Microsoft Press Windows Vista Administrator's Pocket Consultant ebook
Page 48
Resolution: Client For Microsoft Networks might be required to access resources on the office network. Enable this component and ensure that the domain information is being passed as necessary.
Problem: User can never get through. The modem seems to be dialing the number incorrectly. You can hear it dialing too many or too few numbers.
Resolution: Check the dialing rules for the connection as well as the currently selected dialing location. Make sure these are configured properly for the user's current location.
Problem: A No Dial Tone message is displayed but the modem is installed correctly and seems to be okay.
Resolution: Check the phone cord and ensure that it is connected properly. Some modems have two line jacks, one labeled Phone/In and one labeled Line/Out. The phone cord from the wall jack should be plugged into the Line/Out jack. Some phone jacks are configured for data only, indicating a plug-in for a high-speed line rather than a phone or modem. Try a different plug.
Problem: The computer freezes when the user tries to use the modem.
Resolution: This is most likely caused by a device conflict. Follow the techniques discussed in Chapter 3, "Configuring Hardware Devices and Drivers," for configuring and troubleshooting devices.
Problem: Some services freeze or don't work.
Resolution: Check the proxy and firewall settings. These settings can restrict the services that are available.
Connecting with Broadband
Broadband connections are established using a cable modem and a cable line, or a DSL router and a telephone line. To establish a broadband connection, follow these steps:
Click Start and then click Connect To. In Connect To A Network, click the broadband connection you want to use and then click Connect.
Confirm that the user name is correct and enter the password for the account if it doesn't already appear.
To use the user name and password whenever you attempt to establish this connection, select Save This User Name And Password For The Following Users and then select Me Only.
To use the user name and password when any user attempts to establish this connection, select Save This User Name And Password For The Following Users and then select Anyone Who Uses This Computer.
Click Connect.
If you have problems connecting with broadband, use these tips to help you troubleshoot:
Problem: Cannot connect. Connection doesn't seem to work at all.
Resolution: Check your network connections. Ensure that the lines connecting the DSL router or cable modem and the computer are plugged in properly.
Problem: Connection is dropped unexpectedly. The connection doesn't seem to complete successfully.
Resolution: Check your networking protocols and components as discussed in the "Configuring Networking Protocols and Components" section of this chapter. If this seems to be okay, determine whether you are passing Windows logon and domain information, as this might be required. See the "Configuring Connection Logon Information" section of this chapter.
Problem: Some services freeze or don't work.
Resolution: Check the proxy and firewall settings. These settings can restrict the services that are available.
Problem: Cannot access resources in the Windows domain.
Resolution: Client For Microsoft Networks might be required to access resources on the office network. Enable this component and ensure that the domain information is being passed as necessary.
Connecting with VPN
A VPN connection is made over an existing local area connection, dial-up connection, or broadband connection.
VPN connections are displayed separately from dial-up, broadband, and local area network (LAN) connections. To establish a VPN connection, follow these steps:
Click Start and then click Connect To. In Connect To A Network, click the VPN connection you want to use and then click Connect.
If the connection is configured to first dial another type of connection, Windows Vista tries to establish this connection before attempting the VPN connection. If prompted to establish this connection, click Yes. Then dial the connection as discussed in the "Connecting with Dial-Up" section of this chapter.
Once the necessary connection is established, you'll see the Connect dialog box. After you confirm that the user name is correct and enter the password for the account if it doesn't already appear, click Connect.
If you have problems establishing the connection, use these tips to help you troubleshoot:
Problem: Cannot connect. Connection doesn't seem to work at all.
Resolution: Check your network connections. Ensure that the lines connecting the DSL router or cable modem and the computer are plugged in properly.
Problem: Returns error message regarding the host name.
Resolution: The host name might be incorrectly specified. Check the settings to ensure the host name is fully expressed, such as http://www.external01.microsoft.com rather than simply external01. DNS resolutions might not be working properly either. If this is the case, enter the IP address for the host rather than the host name.
Problem: Returns error message regarding a bad IP address.
Resolution: Check or reenter the IP address. If the IP address was correct, TCP /IP networking might be improperly configured. Check your networking protocols and components as discussed in the "Configuring Networking Protocols and Components" section of this chapter. You might need to set a default gateway and a static IP address for the connection.
Problem: Message stating that the protocol isn't supported is displayed, and the connection doesn't seem to complete successfully.
Resolution: Set the protocol to automatic rather than to a specific setting of either PPTP or L2TP. Check the secure logon settings. They might be set to require a secure password instead of smart card or vice versa. If this seems to be okay, determine whether you are passing Windows logon and domain information, as this might be required. See the "Configuring Connection Logon Information" section of this chapter.
Problem: Cannot map network drives or access printers.
Resolution: File And Printer Sharing For Microsoft Networks is required to map drives and printers. Enable this component as discussed in the "Configuring Networking Protocols and Components" section of this chapter.
Problem: Some services freeze or don't work.
Resolution: Check the proxy and firewall settings. These settings can restrict the services that are available.
Wireless Networking
To make it easier for users to take their laptops with them to meetings and to other locations in the office, many organizations are implementing wireless networks. Wireless networks can be deployed and used in many different configurations. This section examines the most common configurations.
Wireless Network Devices and Technologies
When you are working with wireless networks, the most common terms you'll run across are wireless network adapter and wireless access point. Wireless adapters include PC cards for notebooks, Peripheral Component Interconnect (PCI) cards for desktops, and universal serial bus (USB) devices (which can be used with notebooks or desktops). A wireless adapter uses a built-in antenna to communicate with an access point. Typically, an access point is directly connected to the organization's physical network and might also function as a network switch or hub itself, meaning it has physical ports that allow direct cable connections as well as wireless connections. Other names for access points include wireless base stations and wireless gateways.
The most widely used wireless network adapters and access points are based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 specification. Wireless devices that are based on this specification can be Wi-Fi Certified to show they have been thoroughly tested for performance and compatibility. Table 13-3 provides a feature comparison of the most-used wireless technologies based on IEEE 802.11. As the table describes, there are four standards, and each has benefits and drawbacks. It should be noted that although 802.11a wireless
devices cannot interoperate with 802.11b or 802.11g devices, fewer devices use the 5-gigahertz (GHz) range, making it less likely that there will be interference with other types of wireless devices (the majority of which use the 2.4-GHz range). For added security, IEEE has defined the newer 802.11i standard.
Table 13-3: Wireless Networking Technologies
Wireless Standard
802.11a
802.11b
802.11g
Speed
Up to 54 Mbps
Up to 11 Mbps
Up to 54 Mbps
Transmission frequency
5 GHz
2.4 GHz
2.4 GHz
Effective indoor range
Approximately 25 to 75 feet
Approximately 100 to 150 feet
Approximately 100 to 150 feet
Compatibility
Incompatible with 802.11b and 802.11g
802.11b wireless devices can interoperate with 802.11g devices (at 11 Mbps); 802.11g wireless adapters can operate with 802.11b access points (at 11 Mbps)
802.11g wireless devices can operate with 802.11b devices (at 11 Mbps)
Unlike the 802.11a, 802.11b, and 802.11g standards, the 802.11i standard isn't about transmission speeds and frequencies. 802.11i is a security standard that you can add to the existing standards. More specifically, it adds security functionality to the radio specifications of 802.11a, 802.11b, and 802.11g. This means 802.11a network adapters and access points can include the 802.11i security functionality, as can 802.11b and 802.11g wireless products.
Note
Keep in mind that some computers (particularly laptops) contain integrated chip sets that support multiple wireless networking technologies. Wi-Fi Protected Access Version 2 (WPA2) is the approved Wi-Fi Alliance implementation of 802.11i. WPA2 implements all mandatory elements of the 802.11i standard.
Real World
Take a close look at compatibility issues before you deploy wireless devices that aren't IEEE 802.11 based. Increasingly, you'll see devices that achieve speeds higher than 54 Mbps. Some of these devices achieve speed boosts through compression and other similar techniques while staying within the guidelines of the IEEE 802.11 specification. Others might use network technologies that are proprietary, requiring you to use that company's wireless adapters and access points to achieve the transmission improvements. For more information on wireless standards and certified devices, go to http://www.wi-fi.org.
Wireless Security
Securing a wireless network is very different from securing a wired network. With a wired network, a cable is used to connect a computer to the network. A user must use a cable to be physically connected to the network and must have access to one of your internal switches or hubs. If an unauthorized person connects a machine to the network, it is fairly easy to determine this and trace the physical cable to the intruder's computer.
When you install wireless networking, anyone within range of one of your wireless access points has access to your network. Not only can they intercept the wireless signals that are being broadcast, they can also try to crack into the network. The bad news is that it is difficult to locate the intruder because there's no physical wire to trace. The really bad news is that if intruders can gain access to a wireless access point, they are usually inside your organization's firewall. To protect the network, you should configure its firewall if one is available and configure the wireless devices to encode all wireless transmissions.
The most basic wireless encryption scheme is Wireless Equivalency Protection (WEP). With WEP, you encrypt data using 40-bit, 128-bit, 152-bit, or higher private key encryption. With WEP, all data is encrypted using a symmetric key derived from the WEP key or password before it is transmitted, and any computer that wants to read the data must be able to decrypt it using the key. In a typical wired environment, the shared key encryption alone is sufficient to safeguard your data. In a wireless environment, with high traffic volume, it is possible that someone could successfully break the shared key, and because the shared key doesn't change automatically over time, the intruder would then have access to your organization's internal network.
Because WEP provides only the most basic security, its use is strongly discouraged, except in cases where no alternative exists. The preferred alternatives to WEP are WiFi Protected Access (WPA) and Wi-Fi Protected Access Version 2 (WPA2). WPA was adopted by the Wi-Fi Alliance as an interim standard prior to the ratification of 802.11i. WPA2 is based on the official 802.11i standard and is fully backwards compatible with WPA.
WPA and WPA2 are able to rotate keys for added security and to change the way keys are derived. By changing the encryption keys over time and ensuring they aren't derived in one specific way, WPA and WPA2 can improve security significantly over WEP. WPA-compatible and WPA2-compatible devices can operate in enterprise mode or in a personal, home/small office configuration, as explained in the following points:
Enterprise mode provides authentication using IEEE 802.1X and EAP. In the enterprise mode, wireless devices have two sets of keys: session keys and group keys. Session keys are unique to each association between an access point and a wireless client. They are used to create a private virtual port between the access point and the client. Group keys are shared among all clients connected to the same access point. Both sets of keys are generated dynamically and are rotated to help safeguard the integrity of keys over time.
Personal mode provides authentication via a preshared key or password. In a personal, home/small office configuration, WPA uses a preshared encryption key rather than a changing encryption key. Here, the user enters a master key (the group key) into the access point and then configures all the other wireless devices to use this master key. A wireless device uses the master key as a starting point to mathematically generate the session key. It then regularly changes the session key so that the same session key is never used twice. Because the key rotation is automatic, key management is handled in the background.
WPA and WPA2 are fully compatible with 802.11a, 802.11b, and 802.11g. Many wireless devices shipped before WPA and WPA2 became available can be made fully compatible with WPA and WPA2 through a software upgrade. With WPA, no additional modifications are necessary. The same is not necessarily true with WPA2 because some wireless devices may require processor or other hardware upgrades to be able to perform the computationally intensive Advanced Encryption Standard (AES) encryption.
When working with WPA and WPA2, keep the following in mind:
All products Wi-Fi certified for WPA2 are interoperable with products that are Wi-Fi certified for WPA.
Both WPA and WPA2 have personal and enterprise modes of operation.
Both WPA and WPA2 use 802.1X and EAP for authentication.
WPA provides strong data encryption via Temporal Key Integrity Protocol (TKIP).
WPA2 provides enhanced data encryption via AES, which allows WPA2 to meet the Federal Information Processing Standard (FIPS) 140-2 requirement of some government agencies.
Note
Both WPA and WPA2 offer a high level of security to help ensure private data remains private and access to wireless networks is restricted to authorized users. Only WPA2 provides strong encryption through AES, which is a requirement for some corporate and government users.
Another advanced wireless security technology is Robust Security Network (RSN), which is supported by 802.11i-compatible devices. RSN enables wireless devices to dynamically negotiate their authentication and encryption algorithms. This means the authentication and encryption algorithms used by RSN-compatible devices can be changed. New authentication techniques and algorithms can be added to address security issues. RSN is based on the EAP and the AES.
Installing and Configuring a Wireless Adapter
The two main types of wireless adapters you'll use are PC cards for notebooks and PCI cards for desktops. These adapters are the easiest to configure—and I've found them to be the most reliable. The other type of wire
less adapter that you might see is a device that connects to a notebook or desktop computer with a USB cable. When using USB wireless devices, keep in mind there are two USB specifications: USB 1.0, the original specification, and USB 2.0, the faster, newer specification. A wireless device that is USB 2.0–compliant must be connected to a USB 2.0 port to function properly and at the speeds you expect.
Note
Wireless technology is changing so quickly that Windows Vista won't recognize most wireless devices. This can make installation more difficult because you typically cannot rely on Plug and Play. In fact, with many of the wireless adapters I've worked with, you need to run the installation CD prior to installing the wireless devices. This is particularly true with USB devices. Be sure to read the documentation closely.
As part of the installation process, most installation software will help you configure the wireless device. In the process, you typically will need to specify the name of the wireless network to which you want to connect (the network name) and the mode in which the wireless device will run. Wireless adapters can run in one of two operating modes:
Ad hoc In ad hoc mode, you configure the wireless adapter to connect directly to other computers with wireless adapters.
Infrastructure In infrastructure mode, you configure the wireless adapter for use on a wireless network. In this configuration, the adapter expects to connect to an access point rather than to another computer directly.
After you specify the adapter mode, you might need to specify the encryption key that will be used. If your organization uses WEP security, you will in most cases have to type in the required encryption key, which is usually referred to as the network key. With WPA/WPA2 security, you will most likely use a certificate or a smart card to supply the required encryption key.
Working with Wireless Networks and Wireless Connections
Once you've completed the installation of the device, you should be able to connect over the wireless network. Much like a wired network card, which has a local area connection, wireless network cards have a wireless network connection that is in turn connected to a specific network that is designated as a public network, private network, or domain network. If a computer has both a wired and a wireless connection, it may have two active connections: one to a wired network and one to a wireless network.