Management through firewalls in relation to Microsoft NT and Windows 2000 Claus Jespersen Hewlett-Packard A/S Vestre Kongevej 4-6 DK-8260 Viby J Denmark Direct: (45) 4599 1829 Fax: (45) 8733 1888 e-mail: Mobile: (45) 4060 1829 [email protected] Solution Architect OpenView/Internet specialist Prepared by: Claus Jespersen Solution Architect Openview/Internet specialist Date Prepared: Februar 2000 Windows 2000 management Management through firewalls in relation to Microsoft NT and Windows 2000 ÿ Document Information Project Name: Management through firewalls in relation to Windows 2000 Project Manager: Document Version No: 1.0 FocusPM Phase: Document Version Date: 17. February 2000 Quality Review Method: Prepared By: Claus Jespersen Preparation Date: 17. February 2000 Reviewed By: Review Date: Distribution List From Date Phone/Fax Claus Jespersen, Hewlett-Packard Denmark, 17. February +4545991829 [email protected] 2000 To Action* Due Date Phone/Fax * Action Types: Approve, Review, Inform, File, Action Required, Attend Meeting, Other (please specify) Version History Ver. No. Ver. Date Revised By Description Filename 1.0 17. First finished version after a few drafts win2kfwmgt-v1.0.doc February 2000 FocusPM White paper by Claus Jespersen, HP Denmark Page2of2 Template (3 /2-Apr-1999) win2kfwmgt-v1.0 Last printed 16-Feb-00 21:58 Windows 2000 management Management through firewalls in relation to Microsoft NT and Windows 2000 ÿ 1. Proprietary Notice..............................................................................................................................................7 2. Purpose...............................................................................................................................................................7 3. Target audience..................................................................................................................................................8 4. Things to do........................................................................................................................................................8 5. General introduction..........................................................................................................................................8 6. Overview of common used protocols in Windows 2000.................................................................................10 6.1. NetBIOS Name Resolution (WINS)...................................................................................................11 6.2. DNS (Domain Name System) ...........................................................................................................12 6.2.1 DNS AND NAT..................................................................................................................................14 6.3. NetBIOS Datagram services (and Mailslot) ......................................................................................14 6.4. NetBIOS session port........................................................................................................................15 6.5. Remote Procedure Call (RPC)..........................................................................................................16 6.6. Direct Host.........................................................................................................................................17 6.7. Kerberos............................................................................................................................................17 6.8. LDAP .................................................................................................................................................21 6.9. SMTP ................................................................................................................................................22 6.10. Post Office Protocol (POP3) and IMAP4 ..........................................................................................23 6.11. HTTP, HTTPS ...................................................................................................................................24 6.12. DHCP ................................................................................................................................................25 6.13. Radius ...............................................................................................................................................26 6.14. NNTP.................................................................................................................................................27 6.15. SNTP.................................................................................................................................................27 6.16. SNMP ................................................................................................................................................28 6.17. TELNET.............................................................................................................................................28 6.18. FTP....................................................................................................................................................29 6.19. PPTP, L2TP and IPSEC ...................................................................................................................30 7. Windows 2000 Applications use of protocols..................................................................................................33 7.1. NT/Windows 2000 Server .................................................................................................................34 7.2. File Replication/DFS .........................................................................................................................34 7.2.1 Replication notification and Schedule ...............................................................................................34 7.3. Directory replication ..........................................................................................................................35 7.3.1 NT Directory replication.....................................................................................................................35 7.3.2 Windows 2000 Directory Replication Protocols ................................................................................35 7.4. NetBIOS Browser Service/Network neighbourhood .........................................................................36 7.5. Search ...............................................................................................................................................37 7.6. Boot process .....................................................................................................................................39 7.7. Logon Service ...................................................................................................................................41 7.7.1 Windows NT LAN Manager (NTLM) .................................................................................................41 7.7.2 Kerberos Version 5 ...........................................................................................................................45 7.7.3 Distributed Password Authentication (DPA) .....................................................................................49 FocusPM White paper by Claus Jespersen, HP Denmark Page3of3 Template (3 /2-Apr-1999) win2kfwmgt-v1.0 Last printed 16-Feb-00 21:58 Windows 2000 management Management through firewalls in relation to Microsoft NT and Windows 2000 ÿ 7.7.4 Public-key-based protocols ...............................................................................................................49 7.8. Add domain/leave domain.................................................................................................................50 7.9. Trust Relation....................................................................................................................................52 7.9.1 Windows NT 4.0 Trusts.....................................................................................................................52 7.9.2 Windows 2000 Transitive Domain Trust ...........................................................................................53 7.10. DCOM ...............................................................................................................................................56 7.11. Microsoft WMI ...................................................................................................................................56 7.12. Microsoft DMI ....................................................................................................................................57 7.13. Internet Explorer (IE).........................................................................................................................58 7.14. Outlook and Outlook Express ...........................................................................................................59 7.15. DNS server........................................................................................................................................59 7.16. DHCP server .....................................................................................................................................61 7.17. WINS server......................................................................................................................................63