and does not deliver components as promised.
• Staff lacks the technical know how to implement the network.
• Training of Network Administrators too costly or demanding of staff.
• Information Technology Department not properly staff.
• Staff defections for better paying jobs
• Project scope not well defined and project outgrows original goals or budget.
• Political bickering between department heads over domain design
• LAN infrastructure intractable and has to be rebuilt.
• WAN links and routers outdated. The management of risk mitigation is built into the project. There are two places where schedule pressure and unforeseen circumstances may delay the completion of the project. The first probable delay is the development, design, and building the infrastructure. The second delay may occur during system testing on a prototype before deployment. Built-in slack time guards against unforeseen contingencies. If a contingency should arise, the originator should follow the Risk Management procedures and submit to the appropriate risk management form to alert the team. The project manager with consultation and the advice of department heads will assign the risk for research, to be accepted or to be rejected as valid (Schwalbe, 2003). Project Scope The project objectives are to upgrade software for all employees in approximately six months. This project exists in two phases. The first level of the project consists of software upgrading. The software phase comprises two levels. The first level, entails migrating all the Windows NT and UNIX servers software to Windows 2000. The second level consists of migrating all clients using Linux, Windows 98, and Windows for Workstations to Windows Professional 2000 software. The first phase of the project, also, includes of training of the Information Technology staff to accommodate the metrics established by the implementation of Windows 2000. Training will be ongoing and simultaneous with the software and hardware upgrade. The second phase of this project involves hardware replacement. Windows 2000 Professional has specific hardware standards. Any client computer not meeting the Windows 2000 Professional requirements for storage, ram, and processor speed must be replaced.
The final phase of the project involves standardizing all WLAN infrastructure hardware and software. The primary goal of this project is to install, access points, routers, and software based on Wi-Fi 802.11g technology. Additionally, 802.11g technology is backwards compatible with 802.11b technology. Therefore, the initial goal is to upgrade and eliminate all 802.11a technology. Current Network Infrastructure LAN The current network structure of Ebony Pharmaceuticals is Windows NT 4.0. Windows NT 4.0 used NetBIOS combined with Windows Internet Naming System (WINS) to identify other computers on a LAN.
NetBIOS
In summary, NetBIOS (Network Basic Input/Output System) is a program that allows applications on different computers to communicate within a local area network LAN. IBM created it for their PC Network. Microsoft later adopted it for their Windows NT network operating system. Prior to the introduction of Windows 2000, NetBIOS was the de facto industry standard for LAN applications. It is still not uncommon to find NetBIOS implementations for Ethernet, Token Ring networks as part of NetBIOS Extended User Interface (NetBEUI). In fact, three years after the introduction of Windows 2000, 70 percent of corporate Windows servers are running Windows NT 4.0 (Ryan, 2003). Analysis shows NetBIOS is a session-level interface use by computers and other network hosts to communicate with NetBIOS-compatible transports. NetBIOS is responsible for establishing logical names on the network and establishing sessions between two logical names on the network. Additionally, NetBIOS supports reliable data transfer between computers that have established a session.
Name resolution in a NetBIOS network depends on broadcasts. All nodes on the LAN hear a newly attached client making a Name Registration Request (NBR) broadcast. If the name is not already taken, then the client assumes that it has permission to use the name and issues a Name Overwrite Demand. If the name is previously assigned, then the computer or device with the name sends the requesting computer a Negative Name Registration Response datagram. The requesting client does not have permission to use the name and rebroadcasts for another NBR until it resolves a name. There are several drawbacks to the NetBIOS LAN computing environment. For one, the broadcast for name resolution consumes significant bandwidth in the network. Another, every node in the LAN examines every broadcast decreasing the functionality of the network. Third, NetBIOS does not support routing across wide area networks (WAN).
NBR broadcast works well inside small LAN environment. However, as a LAN grows and eventually merges into a WAN, this method is not effective. The NBR broadcasts NetBIOS uses to resolve names causes large LANs to experience bandwidth problems and the introduction of routers rendered the system inoperable (Microsoft, 2004).
LMHOST Microsoft introduced LMHOST to solve the problems with routing and remote NetBIOS name resolution. The LMHOST files were similar to the HOST files used on the Internet prior to the creation of DNS. However, LMHOST limitations far over-shadowed its benefits. First, like the HOST files the files LMHOST files are static. Second, LMHOST files are manually updated. Third, LMHOST files are not replicated to other domain controllers. the introduction of Dynamic Host Configuration Protocol (DHCP) spelled the doom of LMHOST. DHCP exacerbated the shortcomings of LMHOSTS file. Because DHCP server assigns IP addresses to clients dynamically, manual updates for LMHOST becomes almost impossible as a LAN evolves (Microsoft, 2004). WINS Microsoft initially solved its NetBIOS routing problem by introducing NetBIOS over TCP/IP (NBT). However, NBT still make Name Registration Request broadcast over TCP/IP networks. To resolve the NBT broadcast problems Microsoft introduced Windows Internet Naming Service (WINS).
WINS servers listens to the NBT broadcasts, collects them in a central location, and serves as a clearinghouse for NetBIOS naming information. WINS then provides a service that maps the NetBIOS names to IP addresses. WINS mapping consists of five easy steps: 1. Each time a WINS client starts, it registers it NetBIOS name and IP address with the WINS server.
2. When a WINS client wants to communicate with another computer, the NBT query is sent to the WINS server instead of broadcasting.
3. If the WINS sever finds the destination in its database, it sends the results to the WINS client. It only permits the NBT broadcast if the destination is not in its database.
4. WINS servers receive updates from each client on the network. As a result, its database is always current.
5. Multiple WINS servers on a LAN automatically replicate their databases according to specification of the network administrator (Robichaux & Chellis, 2001). WAN The common definition of a wide area network (WAN) is two or more Local Area Networks linked together. For EPC, all together, there are four LANs. The Chicago offices serve as the hub for all routes in the WAN. The links to Houston and San Diego are faster than the links to Kansas City and Chicago. The routing protocol used by all the sites is Open Shortest Path First (OSPF). OSPF is a link-state routing protocol that sends link-state advertisements (LSAs) to all other routers within the same hierarchical area. Information sent to neighbor routers include attached interfaces, metrics used, and other variables about OSPF LSAs. As OSPF routers accumulate link-state information, they use the SPF algorithm to calculate the shortest path to each node.
The WAN links rely on leased lines connection with fractional T1 connections to Kansas City and Yakima and full T1 connections to Houston and San Diego. The WAN speeds to Kansas City and Yakima are 512 Megabytes per second (Mbps). The WAN speed to San Diego and Houston is 1.544 Mbps. Windows NT 4.0 WAN Link provides two methods of remote access connectivity, dial-up remote access, and Virtual Private Networks (VPN). WLAN The original infrastructure for EPC did not include plans for WLANS. As the technology advanced, each satellite office spliced their WLANs and LANs together based upon the skill sets of their local Information Technology staff. The resulting cacophony in WLAN structure and technology created connectivity problems for visiting executives. For example, if the lead researcher in Yakima visits the corporate headquarters in Chicago, he or she could not attach to the local infrastructure or join in an ad-hoc network because the Yakima WLAN utilizes 802.11a while the access points in Chicago utilize 802.11b. The WLAN problem is more aggravating when company officials visit Kansas City where infrared technology is the medium for WLAN. Infrared is the most secure form of WLAN but it cannot communicate with the radio signals. Table-3 shown below summarizes the WLAN structure at each location within the company. Table 3 Ebony WLANS Design Criteria Details WLAN Chicago 802.11b
Yakima 802.11a
San Diego no WLAN
Kansas City IrDA
Houston 802.11b Proposed Infrastructure The proposed infrastructure for Ebony Pharmaceuticals moves the company from the WINS, NetBIOS, and Windows NT 4.0 operating system to the Windows 2000 operating system. The new Infrastructure is more compliant with networking standards and TCP/IP client name resolution. The reasoning for the switch originates with the determination that Microsoft continues to dominate 90% of the desktop software and operating systems. Second, Microsoft’s decision to obsolete its proprietary WINS/NetBIOS in favor of standard more aligned with Internet features assures future growth and flexibility. Third, DNS and DHCP are networking standards based upon TCP/IP opens the door to reduce cost. Finally, Active Directory the centerpiece of the new operating system centralizes administrative workloads and increases network security. Finally, the current state of the WLAN needs revamping. Presently there is no continuity, each of the five sites have designed systems based upon the skill of the professionals. The new system will make compatible a WLAN networks compatible with 802.11g. DNS With the introduction of Windows 2000, Microsoft replaced the Windows NT name resolution schema of NetBIOS and WINS with TCP/IP and DNS. DNS dynamically changed the way clients resolved names on a Windows based network. Although the WINS server was dynamic and work well within a Microsoft Network, it was not standardized to the Internet and TCP/IP.
DNS was developed to accommodate the growth of the Internet. History tells us in the late 1970’s, there were few computer networks on the Internet. Their names and IP addresses were stored on a single file named HOST stored at the Stanford Research Institute Network Information Center. The HOSTS file was a flat file system that required manual updating for any change that occurred on the Internet. whenever an addition to a computer network took place, the entire HOSTS file was downloaded and manually updated to reflect the additions to the network. The original goal of DNS was to replace the HOSTS file. DNS is a lightweight, fast, distributed hierarchical database that automatically maps names to IP addresses. DNS is a set of protocols that permit utilization of user-friendly names instead of IP address. DNS protocols perform two tasks to define: (1) a mechanism for querying and updating address information in the database, and (2) a mechanism for replication the information in a database among servers and schema in a database. Once the DNS services are installed, an administrator configures the server to play one of three roles: Caching only server, Primary DNS server and Secondary DNS server. The Caching only server contains a list of Internet root servers. Any time a DNS server resolves a host name to an IP address, it stores the data in its cache file. The primary server is the owner of all zone files in the DNS database. The primary DNS server has authority to makes changes to the database files. Briefly, a zone is a database tree that is part of the DNS database administered as a single entity. A secondary DNS server receives updates from the Primary DNS server through zone transfers. Secondary servers cannot make changes to the DNS database. Their role in the DNS scheme is passive until the primary DNS server becomes unavailable (Huggins, 2003). DNS has been used on the Internet for many years. DNS automatically translates the network name of a computer on an Internet into a user-friendly name suitable for human interface. In other words, DNS services translate a Fully Qualified Domain Name (FQDN) or URL to its dotted decimal IP Address. A FQDN consists of a host name and a domain name The URL www.microsoft.com is an example of a FQDN. DNS maps or resolves the Microsoft URL to its IP address 65.112.30.52. There are two processes DNS uses to resolve the FQDN to IP addresses: iterative queries and recursive queries. Iterative queries from a client, DNS uses only the Cache only server and zone information to return the best possible IP address for the client inquiry. If the DNS server does not have the answer, it may refer the client to another DNS server for a suitable answer. Recursive queries from a client require the DNS server to respond with the IP address or submit an error message. The DNS server may not refer the client to another DNS server The DNS server queries other DNS servers until it finds the correct response for the client request or the request fail (Robichaux & Chellis, 2001). Resource records (RRs) compose the DNS database. Each RR identifies a particular resource within the database. DNS databases are divided into zones for administrative needs. Briefly, a zone is an administrative tool that defines a sub-tree in DNS database. DNS zones are considered single units. The zone contains the resource records of the owner names that are part of the contiguous DNS namespace. Zone files are maintained on multiple DNS servers. DNS Zones have more than one server; a zone configured as a primary zone on one server may be configured as a secondary zone on another server. The first record in the DNS file is a Start of Authority (SOA) RR. The SOA RR defines the primary DNS name server for the zone and the authoritative server for the zone. The root domain anchors each zone. All names within a zone contains information zone’s root domain name. A DNS server is considered authoritative if it loads the zone containing the root name (Robichaux & Chellis, 2001). DHCP The DHCP server automates the assignment TCP/IP addresses to clients along with the correct subnet mask, default gateway, and DNS server. When integrated with DNS, it creates Dynamic Domain Naming Service (DDNS). DDNS permits clients not the DNS resolver to update the DNS database. The DHCP relay agent allows clients on differing networks or segments. DHCP relay agents are necessary because DHCP broadcast do not cross routers. The relay agent examines the packet and makes appropriate changes to it, and then relays the packet to a DHCP Server. The relay agent acts like a radio repeater listening to DHCP client request then retransmits them to the network server. DHCP evolved from BOOTP. In summary, BootP is as a TCP/IP protocol used by a diskless workstations or network computers (NC) to obtain IP addresses and other network resources. Whereas BOOTP processes static allocation of IP address; DHCP process IP address assignment in three modes: dynamic, automatic, and manual. In dynamic mode DHCP, allocation provides the host with an IP address associated with a finite lease period. The lease terminates at the end of the lease period. Automatic allocation provides the host with a permanent lease. Manual allocation behaves in the same manner as it does with BOOTP. The system is used to convey the configuration to the client.
The DHCP lease is a process by which a client computer solicits the DHCP server for an IP address. Specifically, DHCP uses the same packet format as BOOTP, where the latter supports only two types of messages in the options field Boot Request and Boot Reply. DHCP supports seven message types: DhcpDiscover, DhcpOffer, DhcpRequest, DhcpAck, DhcpNak, DhcpDecline, and DhcpRelease. This packet format makes DHCP compatible with both BOOTP clients and BOOTP relay agents. Although minor differences exist in the operations concerning acquiring a new as opposed to an updated configuration, the mechanics of initial configuration are representative of how DHCP systems function. Upon start-up, the DHCP client broadcasts a DhcpDiscover message to any DHCP server on the network. Any DHCP server on the network receiving the message responds with a DhcpOffer message, placing the available IP address in the field of the DhcpOffer. The client accepts the first server's IP address offer it receives and places it in the server identifier portion of its DhcpRequest message to the server. If a server receives the request and sees that its ID does not match the ID contained in the request, the server will generate an explicit DhcpDecline message. If on-the-other-hand, the server sees the requested IP address is available it sends a DhcpAck (or, a DhcpNak if the address is already assigned). Clients receiving a DhcpNak start the entire process again (Demaree, 1997). As the least expires, clients will broadcast a request for renewal. The first request for renewal of lease occurs at 50%. A second request is made when the lease is 87.5% expired. Anytime a client receives a denial of lease it gets a DhcpNak message from the server and must stop using that IP address (Robichaux & Chellis, 2001). Active Directory
Active Directory is a distributed hierarchical database in the Windows 2000 Network operating system. It is the trademark component of Microsoft’s Windows Server 2000 infrastructure. It replaces the NT Directory Services used in Windows NT 4.0 and NT 3.5.
The structure of Active Directory follows the formatting guidelines of the International Organization for Standards (ISO). There are two versions of the X.500 standards, one version written in 1988, the other written in 1993. Microsoft’s Windows 2000 utilizes the X.500 standard implemented in 1993 (Savill, 2000). There are four X.500 protocols: Directory Access Protocol (DAP), Directory System Protocol (DSP), Directory Information Shadowing Protocol (DISP), and Directory Operational Binding Management (DOP) (Loughry, 2000).
The inclusion of the X.500 standards in Windows 2000 marks Microsoft’s attempt at meeting the ever-increasing demands for pluralistic computing environments. The X.500 namespace defines how objects are stored in Active Directory. An X.500 namespace is a hierarchical naming structure that identifies unique paths to directory services containers. The X.500 namespace provides each object in the container a unique identifier or Object Identifier (OID). The X.500 namespace can be represented as a dotted notation or as a string notation.
Even though Active Directory exploits X.500 protocol standards, directory service designers use another protocol, Lightweight Directory Access Protocol (LDAP), to search X.500 directory services database. LDAP is both an application model and an access protocol. As an application model, it uses Application Programming Interface (API). Windows Server 2003 fully supports API implementations for queries of directory services. As a protocol, LDAP utilizes the TCP/IP suite of protocols to communicate with data in directory services and in other operating systems like UNIX or Novell (Reimer & Mulcare, 2003).
LDAP is not a competing product; rather, it is a symbiotic application that resolves the X.500 interoperability problems. LDAP was designed as a front-end protocol to distribute x.500 directory services. LDAP replaced X.500 in part because X.500 originated from the OSI model. The OSI implementation for directory services does not interoperate well with TCP/IP compliant systems. TCP/IP is the common language for communications in client-server environments on private intranets and the Internet. LDAP, on-the-other-hand, is TCP/IP compliant. LDAP implementations, also, reduce the number of functions needed with a full X.500 implementation, thus providing a lean and fast directory services without degradation of the overall X.500 file structure. The LDAP mechanism communicates with Windows Server 2003 Active Directory and performs basic read, write, and modification operations (Savill, 2000)
The lightweight directory access protocol (LDAP) is the Internet standard for directory services conforming to the X.500 data model. It is essentially the industry standard and supported by leading software vendors and is part of Windows 2000 Active Directory.
There are two versions of LDAP version 2, the original lightweight variation of the X.500 Directory Access Protocol (DAP); and LDAP version 2a, the heavyweight version. From its inception, Directory Access Protocol (DAP) was designed to support public-key infrastructure (PIU) as part of the X.500 protocol. Originally, the X.509 (LDAP) adaptation of X.500 protocol was not designed to support Public Key Infrastructure. However, with modifications, LDAP has become the leading protocol standard in support of PKI processing directory services for certificates and certificate revocation lists (CRLs). Windows 2000 uses LDAP version 3(Chadwick, 2003) (Loughry, 2000).
Public Key Infrastructure inside Windows 2000 consists of encryption or cryptography based upon private and public keys. Essentially, public key operations entail two fundamental operations encryption and signing. First, encryption permits the sender of information on a network to hide the data from all except the intended receiver. Second, signing uses encryption to prove the authenticity and origin of the data sent.
When used in combination, signing and encryption provides three features valued by all business organizations: Privacy, Authentication, and Non-repudiation.
• Privacy – prevents data from being read by the unintended.
• Authentication – allows verification data was not tampered with while traveling to it destination. Authentication, for example, relies on a data encrypted with a hash algorithm, which is a unique digital fingerprint practically impossible to duplicate.
• Non-repudiation – gives digital signatures the same legal weight as written signatures (Robichaux & Chellis, 2001).
Active Directory Logic
Active Directory is a hierarchical database and directory store that provides multi-mastered replication for a distributed network environment. The logical structure of Microsoft’s Active Directory consists of objects, and containers. The containers are from largest to the smallest forests, trees, domains, organizational units and groups. An object is any of the above plus printers, computers, end users, and facsimile machines. When graphically depicted an Active Directory forest with underlying trees, domains, and organizational units appear as shown below (Figure-2).
Figure 2 Active Directory Domain Structure
The key difference between a forest and a domain lies in the DNS namespace for each. In the following example, Vanguard Business Consultants operates only in the United States. Its subsidiary Vanguard Technical Consultants operates in the United States, Europe, and Asia. Notice how the domains in each tree retain a portion of the parent domain’s name. The graphic below (Figure-3) depicts the two trees in the forest, and how parent company, VBC, relates to the child and corporate equal VTC.
Figure 3 Active Directory Forest and Domains
Each Active Directory object has an object identifier (OID) associated with it. When a DNS zone merges with Active Directory, the DNS zone receives the same attributes of a container object in the Active Directory schema. The combination of DNS zones and Active Directory forms a structure called an Active Directory Integrated (ADI) Zones. As an Active Directory Integrated Zones, the DNS zone receives the container designation label DnsZone, and; the DnsNode receives the leaf designation. By definition a node leaf in terms of a data tree structure is the furthest from the tree root; a DnsNode has no substructures. Each DnsNode has a DnsRecord multi-valued attribute for every record associate with the namespace. Only DNS servers on Domain Controllers load Integrated Zones. The graphic below (Figure-4) illustrates the DNS zone reskit.com in Active Directory. Notice in the nodes (node leaf) in the right pane.
.Figure 4 DNS Integrated Zone
(Microsoft, 2004)
As for concurrency for the DNS zone and DNS servers, Active Directory services are responsible. Whenever a DNS zone update occurs, it is written to Active Directory. Active Directory replicates the data to the other Domain Controllers in the domain tree or forest. Active Directory uses the multi-mastered replication model that automatically sends updates cutting down on network traffic.
Microsoft (1999), however, warns conflicts in integrated DNS servers and DNS nodes resulting from multi-master replication model. Essentially, the integrated DNS server receives multiple updates from the various Active Directory domain servers. The conflict can cause two or more integrated DNS servers to resolve the same query differently. The conflict eventually rights itself based upon a timestamp of the last update from Active Directory. However, until the conflict is resolved the server with the invalid update must poll the valid DNS server for the correct information.
WLAN
Wireless Local Area Network (WLAN) technology is a rapidly changing technology. The implementation and configuration of a WLAN requires careful planning. Before an installation can go forward, the designer must evaluate the clients business and technical needs. Then implement a WLAN technology that meets both present and future needs. Other considerations a WLAN designer must take into account are the modifications to the building and wired land infrastructure to accommodate the WLAN technology.
According to Cisco Systems, there are more than eighteen wireless technologies. Trulove (2002) writes the cost for a small office system size consisting of two or three computers is less than $200. Cisco Systems (2004) states some of the larger more complicated systems with hundreds of connections sell for as much as $500,000 per WAN link.
Essentially, a WLAN connects computer, servers, and other network resources together with radio waves instead of copper or fiber optic cables. Traditionally, WLANS are anchored to the LAN of a business organization. A thorough examination of all eighteen technologies would be beyond the scope of this term paper. Rather, this term paper will briefly examine the standards for three popular 802.11 implementations.
The Institute of Electrical and Electronics Engineers (IEEE) standardize the WLAN technology in the document IEEE 802.11. The original standards issued in 1999 specified WLAN operation at the 2.4 Giga Hertz in the unlicensed industrial, scientific, and medical (ISM) designated bands (Trulove, 2002).
The 802.11 family of standardization include three separate protocols 802.11a, 802.11b, and 802.11g; and, the other standards in the 802.11 family (c-f, h-j, n) are service enhancement and extensions, or corrections to previous specifications and the 802.15 family of technology standards(Wikipedia, 2004).
IEEE 802.11 Standards
The original 802.11 IEEE standard defines three implementation: Infrared technology (IrDA), Direct Sequence Spread Spectrum (DSSS), and Frequency Hopping Spread Spectrum (FHSS) with a shared data rate of 2 Megabytes per second (Mbps) (Trulove, 2002). The IEEE 802.11 standard also placed limitations on both the physical (PHY) and medium access control (MAC) layers of the network. The PHY layer, which actually handles the transmission of data between nodes, can use either direct sequence spread spectrum, frequency hopping spread spectrum, or infrared (IrDA) pulse position modulation (Lough, Blankenship, & Krizman, 2004).
The MAC, a sub-layer of the Data Link Layer of the OSI model, is a set of protocols that ensures signals sent from different stations across the same channel do not collide (Webopedia, 2004). The IEEE 802.11 MAC also, specifies the basic method of access as the Distributed Coordination Function (DCF), which uses Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) protocol to control the wireless LAN access (Zyren & Petrick, 2004).
The United States Military developed Spread Spectrum radio techniques during World War II as method to overcome radar jamming on torpedo guidance systems. In summary, the signals in spread spectrum broadcasting, from the signal sender and to the receiver, hopped from frequency to frequency to avoid jamming. The signals of WLAN broadcast, the signals have the same intent as their WWII counterparts. Instead of guidance instruction to ordinance, data for computer consumption is superimposed on an ever-modulating radio carrier wave, to insure radio transmission. Several types of spread spectrum techniques are available. The most prevalent techniques are Direct-sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS) (Trulove, 2002).
In the original IEEE 802.11 documents, Direct-Sequence Spread Spectrum (DSSS) radio techniques spread a signal across broadband radio frequencies simultaneously. Each bit of the transmission is a redundant pattern called a chip. The longer the chip, the more likely the data can be recovered. Longer bits require larger bandwidths. In 1999, DSSS speed was 1 (Mbps).
Frequency-Hopping Spread Spectrum (FHSS) transmits data over a narrowband that cycle through frequencies. The sender and the receiver know the frequency pattern used. The idea is to insure transmission recovery in the event one frequency is block. Top throw put for FHSS is 2 Mbps. The IEEE addendum 80211b specifies the bandwidth at 11 Mbps. The IEEE addendum 802.11a for ISM broadcast at the 5-GHz increased speed to 54 Mbps (Mallick, 2003)
The 802.11 MAC specifications for Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) protocol are as follows: In the CSMA/CA protocol, when a node receives a packet to be transmitted, it first listens to ensure no other node is transmitting. If the channel is clear, it then transmits the packet. Otherwise, it chooses a random "back-off number" which determines the amount of time the node waits before it is allowed to transmit its packet. When broadcast channel are clear, the transmitting node decreases its back-off number. (When the channel is busy, it does not decrease its back-off number.) When the back-off counter reaches zero, the node transmits the packet.
A similar collision protocol, Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is used by wired Ethernet. CSMA/CD, However, is not used for radio frequency transmissions. The primary reason being the transmitting node cannot hear other nodes in the system that may be broadcasting, because its own signal drowns out any incoming signals at the node (Lough, Blankenship, & Krizman, 2004).
The IEEE specified two 802.11-based WLAN methods: peer-to-peer (ad hoc) or client/server (infrastructure). Figure 4 illustrates the characteristics of an ad-hoc network that 802.11 specify clients can talk with similar clients in the same general vicinity. There are no fixed network access point structures. In networks of this type every node is able to communicate with every other node, this setup is good for mobile LANs.
Figure 5 Ad Hoc Network
(Fujitsu-Siemens, 2002)
The infrastructure network, shown in figure 6, illustrates the connection with an infrastructure access point that acts as a bridge between the wireless clients and the wired LAN. If two access points are located near each other, they must communicate on different channels in order to avoid radio interference (Net World Fusion, 2004).
Figure 6 - Infrastructure Network
(Cisco Systems, 2001) IEEE 802.11 Implementations
The three most popular implementations of 802.11 technologies are 802.11a, 802.11b, and 802.11g. The Wi-Fi Alliance formerly the Wireless Ethernet Compatibility Alliance (WECA) certifies the interoperability of WLAN networks and industry standards based upon the IEEE 802.11 specifications.
In the typical workplace, employee workstation computers are hardwired into a network via a hub or switch. Worker mobility and access to stored data is limited to the immediate area of the workstation. To convey information to fellow workers in a meeting, workers create and distribute hard copies of slideshows. The Wi-Fi by definition means replacing the wires with a low powered two-way radio (Mallick, 2003).
802.11a
IEEE specification for 802.11a wireless LANs provide for speeds up to 54 Mbps in the 5-GHz frequency band. The format for Wi-Fi 802.11a uses Orthogonal Frequency Division Multiplexing (OFDM) (Mallick, 2003). OFDM is a frequency modulating technique use to transmit large amounts of digital data over a radio wave. OFDM breaks the sender’s radio signal into several sub-signals and transmits them simultaneously at different frequencies to the receiver. OFDM reduces the amount of crosstalk in signal transmissions (Webopedia, 2004). The maximum range from transceiver (wireless network interface card) to Access Points (AP) is 50 meters or approximately 150 feet. Cost and range are the downside for the 802.11a. Cost is directly related to the range; because of its limited range, designers of 802.11a networks require twice the AP it takes to facilitate an 802.11b network (Mallick, 2003).
802.11b
The IEEE approved specifications for the Wi-Fi 802.11b July 1997. This specification uses the same protocols as Wired Ethernet using the 2.4-Ghz frequency. Two frequency modulation techniques support 802.11b: FHSS and DSSS. The maximum capacity of reached by 802.11 is 11 Mbps. The typical office environment allows 802.11b transceivers to communicate with Access Points up to a maximum range of 300 feet. The downside with the 802.11b starts with frequency congestion. A number of unlicensed appliances and technologies use the band including cordless phones, Bluetooth technology, and microwave ovens. 802.11b is a commercial success and the de facto industry standard (Mallick, 2003).
802.11g
IEEE 802.11g has attributes of the two previously mentioned IEEE specifications. First it operates at the commercially acceptable 2.4-Ghz. Second, its maximum capacity is 54-Mbps using OFDM. 802.11g equipment is backwards compatible with 802.11b. Next 802.11g cards should function with 802.11b access points. The downside, 802.11g has the same operating range as its 5-Ghz cousin 802.11a (Mallick, 2003). The table below summarizes the three most popular WLAN technologies.
Table 4 WLAN Technologies
STANDARD MAXIMUM BANDWIDTH SECURITY OPTIMUM RANGE FREQUENCY
802.11a 54Mbps WEP, OFDM, 150 ft. 5.0Ghz
802.11b 11Mbs WEP 300 ft. 2.4Ghz
802.11g 54Mbs WEP, OFDM, AES 150 ft 2.4Ghz
LAN Security
The problems with LAN security can be summarized by paraphrasing the familiar verse from the poem To a Mouse by Robert Burns, “The best laid plans of mice and men often go astray, giving us grief and pain for promised joy.” In other words, the primary problem with all networks is human error. It is easy to have all the good intentions in the world. Security planning is like the road to Perdition is paved with good intentions. LAN security is like the door lock to your home. The employees of your company, your neighbors, if the employee abides by the security rules of the company and not download unauthorized materials with tracking cookies or visit unauthorized sites with possible Trojan Horses viruses, then LAN administrator has few security problems. If the employees do not abide by the rules of the company, then the LAN administrator has plenty of problems. There are five basic methods of LAN security attacks:
• Network packet sniffers
• IP spoofing
• Password attacks
• Denial-of-service attacks
• Application layer attacks
Windows 2000 uses IPSec as a method of ensuring its data travels freely across its network. IPSec makes it possible to transfer sensitive data to remote locations on an enterprise LAN/WAN. IPSec, short for IP Security Extensions is a set of protocols that utilizes authentication and encryption to protect sensitive data. IPSec encrypts the data with key exchange protocols. The keys one public and one private are used to encrypted and decrypt the data in transit. The keys complement each other; their security depends on a mathematical relationship. If the public key encrypts a document, the private key can only decrypt. If the private encrypts the document, the public key can only decrypt the document. Public and private key belong to the Public Key Infrastructure or PKI.
In addition to encryption, IPSec provides a method of data authentication to guarantee the documents have not been tampered after being sent. With authentication, the Authentication Header protocol secures the data packet with a hash algorithm. The algorithm serves as a digital fingerprint making it impossible for two messages to have the same hash. IPSec authentication provides three special benefits against three of the most common methods to attack network security:
• Protection against replay attacks.
• Protection against tampering
• Protection against spoofing.
To ensure that IPSec works, the sender must make sure the receiver receives the public key. This is accomplished through the protocol Internet Security Association and Key Management Protocol/Oakley (ISKAMP/Oakley) permits the receiver to obtain the public key to decrypt the message (Robichaux & Chellis, 2001).
The PKI employs certificates to insure communications. According to Huggins (2003), a certificate is a digital statement from a trustworthy entity. The certificate is used to validate the entity bound to the public key. The certificate binds attributes of the public and private keys. The issuer of the certificate can be a computer, a router, an organization, or a person. Before a certificate is issued, a pair of keys must be generated, public and a private.
Windows 2000 permits administrators to send data to remote sites over the internet with a Virtual Private Network (VPN) protocol. The VPN offer the sender and user the same security over the internet, they expect to receive in a true private network. What VPN does is creates a virtual private circuit between a client and a server. This virtual circuit encapsulates the data transmissions with IPSec security. IPSec provides secure connections for remote access using Layer 2; secure end-to-end communication between hosts; and, secure router-to-router connections.
Denial of service attacks are network attacks that are aimed at making a computer or a particular service on a computer unavailable to network users. Denial of service attacks can be difficult to defend against. Microsoft (2002) describes a Denial of Service attack as an attack directed at TCP/IP. Microsoft, also, recommends keeping the server updated with the latest security patches or fixes.
To guard against password attacks Windows 2000 and 2003, establish user accounts. The user account is established locally and in Active Directory. The user accounts for local machines differ from that of the Active Directory user account in that, the information is strictly for the location, while the information in the Active Directory is for any location within the domain. The user accounts are subject to local policy, the Active Directory user accounts, called user profiles, are governed by the user rights policies of Active Directory groups, organizational units, domain policies, and intra-domain trust. A user rights policy is defined as the control of rights that a user or group has to accomplish their network task.
For example, the difference in rights between a customer service worker and a manager permit the manager, to access the production figures of all the customer service workers on the work floor. The user rights of the customer service worker permit only viewing of personal statistics (Donald, London, & Chellis, 2003, chap. 3).
To guard against password attack from remote location, Windows 2000 supports the following user authentication protocols:
1. Password Authentication Protocol (PAP).
2. Shiva Password Authentication Protocol (SPAP)
3. Challenge Handshake Authentication Protocol (CHAP)
4. Microsoft CHAP (MS-CHAP)
5. Extensible Authentication Protocol (EAP) Of the five listed protocols, PAP is the simplest and least secure of the Windows 2000 authentication protocols. PAP sends authentication information in clear text. Second, SPAP is used primarily for talking to remote devices and servers made by Shiva. It is more secure than PAP but less secure than CHAP or EAP. CHAP or MD5-CHAP sends authentication information encrypted based on the RSA MD5 hash algorithm. CHAP is the industry standard for password authentication. Non-Windows clients can use CHAP to access services in Windows 2000. MS-CHAP, Microsoft’s version of CHAP provides encryption and authentication for Windows based clients. MS-CHAP comes in two versions; version 2 provides better encryption and separate channels for sending and receiving data (Huggins, 2003, p. 106).
EAP is an extension of PPP. EAP negotiates an authentication method. The solicitor of the initial authentication is the authenticator. The authenticator is free to request several method of authentication, making separate requests for each method. This system permits any authentication method to proceed including secure access tokens, one time password systems, or typical password request. Each EAP authentication scheme is an EAP type. Windows 2000 comes with two EAP types: EAP MD5-CHAP and EAP-Transport Level Security (TLS). The EAP CHAP and the regular CHAP are identical. EAP-TLS permit PKI certificate authentication methods (Robichaux & Chellis, 2001).
Finally, Application Layer Attacks (Trojan Horses) are prevented with the automatic software update service that will down load the latest security and software patches. Additionally (Microsoft, 2001) recommends:
• Educating staff or warning staff about downloading from unprotected sites.
• Run commercial virus protection software regularly
• Scan software for viruses.
• Change password regularly
WLAN Security
The IEEE 802.11 standard for WLAN security was the Wired Equivalent Privacy encryption algorithm (WEP). WEP, Designed to provide the same protection for WLAN as that of wired LAN. Eventually the shortcomings of WEP became apparent. Intruder easily gained access to the systems protected by WEP. Its effectiveness suffered because it used a single encryption key for the entire network (Bloomquist and Musa 2004).
The WEP radio used the RC4 encryption method as specified by the IEEE 802.11. The WEP used data encryption keys was both static and known by stations on the WLAN. WEP weaknesses included the following: Station identification, static keys, keys duplicated on client stations, weak implementation of RC4 algorithm, and Vector (IV) sequences that were too short.
To resolve the weaknesses of WLAN security the IEEE and the Wi-Fi Alliance chose differing solutions. The IEEE defined the 802.11i standards for WLAN security, while the Wi-Fi Alliance struck upon the Wi-Fi Protected Access (WPA). While waiting for the ratification of the 802.11i. The IEEE adapted the 802.1 X Port-Based Network Access Control standards as an optional mechanism to provide authentication for 802.11 wireless LANs. 802.1X introduced three components for WLAN configurations supplicant (workstation), authenticator (access point) and authentication server (Radius server). To develop its solution, the IEEE relied on existing technology to initiate 802.1X. For the new standard, it used EAP, RADIUS, LDAP, and Active Directory. Later, Cisco Systems introduced EAP-LEAP to improve WLAN security. Then in partnership with Microsoft, Cisco Systems introduced PEAP to enhance Windows security for wireless networks. EAP-TLS -- discussed in the previous section on LAN security -- and PEAP create tunneling services that utilizes EAP-TLS certificates. As far as earlier authentication methods CHAP, MS-CHAP, PAP only EAP-TLS supports the. Windows 2000 and 2003 support EAP.
The yet to be ratified 802.11i like the 802.1X standard relies on existing 802.11 standards relies and the Advanced Encryption Standard (AES). AES is the encryption method adapted by the United States government for encrypting sensitive materials (Burns & Hill, 2003). According to Webopedia (2003), AES is an encryption algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen. The U.S government adopted the algorithm, as its encryption technique in October 2000, to the DES encryption technique. AES is a 128-bit block data encryption technique that works at multiple network layers simultaneously.
As Burns and Hill (2003) state in their essay, portions of the 80211i are yet to be decided. There is still debate over implementation of Fast Roving; whereby, WLAN clients can move freely about the area without signal latency or loss of security. The debate centers on which of the competing standards to adapt.
The Wi-Fi Alliance’s Wi-Fi Protected Access (WPA) solution counters all the known weaknesses of WEP. The WPA solution formerly known as Safe Secure Networks (SSN) is designed to work with existing 802.11 technologies and future 802.11i technologies. WPA implementation encompasses 802.1 X/EAP authentications with key management and encryption techniques. The major features of WPA include the following: • Network security capability - occurs at the 802.11 level and is communicated throughout WPA information elements. These elements include authentication methods and the cipher suites for TKIP, AES, and WEP.
• Authentication - EAP authentication for 802.1X is supported. 802.1X port access control prevent full access to the network until completion of authentication. WPA uses 802.1X EAPOL key packets. WPA distributes the keys on a per-session basis
• Key management – WPA features key generation and management system that combines authentication with data privacy functions. WPA generates keys during successful authentication from which subsequent keys are derived through a 4-way handshake between the access point and the client.
• Data Privacy - Temporal Key Integrity Protocol (TKIP) wraps the old WEP protocol in new encryptions and security techniques to overcome previous flaws.
• Data integrity – TKIP’s Message Integrity Code (MIC) ensures tamper proof messages and guards against packet spoofing (Burns & Hill, 2003). Migration to Windows 2000
Integrating a new operating system into the work environment is very complex task that requires careful planning. In moving to Windows 2000, consideration of the traditional issues of upgrading to new software compatibility, data integrity and desktop performance take a back seat to business needs (Bailes, 1999).
Migrating to Windows 2000 means understanding the business goals of the corporation or company and mapping the software needs to the organizations needs. Typical business goals include the following: business manageability, greater scalability, improved security, availability (Microsoft, 2004).
The first and most important step in the process is a needs assessment. Begin the assessment by identifying the goals of your enterprise that benefit the most from the upgrade: customer care, better Internet presence, more efficient internal operations.
The first step in the assessment starts with determining the operational environment. As mentioned in the project background section, the operational environment includes the operational size and operational structure of the organization. The operational environment determines how a company’s utilizes it resources. The first task in assessing a company’s operational structure is to classify a company as local, regional, national, or international. The region in which a company operates its business helps determines the operational structure and the future structure of network domains. A small company with one location concentrates its business needs locally and needs only a domain tree. A company with international locations is likely to base its business structure on geography and thus needs a forest with many domain trees.
Ascertaining an enterprise’s administrative needs aid the final design of the Active Directory. The majority of companies employ either a centralized administrative model, a decentralized model, or a hybrid administrative model. Small local companies usually employ the centralized administrative model. These smaller organizations often rely on a single administrative team for all their network services. Any Branch offices are conceived as organization units within the parent domain. Larger regional enterprises with dispersed resources with a decentralized administrative model and have the need in Active Directory for domain trees with multiple domains with multiple organizational unit substructures. Each domain in the regional enterprise represents a structure within the enterprise. National corporations doing business inside the borders of the United States require only one forest with multiple domain trees with domain substructure to facilitate organizational structure. Multinational conglomerates utilize a hybrid model that has elements of both the centralized and decentralized administrative models. Multinational enterprises because of international law require Active Directory domain structure that represents their business entities as separate organizations. Instead of a single forest of trees, there are multiple forests complying with the business laws of the host nation.
Second, identify logistical problems and bottlenecks with present operating system. Issues to consider when exploring a company’s logistical characteristics help determine technical needs. Logistical needs revolve around the following: The number of employees at each location, number of users, user community, network topology, anticipated growth, speed of local network links, speed of remote network links, TCP/IP subnets, utilization of local and remote links, and organization of remote links. Included in this section is question client horsepower and server workload, downtime, and reliability (Kone, Boggs, & Perez, 1999) (Bailes, 1999).
Next, identify underpowered hardware; currently Intel is pushing the Pentium III and IV central processing units (CPUs) for computers. Advanced Micro Dynamics (AMD) CPUs have has similar processor speed. Consider how long manufacturers will support older processors? Upgrading to Windows 2000 requires your organization to eliminating underpowered equipment. Windows 2000 was introduced with four variations depending on the size of the company. Windows 2003 comes with similar hardware requisites for its four versions (Bailes, 1999). The chart below (Table-5) summarizes the hardware needs for Windows 2003.
Table 5 Windows 2003 Hardware Needs
Web Edition Standard Edition Enterprise Edition Data Center Edition
RAM
Minimum 128MB 128MB 128MB 512MB
Recommended 256MB 256MB 256MB 1GB
Maximum 2GB 4GB 32GB for x86 processors, 64GB for Itanium processors 64GB for x86 processors, 512GB for Itanium processors
Processor
Minimum 133MHz 133MHz 133MHz for x86 processors 733MHz for Itanium processors 400MHz for x86 processors 733MHz for Itanium processors
Recommended 550MHz 550MHz 733MHz 733MHz
Multi Processor Support Up to 2 processors Up to 4 processors Up to 8 processors Min. of 8 processors for 32-bit processors, a max. of 32; for Itanium based processors 64
Disk space 1.5 GB 1.5 GB 1.5 GB for x86 processors, 2GB for Itanium processors 1.5 GB for x86 processors, 2GB for Itanium processors
Cluster Nodes NA NA Up to 8 Up to 8
(Donald, London, & Chellis, 2003) Conclusion
In conclusion, whether or not an enterprise migrates from one operating system to another is dependent upon first the operating budget for IT, second the skill level of the IT staff, third the hardware inventory, and the total cost of ownership. The total cost of ownership (TCO) includes the cost to acquire, install, configure, manage, and maintain the system during its production life. Intangibles factored into the TCO include ease of use, engineering improvements, and interoperability with third party tools (Tittel & Stewart, 2003).
DNS, DHCP, Active Directory, TCP/IP play important roles in the construction of private network. DNS maps the devices to an internal IP address and subnet mask. DHCP automates the assignment TCP/IP addresses to clients along with the correct subnet mask, default gateway, and DNS servers. Active Directory eases the management of the network resources and increases security.
LAN and WLAN features were linked to discuss remote accessing. Second, the WLAN infrastructure discussion arose because it is impractical not to discuss WLAN and Wi-Fi in a computing environment. WLAN security, first an anathema, now an extension of wire practices, also extends discussions of LAN security provided by Windows 2000 and 2003. References Bailes, L. (1999, June 15). Build A Better Business: Windows 2000: The Upgrade Guide -- What are the benefits? How best to make the move? What other upgrades will you need? Retrieved September 14, 2004, from High Beam Research Web Site: http://www.highbeam.com/library/doc3.asp?DOCID=1P1:29264410&num=11&ctrlInfo=Round7%3APr...
Bloomquist, J., & Musa, A. (2004). Secure Your Wireless Network. Technology & Learning, 24(9), 20.
Burns, J., & Hill, J. (2003, October 4). The Evolution of WLAN Security. Retrieved September 14, 2004, from Meetinghouse Data Communications Web Site: http://www.mtghouse.com/MDC_Evolving_Standards.pdf
Chadwick, D. (2003). Deficiencies in LDAP. ACM, 46(3), 99.
Cisco Systems. (2001, October 12). Cisco Aironet access point. Retrieved September 14, 2004, from Cisco Systems Documentation Web Site: http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350hig/ap3...
Davis, D. (1997). Active Directory Slowly Takes Shape While Competitors. . Windows Watcher, 7(6), 1-6.
Demaree, K. (1997, August 1). DHCP and DNS: a dynamic duo. (Dynamic Host Configuration Protocol and Domain Name Service). Retrieved September 1, 2004, from High Beam Research Web Site: http://www.highbeam.com/library/doc0.asp?docid=1G1:19639789
Donald, L., London, S. S., & Chellis, J. (2003). MCSA/MCSE Windows Server 2003 Environment Management and Maintenance. Alameda, CA: Sybex Inc. 137 -199.
Fujitsu-Siemens. (2002). Wireless LAN network types: AD-HOC network. Retrieved September 11, 2004, from Fujitsu-Semiens Web Site: http://support.fujitsu-siemens.de/KnowHow/Start_GB_Notebook.htm?uri=/KnowHow/GB/Grundla...
Huggins, D. (2003). Windows 2000 Network Infrastructure. Indianapolis: Que Certification.
Kone, E. J., Boggs, J., & Perez, S. (1999). Designing the Active Directory. Retrieved May 30, 2004, from Microsoft Tech Net Web Site: http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirecto...
Lough, D. L., Blankenship, T. K., & Krizman, K. J. (n.d.). A Short Tutorial on Wireless LANs and IEEE 802.11. Retrieved February 12, 2004, from Virginia Polytechnic Institute and State University Web Site: http://www.computer.org/students/looking/summer97/ieee802.htm
Loughry, M. (2000). Active Directory for Dummies. New York City: Wiley Publishing Inc.
Mallick, M. (2003). Mobile and Wireless Design Essentials. New York City: Wiley Publishing Inc. 54-61.
Microsoft (2002). How To Harden the TCP/IP Stack Against Denial of Service Attacks in Windows (315669). Redmond, WA: Microsoft.
Microsoft. (1999). Windows 2000 DNS. Retrieved August 12, 2004, from http://66.102.7.104/search?q=cache:RlenL2dSuooJ:www.microsoft.com/windows2000/docs/w2kd...
Microsoft. (2001, February). Protecting against viruses and Trojan horses. Retrieved September 11, 2004, from Microsoft Windows XP Web Site: http:// http://www.microsoft.com/windowsxp/home/using/productdoc/en/default.asp?url=/windowsxp/...
Microsoft. (2004, February 18). Windows Internet Naming Service (WINS) Architecture and Capacity Planning. Retrieved August 12, 2004, from Microsoft Windows NT Server Web Site: http://www.microsoft.com/ntserver/techresources/commnet/WINS/WINSwp98/WINS01-12.asp
Microsoft. (2004, January 26). Windows 2000 Manageability Offers IT Customers Significant Return on Investment. Retrieved August 26, 2004, from Microsoft Press Pass for Journalist Web Site: http://www.microsoft.com/presspass/press/2000/jan00/w2kroipr.asp
Microsoft. (n.d.). Domain Migration Cookbook. Retrieved September 16, 2004, from Microsoft Web Site: http://www.microsoft.com/technet/prodtechnol/windows2000serv/deploy/cookbook/cookintr.m...
Microsoft. (n.d.). Windows 2000 DNS. Retrieved September 7, 2004, from Windows 2000 Resource Kit Web Site: http://www.microsoft.com/windows2000/techinfo/reskit/en-us/default.asp?url=/windows2000...
Net World Fusion. (2004, September 5). Script: Wireless LAN audio primer. Retrieved September 5, 2004, from Net World Fusion Web Site: http://www.nwfusion.com/primers/wlan/wlanscript.html
Reimer, S., & Mulcare, M. (203). Active Directory for Microsoft windows Server 2003: Technical Reference. Redmond, WA: Microsoft.
Rist, O. (2000, January 31). Windows 2000 - A six step migration plan -- Time To Cut Through The Hype, Roll Up Your Sleeves And Get To Work. Our Six-Step Plan Will Help Prepare You For The Win2K. Retrieved September 14, 2004, from High Beam Research Web Site: http://www.highbeam.com/library/doc3.asp?DOCID=1G1:59090523&num=31&ctrlInfo=Round7%3APr...
Robichaux, P., & Chellis, J. (2001). MCSE Windows 2000 Network Infrastructure Administration Study Guide (2nd Ed.). Alameda, CA: Sybex Inc.
Ryan, J. (2003, May 29). A Very Good Year -- Windows Server 2003 is exceptionally stable, but cost savings may not be quite what Redmond claims. Retrieved August 13, 2004, from High Beam Research Web Site: http://www.highbeam.com/library/doc0.asp?docid=1G1:102669204
Savill, J. (2000, January 9). What are X.500 and LDAP? Retrieved March 13, 2004, from Windows IT Pro Web Site: http://www.winnetmag.com/Article/ArticleID/13373/13373.html
Schwalbe, K. (2003). Information Technology Project Management (3rd Ed.). Boston: Course Technology.
Tittel, E., & Stewart, J. M. (2003). Windows Server 2003 for Dummies. New York City: Wiley Publishing Inc. 130-132.
Trulove, J. (2002). Build Your Own Wireless LAN. New York City: McGraw-Hill. 18-55.
Webopedia. (2003, October 27). AES. Retrieved September 14, 2004, from Webopedia Web Site: http://www.webopedia.com/TERM/A/AES.html
Webopedia. (n.d.). OFDM. Retrieved September 5, 2004, from Internet.Com Web Site: http://www.webopedia.com/TERM/O/OFDM.html
Wikipedia. (2004, August 17). Wired Equivalent Privacy. Retrieved September 9, 04, from http://en.wikipedia.org/wiki/WEP
Wikipedia. (2004, September 8). 802.11i. Retrieved September 9, 2004, from Wikipedia Web Site: http://en.wikipedia.org/wiki/802.11i
Wikipedia. (n.d.). IEEE 802.11. Retrieved February 17, 2004, from Wikipedia: The Free Encyclopedia Web Site: http://en.wikipedia.org/wiki/IEEE_802.11
Zyren, J., & Petrick, A. (n.d.). IEEE 802.11 Tutorial. Retrieved September 11, 2004, from Blue Socket Web Site: http://www.bluesocket.com/pdf/IEEE_80211_Primer.pdf
|
