180 | Lesson 8 7. The VPN server has been configured and is running properly. However, it has not been configured to hand out IP addresses to clients. When a VPN server is configured this way, the clients obtain their IP addresses from a ____________ server. 8. A firewall normally has a private and a ____________ IP address. 9. You have installed a firewall that accepts or rejects packets based on a set of rules. This firewall keeps track of the state of the network connection. It is running a type of packet filtering known as ____________.

10. You have configured a firewall so that all ports are closed. Now you are attempting to

scan the firewall’s ports to verify that there are no open ones. You should use the ____________ option within the Nmap port scanning program. ■ Case Scenarios Scenario 8-1: Setting Up a DMZ A client wants you to set up a DMZ with two servers. Each server will service a different set of people: 1. Server 1 will service employees who work from home. 2. Server 2 will service two partner companies. What two types of network zones will enable this functionality? Scenario 8-2: Selecting the Appropriate Services The ABC Company wants you to install a solution that will allow it to do the following: 1. Enable remote client computers to connect via tunneling. 2. Allow for a high level of security during remote connections. What solution and protocol will enable this functionality? Scenario 8-3: Setting Up a PPTP Server Proseware, Inc., requires that you set up a PPTP server on a D-Link DIR-655 router. The following are details for the IP configuration: • IP address: 10.254.254.50 static • Subnet mask: 255.255.255.0 • Gateway address: 10.254.254.1 • PPTP server IP address: 10.254.254.199 • Username: administrator • Password: 123PPTPABC Access the DIR-655 emulator at the following link and configure the DHCP server appropriately: http:support.dlink.comemulatorsdir655133NAlogin.html Scenario 8-4: Creating a WAN with VPN This activity will require two Windows Server 2008 computers, each with two network adapters. The purpose of this case scenario is to connect two separate networks together over a simulated WAN and then implement a VPN between the two. Normally, a client on one IP network Defining Network Infrastructures and Network Security | 181 cannot connect to or ping a client on another IP network. Here, the goal is to have the clients on both networks pinging each other through a routed connection. Each city is considered its own separate LAN, yet New York City and London will connect to make this WAN. You will need the following at your disposal: • Two Windows Server 2008 computers with two network adapters each; because these will have two network connections, they will be known as multi-homed machines or computers • Two client computers minimum • Crossover cable You will need to change the IP addresses on all machines. Servers should be set up as IP .1. Clients’ IP addresses should ascend from there. Make sure to also set the gateway address to the Server’s LAN IP. When all IPs are configured, make sure that all clients can ping the server on the LAN. Examine Various Levels of Firewalls Firewalls are extremely important in network security. Every network needs to have one or more of these in order to have any semblance of safety. Even if your network has a firewall, individual client computers should be protected by a software-based firewall as well. Most versions of Windows come with a built-in firewall program. Some versions such as Windows 7 also include the Windows Firewall with Advanced Security. This can be accessed by going to Start Control Panel System and Security Windows Firewall. Then click the Advanced settings link. From here, custom inbound and outbound rules can be implemented, and the firewall can be monitored as well. Check it out Workplace Ready ✴ Table 8-1 IP chart C ITY LAN N ETWORKS WAN IP S ECOND NIC New York City 192.168.1.0 152.69.101.50 London 192.168.2.0 152.69.101.51

1. Try to ping any host on the other city. You should not be able to. The results should say

Destination Host Unreachable or Request Timed Out. You should, however, be able to ping all hosts, including the server in your city.

2. Verify that your servers have the second NIC set up and functioning with the proper

IP address. Label it WAN card.

3. Connect your crossover cable from WAN card on the NYC server to the WAN card on

the London server. Create your own internetwork now, and afterward, set up the VPN connection from one city to the other so that clients on one city your choice can log in to the VPN server in the other city. Tip: Remember that you can make a crossover cable. Just make sure to use the 568A wiring standard on one end and the 568B standard on the other. Wiring was covered in Lesson 3, “Understanding Wired and Wireless Networks.” TAKE NOTE