Windows 7 : Advanced Networking Concepts

2/28/2011 11:10:00 AM
Windows 7 includes support for advanced network features, which include IPSec and VPN. These protocols have existed for some time, but they are more readily available and usable in Windows 7 than they were in earlier releases of Windows. I’ll also take a brief look at the Open Systems Interconnection (OSI) model.

14.4.1. Introducing VPN

If you are a traveler and you work in a corporate environment, you have probably used a VPN connection to connect to your corporate network on the road, in order to check your email, or possibly to update sales orders and the like. VPN makes connecting to remote networks secure and easy.

VPN allows remote users to connect to a network confidentially over a public network. VPN uses standard protocols (TCP/IP, SSL) to traverse the public network, making it very easy to use. VPN consists of two types: Secure VPN and Trusted VPN. Each type uses different processes to gain connectivity to a remote network.

Secure VPN uses cryptographic tunneling protocols to gain private access to the remote network. Secure VPN can use IPSec to encrypt the data traversing the VPN connection. Secure VPN also supports SSL to encrypt the data, essentially creating a web proxy, not really a VPN connection. Point-to-Point Tunneling Protocol (PPTP), the original VPN protocol, has aged and does not secure data as well as Layer 2 Tunneling Protocol (L2TP). In addition, Layer 2 Tunneling Protocol version 3 (L2TPv3) also works in Windows 7.

Trusted VPN does not use a cryptographic set to allow tunneling. Instead, it uses the provider’s network to encrypt data. Usually, Multi-Protocol Label Switching (MPLS) makes up the trusted VPN tunnel, but this type of VPN also supports use of the Layer 2 Forwarding (L2F) protocol.

Most networks supporting VPN give you access to a VPN client, which you install. If you use Routing and Remote Access Service (RRAS) on your network, you can use the Connect to a Workplace option in the “Set up a new connection or network” window. You have the choice of dialing directly to your workplace or using your Internet connection. Dialing directly requires a phone line and does not use the Internet. Of course, the other choice requires you to have a connection to the Internet. Click your desired option and enter the name of the server, or IP address. Give the destination a meaningful name; select the security properties, which consist of Smart Cards, Sharing, and Just Set Up; and then click the Next button. Enter your username, password, and optional domain information and then click the Create button. To connect, click the Connect Now button and you should connect to the VPN server.

14.4.2. Introducing IPSec

IPSec offers the ability to encrypt network transmissions at the adapter level. IPSec varies from Secure Sockets Layer (SSL) in terms of the OSI layer it encrypts. SSL typically encrypts at the application/protocol layer (OSI layer 7), and IPSec encrypts data at the transport layer (OSI layers 4–7). Because SSL works only at the application protocol layer, if you transmit data over any other port or use any application other than the one bound to the SSL protocol, that data is not encrypted (for example, when you use an HTTPS URL to connect to your bank’s website, only that web session is protected by SSL). IPSec, however, encrypts all of the data transmitted from the network adapter at the transport layer.

IPSec includes two encryption mechanisms: transport and tunneling. Most implementations use the tunneling version, which encapsulates the entire packet. This feature allows for routable information to other hosts to be unencrypted while the internal header and the rest of the data stay encrypted. This makes it possible to use Network Address Translation (NAT), which lets you use a single device to allow traffic into and out of the network using private IP addressing—something your broadband router does for you automatically.

The transport mechanism usually consists of one-to-one communication among computers on the same network. Transport encrypts the data, not the header, and creates a hash of the packet. Using the transport method does not allow you to use NAT, thereby making external communications difficult. The reason lies in the method: transport creates a hash of the packet; when it hashes the packet, it rewrites part of the header, making the header value mismatch the rest of the packet, thereby rendering the packet invalid.

You may ask yourself, “How does it encrypt the data?” That is a very good question. First, the adapters create a trusted relationship by importing a digital certificate into each network adapter. When the adapter connects to the network, possibly via a VPN tunneling server or Active Directory domain controller, it verifies the digital certificate, trades private and public keys that are associated with the certificate, and verifies the MAC address of the network adapter. The adapter creates a hash value for each packet transmitted to the adapter, including a timestamp, alleviating replay attacks against the adapter.

14.4.3. Understanding the OSI Model

The Open Systems Interconnection (OSI) model defines the ways protocols operate by breaking the different aspects of protocols into layers. The OSI model uses seven layers with different purposes to define how protocols function. Each layer may use the functionality of the first layer below it and export functionality to the next layer above it. See Table 14-10 for a detailed listing of the OSI model’s layers.

Table 14-10. OSI layer reference
Layer levelLayer name
Layer 1Physical
Layer 2Data Link
Layer 3Network
Layer 4Transport
Layer 5Session
Layer 6Presentation
Layer 7Application

OSI layer 1 covers all of the physical connectivity specifications of devices. This includes any electrical voltage, pin-outs, connectors, cables, and hubs. Layer 1 defines all network adapters, network devices that do not work in layer 2, and host bus adapters used in storage area networks (SANs). The main purpose of layer 1 includes establishing a connection or disconnection from a network medium. Layer 1 also covers modulation and flow control over the network medium.

OSI layer 2 controls the means of controlling data transfer among network entities. Layer 2 also handles the control mechanism of data transferred among network entities. Bridges and switches both work within layer 2. Although there are layer 3 switches, they work on layer 2 without the use of a router.

OSI layer 3 controls the functional means of transferring data among network entities. Layer 3 handles the variable length sequences to and from destinations among networks. It also handles QoS for the transport layer. Routing also occurs at layer 3 (in fact, routing is the most common use of layer 3).

OSI layer 4 controls the transfer of data among users, and provides reliable data transfer to the layers above itself. Layer 4 controls flow as well as errors. This layer controls the retransmit of packets lost in transport among users. TCP uses this layer as the control portion of the protocol. Layer 4 also converts data into the User Datagram Protocol (UDP) and Stream Control Transmission Protocol (SCTP) formats.

OSI layer 5 controls the networked communications between computers. This includes managing and terminating connections among machines. Layer 5 controls duplex modes on network traffic, which includes full- and half-duplex operations. TCP uses layer 5 to control the flow of data and to terminate connections.

OSI layer 6 provides a standard interface to transform data into the correct format for the application layer. Standard uses of layer 6 include data encryption, compression, and specific types of encoding, including MIME encoding. Layer 6 also allows for the transformation into and out of the XML format.

OSI layer 7 controls the means a user needs to access network resources through an application. Programs that use layer 7 include SMTP, HTTP, FTP, Telnet, IPSec, IM, and other applications.

Each layer of the OSI model handles different portions of the networking process and helps to define the process of finding errors, or just understanding how the complex process of networking actually works. Armed with the information from the OSI model, we can begin to truly understand, create, and even fix networks as well as the protocols used to transmit data across networks.

  •  Windows 7 : Networking with TCP/IP (part 2) - Understanding IPv6 & Configuring IPv4, IPv6, and Other Protocols
  •  Windows 7 : Networking with TCP/IP (part 1) - Understanding IPv4 & Using Private IPv4 Addresses and Networking Protocols
  •  Windows 7 : Mapping Your Networking Infrastructure (part 2) - Viewing the Network Map & Viewing and Managing Your Network Connections
  •  Windows 7 : Mapping Your Networking Infrastructure (part 1) - Using the Network and Sharing Center
  •  Windows 7 : Understanding Home and Small-Business Networks
  •  Troubleshooting Windows 7 Programs and Features
  •  Windows 7 : Getting Help and Giving Others Assistance
  •  Windows 7 : Recovering After a Crash or Other Problem (part 3)
  •  Windows 7 : Recovering After a Crash or Other Problem (part 2) - Restoring Previous Versions of Files & Recovering Files from Backup
  •  Windows 7 : Recovering After a Crash or Other Problem (part 1) - Recovering Using Restore Points
    Video tutorials
    - How To Install Windows 8

    - How To Install Windows Server 2012

    - How To Install Windows Server 2012 On VirtualBox

    - How To Disable Windows 8 Metro UI

    - How To Install Windows Store Apps From Windows 8 Classic Desktop

    - How To Disable Windows Update in Windows 8

    - How To Disable Windows 8 Metro UI

    - How To Add Widgets To Windows 8 Lock Screen

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010
    programming4us programming4us