Course Code : CIT 315

**************************************

 Routing Information Protocol (Rp1,Rip2 and OSPF)

Routing Information Protocol (RIP) is a standards-based, distance-vector, interior gateway

protocol (IGP) used by routers to exchange routing information. RIP uses hop count to determine
the best path between two locations. Hop count is the number of routers the packet must go
through till it reaches the destination network. The maximum allowable number of hops a packet
can traverse in an IP network implementing RIP is 15 hops.

It has a maximum allowable hop count of 15 by default, meaning that 16 is deemed unreachable.
RIP works well in small networks, but it's inefficient on large networks with slow WAN links or
on networks with a large number of routers installed.

In a RIP network, each router broadcasts its entire RIP table to its neighbouring routers every 30
seconds. When a router receives a neighbour’s RIP table, it uses the information provided to
update its own routing table and then sends the updated table to its neighbours.

RIPv1 and RIPv2

RIPv1

 A classful protocol, broadcasts updates every 30 seconds, hold-down period 180 seconds. Hop
count is metric (Maximum 15).
 RIP supports up to six equal-cost paths to a single destination, where all six paths can be placed
in the routing table and the router can load-balance across them. The default is actually four
paths, but this can be increased up to a maximum of six. Remember that an equal-cost path is
where the hop count value is the same. RIP will not load-balance across unequal-cost paths

RIPv2

 RIPv2 uses multicasts, version 1 use broadcasts,

 RIPv2 supports triggered updates—when a change occurs, a RIPv2 router will immediately
propagate its routing information to its connected neighbours.
 RIPv2 is a classless protocol. RIPv2 supports variable-length subnet masking (VLSM)
 RIPv2 supports authentication. You can restrict what routers you want to participate in RIPv2.
This is accomplished using a hashed password value.

Open Shortest Path First (OSPF)

Open Shortest Path First (OSPF) is an interior gateway protocol which is used for routing
between routers belonging to a single Autonomous System. OSPF uses link-state technology in
which routers send each other information about the direct connections and links which they
have to other routers. Each OSPF router maintains an identical database describing the
Autonomous System’s topology. From this database, a routing table is calculated by constructing
a shortest- path tree. OSPF recalculates routes quickly in the face of topological changes,
utilizing a minimum of outing protocol traffic. OSPF provides support for equal-cost multi-path.
An area routing capability is provided, enabling an additional level of routing protection and a
reduction in routing protocol traffic. In addition, all OSPF routing protocol exchanges are
authenticated.
********************************

Network Address Translation (NAT)

NAT (Network Address Translation or Network Address Translator) is the translation of an

Internet Protocol address (IP address) used within one network to a different IP address known
within another network.

NAT (Network Address Translation or Network Address Translator) is the translation of an

Internet Protocol address (IP address) used within one network to a different IP address known
within another network. One network is designated the inside network and the other is the
outside. Typically, a company maps its local inside network addresses to one or more global
outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP
addresses. This helps ensure security since each outgoing or incoming request must go through a
translation process that also offers the opportunity to qualify or authenticate the request or match
it to a previous request. NAT also conserves on the number of global IP addresses that a
company needs and it lets the company use a single IP address in its communication with the
world.

NAT is included as part of a router and is often part of a corporate firewall. Network
administrators create a NAT table that does the global-to-local and local-to-global IP address
mapping. NAT can also be used in conjunction with policy routing. NAT can be statically
defined or it can be set up to dynamically translate from and to a pool of IP addresses. Cisco's
version of NAT lets an administrator create tables that map:

 A local IP address to one global IP address statically

 A local IP address to any of a rotating pool of global IP addresses that a company may have
 A local IP address plus a particular TCP port to a global IP address or one in a pool of them
 A global IP address to any of a pool of local IP addresses on a round-robin basis

NAT reduces the need for a large amount of publicly known IP addresses by creating a
separation between publicly known and privately known IP addresses. CIDR aggregates publicly
known IP addresses into blocks so that fewer IP addresses are wasted. In the end, both extend the
use of IPv4 IP addresses for a few more years before IPv6is generally supported.

*********************
 NTFS Permissions

In any Windows network, you can set sharing permissions for drives and folders. On that
network, each user can choose to share entire drives or individual folders with the network.

NTFS (NT File System) permissions are available to drives formatted with NTFS. The advantage
with NTFS permissions is that they affect local users as well as network users and they are based
on the permission granted to each individual user at the Windows logon, regardless of where the
user is connecting.

NTFS is the standard file system of Windows NT and all Windows operating systems that have
come after it. Windows 2000 and older introduced some far-reaching changes that included
control over inherited permissions and how permissions were configured to share files and
folders. You use shared folders to provide network users with access to file resources.

Administrators can use the NTFS utility to provide access control for files and folders, containers
and objects on the network as a type of system security. Known as the "Security Descriptor", this
information controls what kind of access is allowed for individual users and groups of users.

Along with the additional functionality that NTFS provides comes the potential for complex
configurations that can lead to administration headaches. If you don't have a thorough
understanding of various permissions and their relationships, it can be difficult to sort out a
permission problem when it occurs.

For a more low-level description of NTFS SECURITY_DESCRIPTOR, see Metafile $Secure in

this guide.

Setting NTFS Permissions

The most common way to set permissions is to use Windows Explorer.

To set permissions for an object:

1. In Windows Explorer, right-click a file, folder or volume and choose Properties from the
context menu. The Properties dialog box appears.
2. Click the Security tab.
3. Under Group or user names, select or add a group or user.
4. At the bottom, allow or deny one of the available permissions.
Properties dialog box showing Security tab

Disk Quota Management

disk quota management are permissions given by administrators that set limits on the user,
workgroups, or other groups of storage space. By setting a quota, this helps prevents a server or
share from becoming full of data, but still allows users to save files.

What are the difference between DOMAIN and WORKGROUP?

Workgroup:-
(i)Every PC is responsible for its security own.
(ii)No centralize administration
(iii)Main aim to save hardware recourse
(iv)Best suite in school, training institute, cyber café
Domain: -
(i)Server is responsible for data safety.
(ii)Centralize administration
(iii)Main aim is to secure data
(iv)Best suite in company environments

Network Life cycle Diagram

3. Microsoft Windows Server 2008 Active Directory Infrastructure

 Active Directory Environment

What is Active Directory?

 Domain Controller (DC) Installation and Configuration

Active Directory

Requirement:

Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)

Minimum: 512 MB RAM

Minimum: 32 GB or greater
 The first step is to assign a IP to the server that you going to deploy the AD. Its necessary to
install it as DNS server too. So its better to have fixed IP but it doesn't mean you cannot install
AD without fixed ip address but it will solve lot of issues if you used fixed ip.

In here the server ip is 10.0.0.14. Since we going to make it as DNS server too you should use
the same ip as the preferred DNS server.

 Next step is to install the Active directory roles. Unlikely the older version of windows servers
Microsoft highly recommend to use server manager option to install roles before you run
dcpromo.

 Click on start menu and select the Server Manager

 Select the roles from the right hand panel and click on add roles option.

 From the roles list select the "Active Directory Domain Services" role and Click "Next"
 Review the confirmation and click on "Next"

 Review the installation confirmation and click on "Next"

 It will take few minutes to complete and when its done you will get this confirmation. And then
click on "Close"

After that you will need to do a reboot.

 After reboot please open up the "server Manager" again. And then click on "Roles" there you
will see the "Active Directory Domain Services" is successfully installed in there. click on it
then you will get a window like below.

In their please pay attention to the message

So please click on that link and it will start the DCPROMO wizard.

 So next step to go through the DC promo wizard.

 To start the installation click on "Next"

 Click on "Next"
 Since we going to install New domain Controller in new forest please select the option "Create
a new domain in new forest" option and click on "Next"
 Now we have to provide the name for our domain controller. It must be FQDN. In our case I
used rebeladmin.com as the domain. Please click "Next" after it.
 In this window it will ask to select forest function level. If you going to add server 2003
domain controller to your forest later don't select the function level as server 2008. If you going
to use full features of 2008 Ad you must select forest function level as server 2008. In my case
I used server 2008. Click on "Next" after the select.
 In next window since it's the first DC we should make it as DNS server too. Leave the default
selection and click on "Next"
 If the wizard cannot create a delegation for the DNS server, it displays a message to indicate
that you can create the delegation manually. To continue, click "Yes"
 In next window it will show up the database location. It its going to be bigger AD its good if
you can keep NTDS database in different partition. Click on "Next" after changes.
 In next window its asking to define a restore mode password. Its more important if you had to
do a restore from backup in a server crash. Click on "Next" after filling it.
 Next window is giving you a brief of the installation. Click on "Next"
 Then it will start the installation of the AD. It will take some time to complete. After complete
of the installation perform a server reboot.
 After the reboot now you can login to the domain. Please use the login as following example

User name : your domain\administrator

Password : XXXXXXXX

 Now its done and you can view the active directory options on administrative tools menu
Domain controllers

A domain controller is a computer that:

 Runs an operating system in the Windows Server family.

 Uses Active Directory to store a read-write copy of the domain database, participate in
multimaster replication, and authenticate users.

Domain controllers store directory data and manage communication between users and domains,
including user logon processes, authentication, and directory searches. Domain controllers
synchronize directory data using multimaster replication, ensuring consistency of information
over time.

Active Directory supports multimaster replication of directory data between all domain
controllers in a domain; however, multimaster replication is not appropriate for some directory
data replication. In this case, a domain controller, called the operations master, will process data.
In an Active Directory forest, there are at least five different operations master roles that are
assigned to one or more domain controllers. The Five operations master roles are

1. Schema master
2. Domain naming master
3. Relative ID (RID) master
4. Primary domain controller (PDC) emulator master
 5. Infrastructure master

Note: The operations master roles are sometimes called flexible single master operations (FSMO)
roles.

Forest-wide operations master roles

Every forest must have the following roles:

 Schema master
 Domain naming master

These roles must be unique in the forest. This means that throughout the entire forest there can
be only one schema master and one domain naming master.

Schema master

The schema master domain controller controls all updates and modifications to the schema. To
update the schema of a forest, you must have access to the schema master. There can be only one
schema master in the entire forest.

Domain naming master

The domain controller holding the domain naming master role controls the addition or removal
of domains in the forest. There can be only one domain naming master in the entire forest.

Note

 Any domain controller running Windows Server 2003 can hold the role of the domain
naming master. A domain controller running Windows Server that holds the role of
domain naming master must also be enabled as a global catalog server.

Domain-wide operations master roles

Every domain in the forest must have the following roles:

 Relative ID (RID) master

 Primary domain controller (PDC) emulator master
 Infrastructure master

These roles must be unique in each domain. This means that each domain in the forest can have
only one RID master, PDC emulator master, and infrastructure master.

RID master
The RID master allocates sequences of relative IDs (RIDs) to each of the various domain
controllers in its domain. At any time, there can be only one domain controller acting as the RID
master in each domain in the forest.

Whenever a domain controller creates a user, group, or computer object, it assigns the object a
unique security ID (SID). The SID consists of a domain SID, which is the same for all SIDs
created in the domain, and a RID, which is unique for each SID created in the domain.

To move an object between domains (using Movetree.exe), you must initiate the move on the
domain controller acting as the RID master of the domain that currently contains the object.

PDC emulator master

The PDC emulator master processes password changes from client computers and replicates
these updates to all domain controllers throughout the domain. At any time, there can be only
one domain controller acting as the PDC emulator master in each domain in the forest.

The domain controller configured with the PDC emulator role supports two authentication
protocols:

 The Kerberos V5 protocol

 The NTLM protocol

Infrastructure master

At any time, there can be only one domain controller acting as the infrastructure master in each
domain. The infrastructure master is responsible for updating references from objects in its
domain to objects in other domains. The infrastructure master compares its data with that of a
global catalog. Global catalogs receive regular updates for objects in all domains through
replication, so the global catalog data will always be up to date. If the infrastructure master finds
data that is out of date, it requests the updated data from a global catalog. The infrastructure
master then replicates that updated data to the other domain controllers in the domain

 Additional Domain Controller (ADC)

 Child Domain Controller (CDC)

 Member Server (MS)

A member server is a computer that:

 Runs an operating system in the Windows 2000 Server family or the Windows
Server 2003 family.
  Belongs to a domain.
 Is not a domain controller.

A member server does not process account logons, participate in Active Directory replication, or
store domain security policy information.

Member servers typically function as the following types of servers: file servers, application
servers, database servers, Web servers, certificate servers, firewalls, and remote access servers.

The following security-related features are common to all member servers:

 Member servers adhere to Group Policy settings that are defined for the site, domain, or
organizational unit.
 Access control for resources that are available on a member server.
 Member server users have assigned user rights.
 Member servers contain a local security account database, the Security Accounts
Manager (SAM).

4. Microsoft Windows Server2008 R2 network Infrastructure

 Naming Server (DNS and Wins)

DNS refers to the Domain Name System -- a widely used service in networks all over the world.
DNS was created to serve the Internet Network, but also our LAN (Local Area Network).

WINS, on the other hand, refers to Windows Internet Naming Service created by Microsoft and
was used in the older Windows NT4 networks as the services provided by the domain, were
heavily depended on it. Today, WINS servers are not that common except in specific
applications and network conditions where they must exist.

Because the majority of networks use DNS these days, Windows 2000 and 2003 have migrated
away from WINS and use DNS mainly.

While both services do identical jobs, that is, translate domains and hostnames into IP addresses,
DNS has become the number one standard for name resolution and it surely won't change for a
long time.

Root Name Server

A root name server is a name server for the root zone of the Domain Name System of the
Internet. It directly answers requests for records in the root zone and answers other requests by
returning a list of the authoritative name servers for the appropriate top-level domain (TLD). The
root name servers are a critical part of the Internet infrastructure because they are the first step in
translating (resolving) human readable host names into IP addresses that are used in
communication between Internet hosts.
The root zone
The root servers contain the information that makes up the root zone, which is the global list of
top level domains. The root zone contains:
• generic top level domains – such as .com, .net, and .org
• country code top level domains – two-letter codes for each country, such as .se for Sweden or
.no for Norway
• internationalized top level domains – generally equivalents of country code top level domain
names written in the countries’ local character sets
For each of those top level domains, the root zone contains the numeric addresses of name
servers which serve the top level domain’s contents, and the root servers respond with these
addresses when asked about a top level domain.

Who operates them?

The root servers are operated by 12 different organizations:
• Verisign
• University of Southern California
• Cogent
• University of Maryland
• NASA AMES Research Center
• Internet Systems Consortium
• US Department of Defense
• US Army Research Lab
• Netnod
• RIPE
• ICANN
• WIDE
Many of these organizations have been operating root servers since the creation of the DNS; and
the list shows the Internet’s early roots as a US-based research and military network.

Where they are?

There are more than 300 root servers scattered around the world, on all six populated continents.
They are reachable using 13 numeric IP addresses – one per operating organization, except for
Verisign, which has two. Most of those addresses are assigned to multiple servers scattered
around the world, so DNS queries sent to those addresses get fast responses from local servers.
This was not always the case. A decade ago there were only 13 root servers – one per IP address
– and all but three were in the United States. However, significant efforts by several of the root
server operators, including Netnod, have expanded the root server footprint over the last ten
years.
Because there are only 13 root server IP addresses, only 13 root servers can be seen from any
single location at any given time. Different servers (using the same IP addresses) will be seen
from different locations.
Who is responsible for them?
Each operating organization is solely responsible for the root server IP address (or addresses) it
operates. The operating organization determines how many locations that IP address will be
served from, what those locations are, what hardware and software will be installed in each
location, and how that hardware and software will be maintained. Some operators operate only a
single location, while others operate many (one operator is responsible for almost 100). Each
organization secures its own operating funds.
Where does the root zone come from?
The root zone comes from the Internet Assigned Numbers Authority (IANA), which is part of
the Internet Corporation for Assigned Names and Numbers (ICANN). It is signed using
DNSSEC signatures to ensure authenticity, and issued to the root server operators to publish to
their root servers. The root server operators publish the root zone as written, and have no
authority to alter the content.
How do resolvers find root servers?
Since root servers are at the root of the DNS hierarchy, it isn’t possible to walk through the DNS
hierarchy to find them: the resolvers wouldn’t know where to look. Instead, there is a list of well-
known and rarely changed root server IP addresses, and every DNS resolver has that list of IP
addresses included with the software. If a root server does need to change addresses – something
that has happened twice in the last ten years – this does not present a significant problem. Older
resolvers continue to work by using the other 12 root server addresses, and their list gets updated
when their software is updated.
Fault tolerance
while root servers are critical infrastructure, the failure of a single root server won’t be noticed
by most Internet users. Individual servers that fail should withdraw their address announcements,
allowing queries to be answered by a different server responding to the same address. If all
instances of a single address are unreachable, either in general or for a specific part of the world,
there are 12 more root server IP addresses to choose from. The chances of all 300+ root servers
or all 13 root server IP addresses being unreachable at once are very small, and the root server
system is, thus, very reliable.
  Dynamic Host Configuration Protocol Server (DHCP)

Dynamic Host Configuration Protocol (DHCP)

Short for c, a protocol for assigning dynamic IP addresses to devices on a network. With
dynamic addressing, a device can have a different IP address every time it connects to the
network. In some systems, the device's IP address can even change while it is still connected.
DHCP also supports a mix of static and dynamic IP addresses.

DHCP Simplifies Network Administration

Dynamic addressing simplifies network administration because the software keeps track of IP
addresses rather than requiring an administrator to manage the task. This means that a new
computer can be added to a network without the hassle of manually assigning it a unique IP
address. Many ISPs use dynamic IP addressing for Internet subscribers.

***

The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used
on Internet Protocol (IP) networks for dynamically distributing network configuration
parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP
addresses and networking parameters automatically from a DHCP server, reducing the need for a
network administrator or a user to configure these settings manually.

 ARP - Address Resolution Protocol

Short for Address Resolution Protocol, a network layer protocol used to convert an IP address
into a physical address (called a DLC address), such as an Ethernet address. A host wishing to
obtain a physical address broadcastsan ARP request onto the TCP/IP network. The host on the
network that has the IP address in the request then replies with its physical hardware address.

There is also Reverse ARP (RARP)which can be used by a host to discover its IP address. In this
case, the host broadcasts its physical address and a RARP server replies with the host's IP
address.

Unicast
In computer networking, unicast transmission is the sending of messages to a single network
destination identified by a unique address

Unicast is a one-to one connection between the client and the server. Unicast uses IP delivery
methods such as Transmission Control Protocol (TCP) and User Datagram Protocol (UDP),
which are session-based protocols. When a Windows Media Player client connects using unicast
to a Windows Media server, that client has a direct relationship to the server. Each unicast client
that connects to the server takes up additional bandwidth. For example, if you have 10 clients all
playing 100-kilobits per second (Kbps) streams, those clients as a group are taking up 1,000
Kbps. If you have only one client playing the 100 Kbps stream, only 100 Kbps is being used.

Multicast

Multicast is a true broadcast. The multicast source relies on multicast-enabled routers to forward
the packets to all client subnets that have clients listening. There is no direct relationship between
the clients and Windows Media server. The Windows Media server generates an .nsc (NetShow
channel) file when the multicast station is first created. Typically, the .nsc file is delivered to the
client from a Web server. This file contains information that the Windows Media Player needs to
listen for the multicast. This is similar to tuning into a station on a radio. Each client that listens
to the multicast adds no additional overhead on the server. In fact, the server sends out only one
stream per multicast station. The same load is experienced on the server whether only one client
or 1,000 clients are listening.

******

The term unicast is contrasted with the term broadcast which means transmitting the same data
to all possible destinations. Another multi-destination distribution method, multicasting, sends
data only to interested destinations by using special address assignments.

If an IP Unicast packet passes through a switch that does not know the location of the associated
MAC Address, the packet will be broadcast to all ports on the switch. This failure of Unicast to
'cast to a single device' is called a Unicast flood.

 Application of File Server

 Application of Remote Access Server (RAS)

Remote Access Server (RAS)

A remote access server (RAS) is a type of server that provides a suite of services to remotely
connected users over a network or the Internet. It operates as a remote gateway or central server
that connects remote users with an organization's internal local area network (LAN).
A RAS includes specialized server software used for remote connectivity. This software is
designed to provide authentication, connectivity and resource access services to connecting
users. A RAS is deployed within an organization and directly connected with the organization’s
internal network and systems.
Services
Once connected with a RAS, a user can access his or her data, desktop, application, print and/or
other supported services.

 Virtual Private Network (VPN)

A VPN is a network that uses a public telecommunication infrastructure, such as the Internet,
to provide remote offices or individual users with secure access to their organization's
network. A VPN ensures privacy through security procedures and tunneling protocols such
as the Layer Two Tunneling Protocol (L2TP). Data is encrypted at the sending end and
decrypted at the receiving end.

A virtual private network (VPN) is a network that uses a public telecommunication

infrastructure, such as the Internet, to provide remote offices or individual users with secure
access to their organization's network. A virtual private network can be contrasted with an
expensive system of owned or leased lines that can only be used by one organization. The goal
of a VPN is to provide the organization with the same capabilities, but at a much lower cost.

A VPN works by using the shared public infrastructure while maintaining privacy through
security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP).
In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving
end, send the data through a "tunnel" that cannot be "entered" by data that is not properly
encrypted. An additional level of security involves encrypting not only the data, but also the
originating and receiving network addresses.

 Windows Server 2008 Tools

 Backup and Recovery of Data

ISA Server
An Internet security and acceleration server (ISA server) is a server that provides organizational
firewall and Web cache solutions for Windows along with secure, fast and manageable Internet
connectivity.
ISA helps to implement an organization's business security policy through its administrative
tools, which help to regulate usage based on user group, application, destination, schedule and
content criteria. Its extensible platform offers hardware redundancy and load balancing and
enables efficient use of network resources through its sophisticated caching mechanisms.

 Software-based firewalls: these are often run as additional programs on computers that
are used for other things. They are often known as personal firewalls which can be
updates on personal computers.

 Hardware-based firewalls: Hardware based firewalls run on a dedicated computer (or

appliance). Often, these offer a better performance than software firewalls, but they are
also more expensive.

 Access Control Lists (ACLs) were early firewalls implemented, typically on routers. They are
useful for scalability and performance, but can't read more than packet headers, which provide
only rudimentary information about the traffic.
 Proxy firewalls process incoming network traffic by impersonating the intended recipient. Proxy
firewalls send information to destination computers after inspection and only if it decides to
authorize access. This computer’s response is sent to the proxy, which passes the data with the
origin address of the proxy server. The proxy firewall through this process, brokers connections
between two computers, which means it's the one and only machine on the network talking to
the outside world.
 Stateful inspection firewalls were the next major evolutionary step. They classify and track the
state of traffic by monitoring all connection interactions until a connection is closed.
 Unified Threat Management (UTM) solutions consolidate stateful inspection firewalls,
antivirus, and IPS to a single appliance. They are also generally understood to include many
other network security capabilities.
 Next-generation firewalls (NGFWs) were created to respond to increasing capabilities of
malware and applications. This is where Palo Alto Networks' platform comes in; We bring
together the key network security functions, including advanced firewall, IPS/IDS, URL filtering
and threat protection. Our NGFW solution ensures better security than legacy firewalls, UTMs,
or point threat detection products, as these functions are engineered into the product from the
start and share important information across disciplines.

Packet filtering
Data travels on the internet in small pieces; these are called packets. Each packet has certain
metadata attached, like where it is coming from, and where it should be sent to. The easiest thing
to do is to look at the metadata. Based on rules, certain packets are then dropped or rejected. All
firewalls can do this.it is known as network layer

Stateful packet inspection

In addition to the simple packet filtering (above) this kind of firewall also keeps track of
connections. A packet can be the start of a new connection, or it can be part of an existing
connection. If it is neither of the two, it is probably useless and can be dropped.

Application-layer firewalls

Application-layer firewalls do not just look at the metadata; they also look at the actual data
transported. They know how certain protocols work, for example FTP or HTTP. They can then
look if the data that is in the packet is valid (for that protocol). If it is not, it can be dropped.

Microsoft Exchange Server 2003

What is Microsoft exchange server?
Microsoft exchange serveris a email server which is used to send and receive email.
The Microsoft Exchange server is one of the most popular collaborative and messaging
servers in the world. It is used by businesses and organizations utilizing Microsoft
infrastructure solutions. The Exchange is basically the power behind all the amazing
features of Microsoft Outlook.
Today, the Microsoft exchange has the following two jobs:

1. The exchange supports IMAP, POP and web email clients including Microsoft
Outlook.
2. The exchange lets users share information using either Outlook Web Access or
Outlook.

SMTP
SMTP used to reliably send and receive mails over the internet.
SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving
e-mail. However, since it is limited in its ability to queue messages at the receiving end,
it is usually used with one of two other protocols, POP3 or IMAP that let the user save
messages in a server mailbox and download them periodically from the server. In other
words, users typically use a program that uses SMTP for sending e-mail and either
POP3 or IMAP for receiving e-mail.

 POP3 - Post Office Protocol. A POP3 mail server holds mail until the workstation
is ready to receive it.
 IMAP - Like POP3, Internet Message Access Protocol is a standard protocol for
accessing e-mail from your local server. IMAP (the latest version is IMAP4) is a
client/server protocol in which e-mail is received and held for you by your
Internet server.

Network News Transfer Protocol (NNTP)

So far, we have looked at three of the protocols used in sending and retrieving Internet
Mail. However, mail is not the only method used for the dissemination of information
across the Internet. Instances often arise where a particular message is of interest to a
wide number of users. As the appeal of the message grows, so the inefficiencies of
using a mail-based mechanism for transporting that message increase also, as the
practice of sending a separate copy of the message to each of the interested parties
consumes large quantities of bandwidth, CPU resources and disk space among the
many destinations.
Significant economies can be achieved if these popular messages are hosted in a single
database instead of in each subscriber's mailbox. This single database is a news server
and the messages on such a server are called news items or articles. NNTP (the
Network News Transfer Protocol) defines a protocol for the distribution, inquiry, posting
and retrieval of such news items between a news server and clients and is designed to
allow messages to be stored on a central host server with clients connecting via a
connection stream such as TCP. (News distribution between servers typically uses
another protocol called Unix-to-Unix Copy or UUCP).
The NNTP protocol also allows for the introduction of intermediate or 'slave' servers that
accept newsfeeds from central master news servers and in turn provide service of these
cached news articles to local clients.

What is Newsgroup

A Newsgroup is a resource where messages can be posted on the NNTP virtual server.

Creating News Group

If you decide to use Newsgroups in your Exchange Server 2003 organization, the first step is to
choose between Local and/or Public Newsgroup implementations. If you want to implement
Local Newsgroups it is quite easy and independent from Internet traffic. Public Newsgroups
mean that your Internet traffic might increase a lot so you as an administrator should try to keep
public information to a minimum only.

Implementing Newsgroups

With Exchange Server 2003 the NNTP service is disabled by default and must be enabled to run.
You should set this service to ―start automatically‖, then your virtual NNTP service can run
properly.

The next step is creating Newsgroups and enabling your users to use them.

Figure 1: Enabling NNTP Protocol

After enabling the NNTP Protocol on your Exchange Server 2003 you will have to create the
newsgroups you want to use.
Figure 2: Creating Newsgroups (1)
Figure 3: Creating Newsgroups (2)
Figure 4: Creating Newsgroups (3)
Figure 5: Newsgroup Properties

After this procedure all your users are able to use the new newsgroup(s) using a Newsreader (e.g.
Outlook Express or Gravity). As you can see enabling newsgroups is quite easy using Exchange
Server 2003 but means using other programs than your generic outlook client on your client
computers.

Implementing Newsfeeds

If you want to provide public newsgroup access for your users with controlled access, you should
configure newsfeeds. Your Exchange Server 2003 will be able to communicate with public
newsgroups using the default NNTP port 119 and will provide your internal users access to them
like any other public folders.

You can define detailed security configurations and are able to control whether it is only a pull or
a push and pull configuration. A push configuration means that your Exchange Server is
republishing the entries of your users within the public folders to the external newsgroups.
The following steps provide documentation how to create public newsfeeds on your Exchange
Server 2003.

Figure 6: Creating Newsfeeds (1)

If you would like to use newsfeeds you should not forget to contact the newsgroup provider if
newsfeeds are available, because in general the newsfeed command is disabled on a lot of
newsgroup servers. If the provider does not permit newsfeeds you can use a tool like the
―Hamster‖ that works like a NNTP client and provides the Exchange Server with a connection
using newsfeeds. With this tool you are able to use newfeeds without any trouble with nearly
every newsgroup you want.
Figure 7: Configuring the Remote Server Role
Figure 8: Configuring Inbound and Outbound Feeds
Figure 9: Creating the Newsfeed Time Windows
Figure 10: Selecting the Newsgroups for the Newsfeed
Figure 11: General Newsfeed Properties
Figure 12: Including and Excluding Newsgroups
Figure 13: Creating the Synchronization Schedule
Figure 14: Configuring Newsfeed Authentication

Now all users that have access permission to the appropriate public folders are able to access
newsgroups indirectly without having to use a separate newsreader.

Conclusion

When you are using Exchange Server 2003 as your global messaging and collaboration system in
your network environment it is quite easy to configure newsfeeds to provide users access to
external public newsgroups without having their clients allow communication on the NTTP port.
Only your Exchange Server has to have access to it and therefore this managed solution is the
best way of implementing this feature in present network environments.
Proxy Server

Most large businesses, organizations, and universities these days use a proxy server. This is a
server that all computers on the local network have to go through before accessing information
on the Internet. By using a proxy server, an organization can improve the network performance
and filter what users connected to the network can access.

The success of TCP/IP as the network protocol of the Internet is largely because of its ability to
connect together networks of different sizes and systems of different types. These networks are
arbitrarily defined into three main classes (along with a few others) that have predefined sizes,
each of which can be divided into smaller subnetworks by system administrators. A subnet mask
is used to divide an IP address into two parts. One part identifies the host (computer), the other
part identifies the network to which it belongs. To better understand how IP addresses and subnet
masks work, look at an IP (Internet Protocol) address and see how it is organized.

IP addresses: Networks and hosts

An IP address is a 32-bit number that uniquely identifies a host (computer or other device, such
as a printer or router) on a TCP/IP network.

IP addresses are normally expressed in dotted-decimal format, with four numbers separated by
periods, such as 192.168.123.132. To understand how subnet masks are used to distinguish
between hosts, networks, and subnetworks, examine an IP address in binary notation.

For example, the dotted-decimal IP address 192.168.123.132 is (in binary notation) the 32 bit
number 110000000101000111101110000100. This number may be hard to make sense of, so
divide it into four parts of eight binary digits.

These eight bit sections are known as octets. The example IP address, then, becomes
11000000.10101000.01111011.10000100. This number only makes a little more sense, so for
most uses, convert the binary address into dotted-decimal format (192.168.123.132). The
decimal numbers separated by periods are the octets converted from binary to decimal notation.

For a TCP/IP wide area network (WAN) to work efficiently as a collection of networks, the
routers that pass packets of data between networks do not know the exact location of a host for
which a packet of information is destined. Routers only know what network the host is a member
of and use information stored in their route table to determine how to get the packet to the
destination host's network. After the packet is delivered to the destination's network, the packet is
delivered to the appropriate host.

For this process to work, an IP address has two parts. The first part of an IP address is used as a
network address, the last part as a host address. If you take the example 192.168.123.132 and
divide it into these two parts you get the following:
192.168.123. Network
.132 Host

-or-
192.168.123.0 - network address.
0.0.0.132 - host address.

Subnet mask

The second item, which is required for TCP/IP to work, is the subnet mask. The subnet mask is
used by the TCP/IP protocol to determine whether a host is on the local subnet or on a remote
network.

In TCP/IP, the parts of the IP address that are used as the network and host addresses are not
fixed, so the network and host addresses above cannot be determined unless you have more
information. This information is supplied in another 32-bit number called a subnet mask. In this
example, the subnet mask is 255.255.255.0. It is not obvious what this number means unless you
know that 255 in binary notation equals 11111111; so, the subnet mask is:
11111111.11111111.11111111.0000000

Lining up the IP address and the subnet mask together, the network and host portions of the
address can be separated:
11000000.10101000.01111011.10000100 -- IP address (192.168.123.132)
11111111.11111111.11111111.00000000 -- Subnet mask (255.255.255.0)

The first 24 bits (the number of ones in the subnet mask) are identified as the network address,
with the last 8 bits (the number of remaining zeros in the subnet mask) identified as the host
address. This gives you the following:
11000000.10101000.01111011.00000000 -- Network address (192.168.123.0)
00000000.00000000.00000000.10000100 -- Host address (000.000.000.132)

So now you know, for this example using a 255.255.255.0 subnet mask, that the network ID is
192.168.123.0, and the host address is 0.0.0.132. When a packet arrives on the 192.168.123.0
subnet (from the local subnet or a remote network), and it has a destination address of
192.168.123.132, your computer will receive it from the network and process it.

Almost all decimal subnet masks convert to binary numbers that are all ones on the left and all
zeros on the right. Some other common subnet masks are:
Decimal Binary
255.255.255.192 1111111.11111111.1111111.11000000
255.255.255.224 1111111.11111111.1111111.11100000
Internet RFC 1878 (available from http://www.internic.net ) describes the valid subnets and
subnet masks that can be used on TCP/IP networks.

Network classes

Internet addresses are allocated by the InterNIC (http://www.internic.net ), the organization that
administers the Internet. These IP addresses are divided into classes. The most common of these
are classes A, B, and C. Classes D and E exist, but are not generally used by end users. Each of
the address classes has a different default subnet mask. You can identify the class of an IP
address by looking at its first octet. Following are the ranges of Class A, B, and C Internet
addresses, each with an example address:
 Class A networks use a default subnet mask of 255.0.0.0 and have 0-127 as their
first octet. The address 10.52.36.11 is a class A address. Its first octet is 10, which is
between 1 and 126, inclusive.
 Class B networks use a default subnet mask of 255.255.0.0 and have 128-191 as
their first octet. The address 172.16.52.63 is a class B address. Its first octet is 172,
which is between 128 and 191, inclusive.
 Class C networks use a default subnet mask of 255.255.255.0 and have 192-223 as
their first octet. The address 192.168.123.132 is a class C address. Its first octet is
192, which is between 192 and 223, inclusive.
In some scenarios, the default subnet mask values do not fit the needs of the organization,
because of the physical topology of the network, or because the numbers of networks (or hosts)
do not fit within the default subnet mask restrictions. The next section explains how networks
can be divided using subnet masks.

Subnetting

A Class A, B, or C TCP/IP network can be further divided, or subnetted, by a system

administrator. This becomes necessary as you reconcile the logical address scheme of the
Internet (the abstract world of IP addresses and subnets) with the physical networks in use by the
real world.

A system administrator who is allocated a block of IP addresses may be administering networks

that are not organized in a way that easily fits these addresses. For example, you have a wide
area network with 150 hosts on three networks (in different cities) that are connected by a
TCP/IP router. Each of these three networks has 50 hosts. You are allocated the class C network
192.168.123.0. (For illustration, this address is actually from a range that is not allocated on the
Internet.) This means that you can use the addresses 192.168.123.1 to 192.168.123.254 for your
150 hosts.

Two addresses that cannot be used in your example are 192.168.123.0 and 192.168.123.255
because binary addresses with a host portion of all ones and all zeros are invalid. The zero
address is invalid because it is used to specify a network without specifying a host. The 255
address (in binary notation, a host address of all ones) is used to broadcast a message to every
host on a network. Just remember that the first and last address in any network or subnet cannot
be assigned to any individual host.

You should now be able to give IP addresses to 254 hosts. This works fine if all 150 computers
are on a single network. However, your 150 computers are on three separate physical networks.
Instead of requesting more address blocks for each network, you divide your network into
subnets that enable you to use one block of addresses on multiple physical networks.

In this case, you divide your network into four subnets by using a subnet mask that makes the
network address larger and the possible range of host addresses smaller. In other words, you are
'borrowing' some of the bits usually used for the host address, and using them for the network
portion of the address. The subnet mask 255.255.255.192 gives you four networks of 62 hosts
each. This works because in binary notation, 255.255.255.192 is the same as
1111111.11111111.1111111.11000000. The first two digits of the last octet become network
addresses, so you get the additional networks 00000000 (0), 01000000 (64), 10000000 (128) and
11000000 (192). (Some administrators will only use two of the subnetworks using
255.255.255.192 as a subnet mask. For more information on this topic, see RFC 1878.) In these
four networks, the last 6 binary digits can be used for host addresses.

Using a subnet mask of 255.255.255.192, your 192.168.123.0 network then becomes the four
networks 192.168.123.0, 192.168.123.64, 192.168.123.128 and 192.168.123.192. These four
networks would have as valid host addresses:
192.168.123.1-62
192.168.123.65-126
192.168.123.129-190
192.168.123.193-254

Remember, again, that binary host addresses with all ones or all zeros are invalid, so you cannot
use addresses with the last octet of 0, 63, 64, 127, 128, 191, 192, or 255.

You can see how this works by looking at two host addresses, 192.168.123.71 and
192.168.123.133. If you used the default Class C subnet mask of 255.255.255.0, both addresses
are on the 192.168.123.0 network. However, if you use the subnet mask of 255.255.255.192,
they are on different networks; 192.168.123.71 is on the 192.168.123.64 network,
192.168.123.133 is on the 192.168.123.128 network.

Default gateways

If a TCP/IP computer needs to communicate with a host on another network, it will usually
communicate through a device called a router. In TCP/IP terms, a router that is specified on a
host, which links the host's subnet to other networks, is called a default gateway. This section
explains how TCP/IP determines whether or not to send packets to its default gateway to reach
another computer or device on the network.

When a host attempts to communicate with another device using TCP/IP, it performs a
comparison process using the defined subnet mask and the destination IP address versus the
subnet mask and its own IP address. The result of this comparison tells the computer whether the
destination is a local host or a remote host.

If the result of this process determines the destination to be a local host, then the computer will
simply send the packet on the local subnet. If the result of the comparison determines the
destination to be a remote host, then the computer will forward the packet to the default gateway
defined in its TCP/IP properties. It is then the responsibility of the router to forward the packet to
the correct subnet.

Troubleshooting

TCP/IP network problems are often caused by incorrect configuration of the three main entries in
a computer's TCP/IP properties. By understanding how errors in TCP/IP configuration affect
network operations, you can solve many common TCP/IP problems.

Incorrect Subnet Mask: If a network uses a subnet mask other than the default mask for its
address class, and a client is still configured with the default subnet mask for the address class,
communication will fail to some nearby networks but not to distant ones. As an example, if you
create four subnets (such as in the subnetting example) but use the incorrect subnet mask of
255.255.255.0 in your TCP/IP configuration, hosts will not be able to determine that some
computers are on different subnets than their own. When this happens, packets destined for hosts
on different physical networks that are part of the same Class C address will not be sent to a
default gateway for delivery. A common symptom of this is when a computer can communicate
with hosts that are on its local network and can talk to all remote networks except those that are
nearby and have the same class A, B, or C address. To fix this problem, just enter the correct
subnet mask in the TCP/IP configuration for that host.

Incorrect IP Address: If you put computers with IP addresses that should be on separate subnets
on a local network with each other, they will not be able to communicate. They will try to send
packets to each other through a router that will not be able to forward them correctly. A symptom
of this problem is a computer that can talk to hosts on remote networks, but cannot communicate
with some or all computers on their local network. To correct this problem, make sure all
computers on the same physical network have IP addresses on the same IP subnet. If you run out
of IP addresses on a single network segment, there are solutions that go beyond the scope of this
article.

Incorrect Default Gateway: A computer configured with an incorrect default gateway will be
able to communicate with hosts on its own network segment, but will fail to communicate with
hosts on some or all remote networks. If a single physical network has more than one router, and
the wrong router is configured as a default gateway, a host will be able to communicate with
some remote networks, but not others. This problem is common if an organization has a router to
an internal TCP/IP network and another router connected to the Internet.

Glossary

Broadcast address -- An IP address with a host portion that is all ones.

Host -- A computer or other device on a TCP/IP network.

Internet -- The global collection of networks that are connected together and share a common
range of IP addresses.

InterNIC -- The organization responsible for administration of IP addresses on the Internet.

IP -- The network protocol used for sending network packets over a TCP/IP network or the
Internet.

IP Address -- A unique 32-bit address for a host on a TCP/IP network or internetwork.

Network -- There are two uses of the term network in this article. One is a group of computers on
a single physical network segment; the other is an IP network address range that is allocated by a
system administrator.

Network address -- An IP address with a host portion that is all zeros.

Octet -- An 8-bit number, 4 of which comprise a 32-bit IP address. They have a range of
00000000-11111111 that correspond to the decimal values 0- 255.

Packet -- A unit of data passed over a TCP/IP network or wide area network.

RFC (Request for Comment) -- A document used to define standards on the Internet.

Router -- A device that passes network traffic between different IP networks.

Subnet Mask -- A 32-bit number used to distinguish the network and host portions of an IP
address.

Subnet or Subnetwork -- A smaller network created by dividing a larger network into equal parts.

TCP/IP -- Used broadly, the set of protocols, standards and utilities commonly used on the
Internet and large networks.

Wide area network (WAN) -- A large network that is a collection of smaller networks separated
by routers. The Internet is an example of a very large WAN.