DOCSLIB.ORG

Management Through Firewalls in Relation to Microsoft NT and Windows 2000

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Management Through Firewalls in Relation to Microsoft NT and Windows 2000 Management through firewalls in relation to Microsoft NT and Windows 2000 Claus Jespersen Hewlett-Packard A/S Vestre Kongevej 4-6 DK-8260 Viby J Denmark Direct: (45) 4599 1829 Fax: (45) 8733 1888 e-mail: Mobile: (45) 4060 1829 [email protected] Solution Architect OpenView/Internet specialist Prepared by: Claus Jespersen Solution Architect Openview/Internet specialist Date Prepared: Februar 2000 Windows 2000 management Management through firewalls in relation to Microsoft NT and Windows 2000 ÿ Document Information Project Name: Management through firewalls in relation to Windows 2000 Project Manager: Document Version No: 1.0 FocusPM Phase: Document Version Date: 17. February 2000 Quality Review Method: Prepared By: Claus Jespersen Preparation Date: 17. February 2000 Reviewed By: Review Date: Distribution List From Date Phone/Fax Claus Jespersen, Hewlett-Packard Denmark, 17. February +4545991829 [email protected] 2000 To Action* Due Date Phone/Fax * Action Types: Approve, Review, Inform, File, Action Required, Attend Meeting, Other (please specify) Version History Ver. No. Ver. Date Revised By Description Filename 1.0 17. First finished version after a few drafts win2kfwmgt-v1.0.doc February 2000 FocusPM White paper by Claus Jespersen, HP Denmark Page2of2 Template (3 /2-Apr-1999) win2kfwmgt-v1.0 Last printed 16-Feb-00 21:58 Windows 2000 management Management through firewalls in relation to Microsoft NT and Windows 2000 ÿ 1. Proprietary Notice..............................................................................................................................................7 2. Purpose...............................................................................................................................................................7 3. Target audience..................................................................................................................................................8 4. Things to do........................................................................................................................................................8 5. General introduction..........................................................................................................................................8 6. Overview of common used protocols in Windows 2000.................................................................................10 6.1. NetBIOS Name Resolution (WINS)...................................................................................................11 6.2. DNS (Domain Name System) ...........................................................................................................12 6.2.1 DNS AND NAT..................................................................................................................................14 6.3. NetBIOS Datagram services (and Mailslot) ......................................................................................14 6.4. NetBIOS session port........................................................................................................................15 6.5. Remote Procedure Call (RPC)..........................................................................................................16 6.6. Direct Host.........................................................................................................................................17 6.7. Kerberos............................................................................................................................................17 6.8. LDAP .................................................................................................................................................21 6.9. SMTP ................................................................................................................................................22 6.10. Post Office Protocol (POP3) and IMAP4 ..........................................................................................23 6.11. HTTP, HTTPS ...................................................................................................................................24 6.12. DHCP ................................................................................................................................................25 6.13. Radius ...............................................................................................................................................26 6.14. NNTP.................................................................................................................................................27 6.15. SNTP.................................................................................................................................................27 6.16. SNMP ................................................................................................................................................28 6.17. TELNET.............................................................................................................................................28 6.18. FTP....................................................................................................................................................29 6.19. PPTP, L2TP and IPSEC ...................................................................................................................30 7. Windows 2000 Applications use of protocols..................................................................................................33 7.1. NT/Windows 2000 Server .................................................................................................................34 7.2. File Replication/DFS .........................................................................................................................34 7.2.1 Replication notification and Schedule ...............................................................................................34 7.3. Directory replication ..........................................................................................................................35 7.3.1 NT Directory replication.....................................................................................................................35 7.3.2 Windows 2000 Directory Replication Protocols ................................................................................35 7.4. NetBIOS Browser Service/Network neighbourhood .........................................................................36 7.5. Search ...............................................................................................................................................37 7.6. Boot process .....................................................................................................................................39 7.7. Logon Service ...................................................................................................................................41 7.7.1 Windows NT LAN Manager (NTLM) .................................................................................................41 7.7.2 Kerberos Version 5 ...........................................................................................................................45 7.7.3 Distributed Password Authentication (DPA) .....................................................................................49 FocusPM White paper by Claus Jespersen, HP Denmark Page3of3 Template (3 /2-Apr-1999) win2kfwmgt-v1.0 Last printed 16-Feb-00 21:58 Windows 2000 management Management through firewalls in relation to Microsoft NT and Windows 2000 ÿ 7.7.4 Public-key-based protocols ...............................................................................................................49 7.8. Add domain/leave domain.................................................................................................................50 7.9. Trust Relation....................................................................................................................................52 7.9.1 Windows NT 4.0 Trusts.....................................................................................................................52 7.9.2 Windows 2000 Transitive Domain Trust ...........................................................................................53 7.10. DCOM ...............................................................................................................................................56 7.11. Microsoft WMI ...................................................................................................................................56 7.12. Microsoft DMI ....................................................................................................................................57 7.13. Internet Explorer (IE).........................................................................................................................58 7.14. Outlook and Outlook Express ...........................................................................................................59 7.15. DNS server........................................................................................................................................59 7.16. DHCP server .....................................................................................................................................61 7.17. WINS server......................................................................................................................................63
Load more

Recommended publications
  • Page 1 of 2 KB296944
    KB296944 - HOW TO: Use File Replication Service File and Folder Filters in Windows 2000 Page 1 of 2 Knowledge Base HOW TO: Use File Replication Service File and Folder Filters in Windows 2000 PSS ID Number: 296944 Article Last Modified on 10/28/2003 The information in this article applies to: l Microsoft Windows 2000 Server l Microsoft Windows 2000 Advanced Server This article was previously published under Q296944 IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry IN THIS TASK l SUMMARY l ¡ Overview ¡ Using Dfs File and Folder Filters ¡ Setting the File and Folder Filters on an FRS Replica in Active Directory ¡ n Setting Filters for Sysvol n Setting Filters for Dfs Replicas ¡ Using Registry Entries SUMMARY This article describes how to use file and folder filters for content that is replicated by the File Replication service (FRS). FRS is a multithreaded, multiple-master replication engine that replaces the LAN Manager Replication (LMREPL) service in Microsoft Windows NT versions 3.x and 4.0. Windows 2000-based domain controllers and servers use FRS to replicate system policies and logon scripts for Windows 2000-based and earlier clients. FRS can also replicate content between Windows 2000-based servers that host the same fault-tolerant distributed file system (Dfs) roots or child node replicas.
    [Show full text]
  • Windows Poster 20-12-2013 V3
    Microsoft® Discover the Open Specifications technical documents you need for your interoperability solutions. To obtain these technical documents, go to the Open Specifications Interactive Tiles: open specifications poster © 2012-2014 Microsoft Corporation. All rights reserved. http://msdn.microsoft.com/openspecifications/jj128107 Component Object Model (COM+) Technical Documentation Technical Documentation Presentation Layer Services Technical Documentation Component Object Model Plus (COM+) Event System Protocol Active Directory Protocols Overview Open Data Protocol (OData) Transport Layer Security (TLS) Profile Windows System Overview Component Object Model Plus (COM+) Protocol Active Directory Lightweight Directory Services Schema WCF-Based Encrypted Server Administration and Notification Protocol Session Layer Services Windows Protocols Overview Component Object Model Plus (COM+) Queued Components Protocol Active Directory Schema Attributes A-L Distributed Component Object Model (DCOM) Remote Protocol Windows Overview Application Component Object Model Plus (COM+) Remote Administration Protocol Directory Active Directory Schema Attributes M General HomeGroup Protocol Supplemental Shared Abstract Data Model Elements Component Object Model Plus (COM+) Tracker Service Protocol Active Directory Schema Attributes N-Z Peer Name Resolution Protocol (PNRP) Version 4.0 Windows Data Types Services General Application Services Services Active Directory Schema Classes Services Peer-to-Peer Graphing Protocol Documents Windows Error Codes ASP.NET
    [Show full text]
  • Windows Server 2008 and Windows Vista Ebook
    ● ● ● ● ● ● ● ● ● ● ● How to access your CD files The print edition of this book includes a CD. To access the CD files, go to http://aka.ms/625143/files, and look for the Downloads tab. Note: Use a desktop web browser, as files may not be accessible from all ereader devices. Questions? Please contact: [email protected] Microsoft Press PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2008 by Derek Melber All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2008920568 Printed and bound in the United States of America. 1 2 3 4 5 6 7 8 9 QWT 3 2 1 0 9 8 Distributed in Canada by H.B. Fenn and Company Ltd. A CIP catalogue record for this book is available from the British Library. Microsoft Press books are available through booksellers and distributors worldwide. For further infor- mation about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to [email protected]. Microsoft, Microsoft Press, Active Desktop, Active Directory, ActiveX, BitLocker, Excel, FrontPage, HotStart, InfoPath, Internet Explorer, NetMeeting, OneNote, Outlook, PowerPoint, SideShow, Visio, Visual Basic, Visual Studio, Windows, Windows Live, Windows Media, Windows NT, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
    [Show full text]
  • Windows Server Firewall Configuration
    Windows Server Firewall Configuration • Windows Server Firewall, page 1 • Cisco Firewall Configuration Utility Prerequisites, page 2 • Run Cisco Firewall Configuration Utility, page 2 • Verify New Windows Firewall Settings, page 3 • Windows Server Firewall Communication with Active Directory, page 4 • CiscoICMfwConfig_exc.xml File, page 7 • Windows Firewall Troubleshooting, page 8 Windows Server Firewall Windows Server 2008 R2 includes Windows Firewall. Windows Firewall is a stateful host firewall that drops all unsolicited incoming traffic. This behavior of Windows Firewall provides some protection from malicious users and programs that use unsolicited incoming traffic to attack computers. More information can be found in the Microsoft Windows Firewall Operations Guide at http:// technet.microsoft.com/en-us/library/cc739696(WS.10).aspx. If you are using IPsec, consult the Microsoft TechNet article, Managing IPSec and Multicast Settings, at http:/ /technet.microsoft.com/en-us/library/cc779589(WS.10).aspx. Note Windows Firewall is disabled by default on systems that have been upgraded to SP1. Systems that have a new installation of Windows Server 2008 R2 have Windows Firewall enabled by default. When you enable Windows Firewall on your servers, open all ports that the Unified ICM/Unified CCE components require. Cisco provides a utility to automatically allow all traffic from Unified ICM/Unified CCE applications on a Windows Server 2008 R2. Additionally, the utility can open ports for common third-party applications used in the Unified ICM/Unified CCE environment. The script reads the list of ports in the file %SYSTEMDRIVE%\CiscoUtils\FirewallConfig\CiscoICMfwConfig_exc.xml and uses the directive contained therein to modify the firewall settings.
    [Show full text]
  • TCP/IP Fundamentals for Microsoft Windows
    TCP/IP Fundamentals for Microsoft Windows Microsoft Corporation Published: May 21, 2006 Updated: Jan 9, 2012 Author: Joseph Davies Editor: Anne Taussig Abstract This online book is a structured, introductory approach to the basic concepts and principles of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite, how the most important protocols function, and their basic configuration in the Microsoft® Windows Vista™, Windows Server® 2008, Windows® XP, and Windows Server 2003 families of operating systems. This book is primarily a discussion of concepts and principles to lay a conceptual foundation for the TCP/IP protocol suite and provides an integrated discussion of both Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6). The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This content is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. The terms of use of this document can be found at http://www.microsoft.com/info/cpyright.mspx. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
    [Show full text]
  • RSA Envision™ Windows Agentless Collection Troubleshooting
    RSA enVision™ Windows Agentless Collection Troubleshooting Copyright © 1996 - 2007 RSA Security Inc. enVision, Enterprise Dashboard, and Internet Protocol Database (IPDB) are trademarks of RSA Security Inc. LogSmart is a registered trademark of RSA Security Inc. All other trademarks, service marks, registered trademarks, registered service marks mentioned in this document are the property of their respective owners. Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of RSA Security Inc. RSA Security Inc. 200 Lowder Brook Drive, Suite 2000 Westwood, MA 02090 U.S.A. 781.375.9000 Windows Agentless Collection Troubleshooting Overview of Windows Collection Process The NIC Windows Service allows the envision system to retrieve Windows logs from remote Windows systems without installing any third-party software (agentless Windows). You can also use third-party Windows collection applications to collect the Windows events. See Envision Help for third-party windows collection The NIC Windows Service converts these messages into syslog events and sends them via shared memory to the NIC Collector Service. The NIC Windows Service tracks which events were read by event log type and by system so that old log information is not re-polled. By default, the NIC Windows Service polls 3 NIC log files types (Application, System, Security,) (Directory Service, DNS Server, File Replication Service are available but not set as a default).
    [Show full text]
  • Offline Assessment for Active Directory Services
    Offline Assessment for Active Directory Prerequisites How to prepare for your Offline Assessment for Active Directory. The Tools machine is used to connect to each of your Domain Controllers (DCs) and retrieve information from them, communicating over Remote Procedure Call (RPC), Server Message Block (SMB), Lightweight Directory Access Protocol (LDAP) and Distributed Component Object Model (DCOM). All data collection and analysis is done locally Once the data is collected and the survey answered, the Offline Assessment tool will analyze on the tools machine. the data locally. At a high level, your steps to success are: No data is transported 1. Install prerequisites on your Tools machine and configure your environment outside your 2. Run discovery and prerequisites checks Active Directory 3. Collect data from your DCs environment to help 4. Complete the survey protect your A checklist of prerequisite actions follows. Each item links to any additional software required data. Your data is for the Tools machine, and detailed steps included later in this document. analyzed using our RAP expert system that is part of the Offline Checklist Assessment client. Please ensure the following items have been completed before starting your engagement. 1. General Use Internet connectivity is needed to: A Microsoft Account is required to activate and sign in to the portal to download the toolset. Activate your account If you don’t have one already, you can create one at http://login.live.com To learn more about Microsoft Accounts, see: http://windows.microsoft.com/en-US/ Download the windows-live/sign-in-what-is-microsoft-account toolset Ensure access to https://services.premier.microsoft.com This document was last updated October 04, 2016.
    [Show full text]
  • A Records, 244–245, 279 -A Switch in Nbtstat, 190 in Netstat, 186 AAS Deployment Package, 710 .Aas Extension, 712 Abstract
    22_InsideWin_Index 13/3/03 9:50 AM Page 1269 Index A A records, 244–245, 279 ACEs (Access Control Entries) -a switch access masks in, 568–570 in Nbtstat, 190 command-line tools for, 572–576 in Netstat, 186 for cumulative permissions, 577 AAS deployment package, 710 for deny permissions, 578 .aas extension, 712 inheritance in, 579–580, 725–728 Abstract classes, 299–300 object ownership in, 572 Accelerated Graphics Port (AGP) adapters, 164 viewing and modifying, 570–571 Access Control Entries. See ACEs (Access ACKs in DHCP, 101–102 Control Entries) ACL Editor, 570, 723 Access control lists (ACLs) Advanced view in Active Directory security, 732–734 for inheritance, 578, 581 objects in, 339 for ownership, 572 in security descriptors, 559 for special permissions, 723–724 Access Control Settings window, 728 Edit view, 725–726 Access masks for permissions inheritance, 578 in ACEs, 568–570 blocking, 579 in DSOs, 733 settings for, 581 Access requests in Kerberos, 621 viewings, 582 Access rights. See also Permissions ACLs (access control lists) in Active Directory security in Active Directory security, 732–734 delegation, 729–732 objects in, 339 types of, 724–725 in security descriptors, 559 for group policies, 682 ACPI (Advanced Configuration and Power Access tokens Interface) contents of, 560–561 compatibility of, 23–28, 148–149 local, 559 kernel version for, 135 SIDs in, 559, 561, 581 for PnP,17, 147–149 ACCM (Asynchronous-Control- ACPIEnable option, 149 Character-Map), 1124 Activation Account domain upgrades, 496–498 in IA64, 130 BDC, 494–496 in installation, 49–50 PDC, 490–493 unattended setup scripts for, 95 Account lockout policies Active Directory, 238 in domain design, 429 bulk imports and exports in, 353–356 in password security, 593–594 DNS deployment in, 242–243 Account logons, auditing, 647 DNS integration in, 238–239 Account management, auditing, 511, 648 dynamic updates, 244–245 Accounts in domain migration.
    [Show full text]
  • Microsoft Windows Common Criteria Evaluation Security Target
    Microsoft Common Criteria Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 (Fall Creators Update) Microsoft Windows Server (Fall Creators Update) Security Target Document Information Version Number 0.04 Updated On March 23, 2018 Microsoft © 2018 Page 1 of 104 Microsoft Common Criteria Security Target Version History Version Date Summary of changes 0.01 January 27, 2018 Initial draft 0.02 February 24, 2018 Updates from security target evaluation 0.03 March 23, 2018 Updates from assurance activity evaluation 0.04 April 19, 2018 Prepared copy for publication Microsoft © 2018 Page 2 of 104 Microsoft Common Criteria Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
    [Show full text]
  • Microsoft Certification Exam 74-409: Server Virtualization with Windows Server Hyper-V and System Center
    Microsoft Certification Exam 74-409: Server Virtualization with Windows Server Hyper-V and System Center Study Guide by Orin Thomas Exam 74-409 Server Virtualization with Windows Server Hyper-V and System Center Contents Chapter 1: Virtual Machine Settings . 7 Configure dynamic memory . 7. Configure smart paging . 9. Configure resource metering . 11 Configure guest integration services . 11 Create and configure generation 1 and generation 2 virtual machines . 13 Configure and use Enhanced Session Mode . 14 Configure RemoteFX . 16 Summary . 16 Review . 17 Chapter 2: Virtual Machine Storage . 18 Creating virtual hard disks in VHD and VHDx format . 19 Configuring differencing drives . 21 Modifying virtual hard disks . 22 Configuring pass-through disks . 24 Managing checkpoints . 26 Implementing virtual Fibre Channel adapters . 27 Configuring Storage Quality of Service . 28 Configuring Hyper-V host clustered storage . 29 Configuring guest cluster storage . 30 Planning for storage optimization . 32 Deduplication . 32. Storage tiering . 34. Review . 35 2 Exam 74-409 Server Virtualization with Windows Server Hyper-V and System Center Chapter 3: Hyper-V Virtual Networks and Virtualization Networking . 36 Hyper-V virtual switches . 36 Optimizing network performance . 39 Virtual machine MAC addresses . 42 Configuring network isolation . 44 Virtual machine network adapters . 45 Virtual machine NIC teaming . 47 VMM logical networks . 49 VMM port profiles and logical switches . 50 Network Virtualization . 52 VMM virtual machine networks . 53 VMM MAC and IP address pools . 53 Windows Server Gateway . 55 Private Virtual Local Area Networks . 56 Review . 57 Chapter 4: Implementing Virtual Machines . 58 Highly available virtual machines . 58 Guest resource optimization . 61 Intelligent placement . 61. Dynamic optimization .
    [Show full text]
  • Windows Server 2003 Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Security Settings for Domain Controllers
    Windows Server 2003 Operating System Legacy, Enterprise, and Specialized Security Benchmark Consensus Security Settings for Domain Controllers Version 2.0 November 2007 Copyright ©2007, The Center for Internet Security http://www.cisecurity.org Editors: Jeff Shawgo Sidney Faber Collin Greene [email protected] The Center for Internet Security Table of Contents Table of Contents ....................................................................................................................2 Terms of Use Agreement ........................................................................................................3 Quick Start Instructions ..........................................................................................................6 For The Seasoned Security Professional ........................................................................... 6 For the Windows User Seeking Enlightenment ................................................................. 6 Windows Server 2003 – Domain Controller Benchmark .......................................................7 Intended Audience ..................................................................................................................7 Practical Application ...............................................................................................................7 Keeping Score .........................................................................................................................8 Security Levels........................................................................................................................9
    [Show full text]
  • Windows Server 2003 Security Guide
    Microsoft Solutions for Security and Compliance Windows Server 2003 Security Guide April 26, 2006 © 2006 Microsoft Corporation. This work is licensed under the Creative Commons Attribution-Non Commercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. Table of Contents iii Contents Chapter 1: Introduction to the Windows Server 2003 Security Guide ............. 1 Overview....................................................................................................1 Executive Summary .....................................................................................1 Who Should Read This Guide.........................................................................2 Scope of this Guide......................................................................................2 Chapter Summaries .....................................................................................3 Chapter 1: Introduction to the Windows Server 2003 Security Guide .............4 Chapter 2: Windows Server 2003 Hardening Mechanisms ............................4 Chapter 3: The Domain Policy..................................................................4 Chapter 4: The Member Server Baseline Policy ...........................................4 Chapter 5: The Domain Controller Baseline Policy .......................................5 Chapter 6: The Infrastructure Server Role .................................................5
    [Show full text]