Password Authentication Protocol

Password Authentication Protocol (PAP) passes a password as a string from the user's computer to the NAS device. When the NAS forwards the password, it is encrypted using the RADIUS shared secret as an encryption key.

Challenge Handshake Authentication Protocol

Challenge Handshake Authentication Protocol (CHAP) is designed to address the concern of passing passwords in plaintext. By using CHAP, the NAS sends a random number challenge to the user's computer. The challenge and the user's password are then hashed by using MD5. The client computer then sends the hash as a response to the NAS challenge and the NAS forwards both the challenge and response in the RADIUS Access-Request packet.

Microsoft Challenge Handshake Authentication Protocol

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) is a variant of CHAP that does not require a plaintext version of the password on the authenticating server. In MS-CHAP the challenge response is calculated with an MD4 hashed version of the password and the NAS challenge. 

Microsoft Challenge Handshake Authentication Protocol Version 2

Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2) provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving. For VPN connections, Windows 2000 servers offer MS-CHAP v2 before offering the legacy MS-CHAP. Updated Windows clients accept MS-CHAP v2 when it is offered.

Extensible Authentication Protocol

Extensible Authentication Protocol (EAP) is an extension to the Point-to-Point protocol (PPP) that works with dial-up, PPTP, and L2TP clients. EAP allows the addition of new authentication methods known as EAP types. Both the dial-in client and the remote access server must support the same EAP type for successful authentication to occur.

1. EAP-MD5 CHAP
   
2. EAP-TLS
   
3. EAP-RADIUS
   

Guest Access for PPP Users

Guest access is the ability to log on to a domain without a user name and/or a password. Both Routing and Remote Access service and IAS must be configured to support unauthenticated access.

DNIS Authorization

Dialed Number Identification Service (DNIS) authorization is the authorization of a connection attempt based on the number called. This attribute is referred to as Called Station ID. DNIS is used by standard telecommunication companies. This service returns the number called to the called party. Based on the Called Station ID attribute, IAS can deliver different services to dial-up/remote access users.

ANI Authorization

ANI authorization is based on the number the user called from. This attribute is referred to as Calling Station ID, or Caller ID. Based on the Calling-Station-ID attribute, IAS can deliver different services to dial-up/remote access users.

Features: 
1) Configure easily your network settings, including Hostname, domain, DNS, search domains and network interfaces configuration 
2) This tool will let you easily share your folders through Samba or NFS 
3) Manage easily the users and the permissions that they have in your computer 
4) Manage time, date and timezone, or synchronize automatically your clock with internet time servers 
5) Specify the services and daemons that start at boot time

FAT16 vs. FAT32

Table 3.9 provides a comparison of FAT16 and FAT32 cluster sizes according to drive size.

Table   3.9 Cluster Sizes of FAT16 and FAT32

Drive Size	Default FAT16 Cluster Size	Default FAT32 Cluster Size
260 MB–511 MB	8 KB	Not supported
512 MB–1,023 MB	16 KB	4 KB
1,024 MB–2 GB	32 KB	4 KB
2 GB–8 GB	Not supported	4 KB
8 GB–16 GB	Not supported	8 KB
16 GB–32 GB	Not supported	16 KB
> 32 GB	Not supported	32 KB

There are additional differences between FAT32 and FAT16:

• FAT32 allows finer allocation granularity (approximately 4 million allocation units per volume).

• FAT32 allows the root directory to grow (FAT16 holds a maximum of 512 entries, and the limit can be even lower due to the use of long file names in the root folder).

Advantages of FAT16

Advantages of FAT16 are:

• MS-DOS, Windows 95, Windows 98, Windows NT, Windows 2000, and some UNIX operating systems can use it.

• There are many tools available to address problems and recover data.

• If you have a startup failure, you can start the computer with an MS-DOS bootable floppy disk.

• It is efficient, both in speed and storage, on volumes smaller than 256 MB.

 

Disadvantages of FAT16

Disadvantages of FAT16 are:

• The root folder can manage a maximum of 512 entries. The use of long file names can significantly reduce the number of available entries.

• FAT16 is limited to 65,536 clusters, but because certain clusters are reserved, it has a practical limit of 65,524. Each cluster is fixed in size relative to the logical drive. If both the maximum number of clusters and their maximum size (32 KB) are reached, the largest drive is limited to 4 GB on Windows 2000. To maintain compatibility with MS-DOS, Windows 95, and Windows 98, a FAT16 volume should not be larger than 2 GB.

• The boot sector is not backed up.

• There is no built-in file system security or file compression with FAT16.

• FAT16 can waste file storage space in larger drives as the size of the cluster increases. The space allocated for storing a file is based on the size of the cluster allocation granularity, not the file size. A 10-KB file stored in a 32-KB cluster wastes 22 KB of disk space.

 

Advantages of FAT32

FAT32 allocates disk space much more efficiently than previous versions of FAT. Depending on the size of your files, there is a potential for tens and even hundreds of megabytes more free disk space on larger hard disk drives. In addition, FAT32 provides the following enhancements:

• The root folder on a FAT32 drive is now an ordinary cluster chain, so it can be located anywhere on the volume. For this reason, FAT32 does not restrict the number of entries in the root folder.

• It uses space more efficiently than FAT16. FAT32 uses smaller clusters (4 KB for drives up to 8 GB), resulting in 10 to 15 percent more efficient use of disk space relative to large FAT16 drives. FAT32 also reduces the resources necessary for the computer to operate.

• FAT32 is more robust than FAT16. FAT32 has the ability to relocate the root directory and use the backup copy of the FAT instead of the default copy. In addition, the boot record on FAT32 drives has been expanded to include a backup of critical data structures. This means that FAT32 volumes are less susceptible to a single point of failure than FAT16 volumes.

 

Disadvantages of FAT32

Disadvantages of FAT32 include:

• The largest FAT32 volume Windows 2000 can format is limited in size to 32 GB.

• FAT32 volumes are not accessible from any other operating systems other than Windows 95 OSR2 and Windows 98.

• The boot sector is not backed up.

• There is no built-in file system security or compression with FAT32.

Download Now

AVG Antivirus

Arguably the best free tool in the market, AVG Antivirus Free is a combined tool that serves as an antispyware, e-mail and URL scanner. It allows you to turn on auto scanning and update options in addition to updating virus definitions periodically. This tool is compatible with Windows 7/Vista/XP/2000. On the other hand, if you are looking for advanced features, you can also get them on this freeware. Features like set-and-forget are also integrated with this version of AVG.

Avira AntiVir Personal

The AntiVir Personal from Avira is a free antivirus that defends your PC from a wide range of malicious programs like Trojans, worms, spyware and adware along with other potential malware. Thus, this is a complete solution to viruses and malware related problems. The interface of this program is very user friendly which adds value along with its competent protective features. The only drawback of this security software is its complicated setup process which can give a tough time to the beginners. Besides being compatible with Windows 7, Windows Vista, Windows XP and Windows 2000, the Avira AntiVir Personal also has a version that is compatible with UNIX.

Using NFS to Share Files

NFS (Network File System) is another way of sharing files across a network. It is used primarily in Linux and UNIX systems, although there are NFS clients for Windows.

Installing NFS

1.    Use the following command to install NFS:

        yum -y install nfs-utils nfs-utils-lib

Configuring NFS

Configuration of NFS is pretty simple. You add the directories you wish to export to the file/etc/exports.

2.    Create a directory called /public with the following command:

        mkdir /public

3.    Populate it with three empty files:

       touch /public/nfs1 /public/nfs2 /public/nfs3

4.    Next, edit the file /etc/exports:

        vi /etc/exports

5.    Add the following line to /etc/exports:

       /public    *(ro,sync)

Here's an explanation of the fields in the command:

/public--The directory to be shared *--The clients allowed to access the share. You can restrict it by IP address. For example, you could, instead of the asterisk, put  192.168.0.0/24 to restrict it to clients on the 192.168.0.0/24 network. ro--Read only access sync--Reply to requests only after any changes have been committed to stable storage. This is a slower, but more stable option than alternatives.

In the following screen capture, you can see how I configured /etc/exports to share /public:

Figure 7: Configuring an NFS shared directory in /etc/exports.

6.    NFS requires the rpcbind service to be running. Start it with the following command:

        service rpcbind start

7.    Then, start the nfs server:

        /etc/init.d/nfs start

        (You could also use service nfs start.

8.    If you want NFS to start at boot, use the following command:

 chkconfig --levels 235 nfs on

9.    Enable the export immediately with the command exportfs -v. You can view the export with the command showmount -e.

If you are using a firewall, you must explicitly allow traffic from your local subnet to access the server.

For more information, see chapter 10 on Linux security.

Configuring the NFS Client

You must install the nfs package on the client with this command:

        yum -y install nfs-utils nfs-utils-lib

Once the package is installed, you can use the showmount command to view exports on an NFS server:

Figure 8: Viewing NFS shares with the showmount command.

You can also create a new directory on your client and mount the NFS export to the directory, thus giving you access to the files in the directory: 

Figure 9: Creating and viewing a mount point for the NFS share.

In the above example, I mounted the export from LinuxServer01 (/public) to a directory on my local client machine, called ubuntuServer02. As you can see, after it was mounted, I was able to view the contents of the exported directory locally.

Using rsync to Synchronize Files between Servers

When administering file servers, you may want to configure replication to help minimize the chance of data loss in the event of a server crash. One way to do that is with the rsync utility, which allows you to seamlessly move one or more files from one server to another. Unlike a simple file copy, however, rsync can perform differential file transfers, transferring only the data that has changed. A benefit of rsync is that mirroring occurs with only a single transmission in each direction.

Installing rsync

Use yum to install rsync with the command: yum install -y rsync. The rsync utility must be installed on both computers participating in the mirroring.

Basic rsync syntax

rsync <options> <source> <destination>

Some common rsync options

• -a--archive mode, which allows copying files recursively, plus it preservers symbolic links, user and group ownership, file permissions, and timestamps
• -e--specifies the remote shell to use. This option allows you to use SSH for the transfer
• -h--human-readable which causes the system to output numbers in a human-readable format
• -r--copy data recursively without preserving timestamps and permissions
• -u--updates only files that have changed since the last rsync
• -v--verbose
• -z--compress data 
  

A virtual private network (VPN) is a technology that creates an encrypted connection over a less secure network. The benefit of using a VPN is that it ensures the appropriate level of security to the connected systems when the underlying network infrastructure alone cannot provide it. The justification for using a VPN instead of a private network usually boils down to cost and feasibility: It is either not feasible to have a private network (e.g., for a traveling sales rep) or it is too costly to do so. The most common types of VPNs are remote-access VPNs and site-to-site VPNs. 

Name some VPN technologies supported by Windows 2000

Microsoft Windows 2000-based virtual private networking (VPN) supports Internet-industry standards technology to provide customers with an open interoperable VPN solution. Microsoft is committed to IETF (Internet Engineering Task Force) standards-track-based technology such as Internet Protocol Security (IPSec) and Layer 2 Tunneling Protocol (L2TP) as well as Point-to-Point Tunneling Protocol (PPTP)a proven published informational RFC that is supported in multiple interoperable third-party products.

• 
  PPTP provides simple-to-use, lower-cost VPN security. Unlike IPSec technology, PPTP is compatible with Network Address Translators (NAT) and supports both multi-protocol and multicast environments. It also combines standard user password authentication with strong encryption without requiring the complexity and expense of public key infrastructure (PKI).
• 
  IPSec provides advanced security for VPN but was not designed to address critical remote access requirements such as User Authentication and Address Assignment. In addition, it does not support multi-protocol or multicast (including some routing protocols). It is applicable primarily to IP-only, unicast-only situations.
• 
  L2TP in combination with IPSec is the only standards-track technology that addresses these remote access VPN requirements while leveraging IPSec for encryption. L2TP currently retains the same IETF standards-track status as IPSec.
• 
  Third-party IPSec-only implementations that do not use L2TP with IPSec are using non-standard proprietary technologies that can lock customers into closed solutions.