Security
Reader small image

You're reading from  Mastering Windows Server 2022 - Fourth Edition

Product typeBook
Published inMay 2023
PublisherPackt
ISBN-139781837634507
Edition4th Edition
Tools
Windows Server
Concepts
Information Security
Right arrow
Author (1)
Jordan Krause
Jordan Krause
author image
Jordan Krause

Jordan Krause has been an IT professional for more than 20 years and has received 9 Microsoft MVP awards for his work with Microsoft server and networking technologies. One of the world's first experts on Microsoft DirectAccess, he has a passion for helping companies find the best ways to enable a remote workforce. Committed to continuous learning, Jordan holds certifications as an MCSE, MCSA, and MCITP Enterprise Administrator, and has authored numerous books on Microsoft technologies. Jordan lives in beautiful West Michigan (USA), but works daily with companies around the world.
Read more about Jordan Krause

Right arrow

Join our book community on Discord

https://packt.link/SecNet

As we have been discussing so far in this book, servers are the tree trunks of our networks. They are the backbone infrastructure that enables us to get work done. If servers are the trunks, then the networks themselves must be the roots. Your network is the platform that supports the company infrastructure; it makes up the channels that all devices inside your company use to communicate with each other.

Traditionally, there have been server admins and network admins in the IT industry, separated roles, and in many places that is still the case. An administrator who primarily works on servers does not generally have enough time in the day to also support the network infrastructure in an organization of any size, and the reverse is also true. Network administrators generally stick to their own equipment and management tools and aren't interested in diving too deeply into the Windows Server world. However, many of us work...

Introduction to IPv6

Welcome to the dark side! Unfortunately, that is how many people think of IPv6 for the time being. While IPv6 is by no means a new thing, in my experience it is still something that almost no one has deployed in their networks. While working with hundreds of different companies all over the world over the past few years, I have come across only two organizations that were running IPv6 over their entire production network, and one wasn't even true native IPv6. Instead, they were using a tunneling technology, called ISATAP, over their whole network to make all of the servers and clients talk to each other using IPv6 packets, but these packets were still traversing an IPv4 physical network. Don't get me wrong; I have found plenty of cases where companies are toying around with IPv6 and have some semblance of it configured on a sectioned-off piece of their networks, but using it for the entire production network? Most of us just aren't ready for that big...

Your networking toolbox

Whether you are a server administrator, a network administrator, or a combination of the two, there are a number of tools that are useful for testing and monitoring network connections within the Windows Server world. Some of these tools are baked right into the operating system and can be used from the Command Prompt or PowerShell, and others are more expansive graphical interfaces that require installation before running. The following are the built-in Windows network tools that we are going to look at:

  • ping
  • tracert
  • pathping
  • Test-Connection
  • telnet
  • Test-NetConnection

All of these tools are free and included out of the box, so you have no excuse to delay getting acquainted with these helpful utilities.

ping

Even the newest IT pros are usually familiar with this one. ping is a command that you can utilize from a Command Prompt or PowerShell, and it is simply used to query a DNS name and/or IP address to find out whether it responds. ping is, and has always been...

Building a routing table

When you hear the term routing table, it is easy to pass that off as something the network folks need to deal with, something that is configured within the network routers and firewalls. It doesn't apply to server admins, right? Networking servers together has been made pretty easy for us by only requiring an IP address, subnet mask, and default gateway, and we can instantly communicate with everything inside the rest of our network. While there is indeed a lot of networking magic going on under the hood that has been provided to us by networking equipment and network administrators, it is important to understand how routing inside Windows works because there will be some cases when you need to modify or build out a routing table right on a Windows Server itself.

Multi-homed servers

Running multi-homed servers is a case where you would certainly need to understand and work with a local Windows routing table, so let's start here. If you think this doesn...

NIC Teaming

Moving on to another network topic that is becoming more and more popular on server hardware, let's walk through the steps to create NIC Teaming. The ability to team NICs together essentially consists of binding two or more physical network interfaces together so that they behave as if they were a single network interface within Windows. This allows you to plug in two physical cables to two different switch ports, all using the same settings. That way, if one NIC port or switch port or patch cable goes bad, the server continues working and communicating without hesitation, because the teaming allows the NIC that is still working to handle the network traffic.

NIC Teaming itself is nothing new. It has been around for 10 years or more inside the Windows Server operating system. However, early versions were problematic, and in the field, I find that Server 2016 is the earliest server operating system most IT personnel consider to be stable enough to use NIC Teaming in production...

Software-defined networking

The flexibility and elasticity of cloud computing cannot be denied, and most technology executives are currently exploring their options for utilizing cloud technologies. One of the big stumbling blocks to adaptation is trust. Cloud services provide enormous computing power, all immediately accessible at the press of a button. For companies to store their data on these systems, the level of trust that your organization has in that cloud provider must be very high. After all, you don't own any of the hardware or networking infrastructure that your data is sitting on when it's in the cloud, and so your control of those resources is limited at best. Seeing this hurdle, Microsoft has made many efforts in recent updates to bring cloud-like technology into the local data center. Introducing server elasticity into our data centers means virtualization. We have been virtualizing servers for many years now, although the capabilities there are being continually...

Summary

Server administration and network administration used to be segregated pretty clearly in most organizations, but over time those lines have blurred. There are numerous networking configurations and tasks that now need to be accomplished by Windows Server administrators without needing to involve a networking team, so it is important that you have a good understanding of how your infrastructure connects together. Familiarity with the tools laid out in this chapter will provide you with the ability to configure, monitor, and troubleshoot the majority of Microsoft-centric networks.

Our introduction to software-defined networking may be a partially confusing section if you have never encountered this idea before, but hopefully it will prompt you to dig a little deeper and prepare yourself for dealing with this in the future. Ready or not, the cloud is here to stay. Microsoft on-premises networks now have numerous ways to interact with Microsoft Azure, and it will soon be imperative...

Questions

  1. How many bits in length is an IPv6 address? (Answer: 128 bits)
  2. Re-write the following IPv6 address in condensed form: 2001:ABCD:0001:0002:0000:0000:0000:0001. (Answer: 2001:ABCD:1:2::1)
  3. What is the name of the command that is similar to trace route, but displays the local NIC that traffic is flowing out of? (Answer: PATHPING)
  4. True or False—On a server with multiple NICs, you should input a default gateway address onto each of those NICs. (Answer: False. Doing so will cause routing issues. You should only ever have one Default Gateway address on a system, no matter how many NICs it has.)
  5. What is the PowerShell cmdlet that can be used to create new routes on a Windows Server? (Answer: New-NetRoute)
  6. Which Windows Server operating systems can be used with an Azure Network Adapter in order to connect them straight to Azure virtual networks? (Answer: Windows Server 2022, 2019, 2016, and 2012R2)
  7. Which connectivity method between a local datacenter and Azure provides the fastest...

Latest improvements to WAP

WAP was introduced in Server 2012 R2 and had many improvements when Windows Server 2016 was released. There have been few major modifications since that time, but it is still important to point out the latest benefits that have been rolled into this feature to show that it is still learning to do new things. The following are some of the improvements that have been made if you haven’t taken a look at WAP since its first iteration.

Pre-authentication for HTTP Basic

There are two different ways that users can authenticate to applications that are being published by WAP pre-authentication or pass-through authentication. When publishing an application with pre-authentication, this means that users will have to stop by the AD FS interface to authenticate themselves before they are allowed through to the web application itself.

In my eyes, pre-authentication is a critical component of any reverse proxy and I would have to be stuck...

Summary

The nature of the world today demands that most companies enable their employees to work from wherever they are. Working from home has become normal over the past few years; with a worldwide pandemic, we have seen staggering increases in the percentage of employees who work outside of an office building. Companies need a secure, stable, and efficient way to provide access to corporate data and applications for these mobile workers. The Remote Access role in Windows Server 2022 is designed to do exactly that. With three different ways of providing remote access to corporate resources, IT departments have never had so much remote access technology available at their fingertips, built right into the Windows operating system that they already own. If you are still supporting a third-party or legacy VPN system, you should explore the new capabilities provided here and discover how much they could save your business.

DA and Always On VPN are particularly impressive and compelling...

Questions

  1. What does AOVPN stand for?
  2. What are the two primary protocols used for connecting AOVPN clients?
  3. In which version of Windows 10 was AOVPN released?
  4. In what special instance would an AOVPN client be required to be joined to your domain?
  5. Does DirectAccess require your corporate internal network to be running IPv6?
  6. What is the name of the internal website that DirectAccess clients check in with to determine when they are inside the corporate network?
  7. What ports are used by Teredo and IP-HTTPS?
  8. How do you provision DirectAccess configuration settings to the client machines?
  9. What role does a Web Application Proxy server hold in a federation environment?

Join our community on Discord

Join our community’s Discord space for discussions with the author and other readers:

https://packt.link/SecNet

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 9 of 20
Next Chapter
You have been reading a chapter from
Mastering Windows Server 2022 - Fourth Edition
Published in: May 2023Publisher: PacktISBN-13: 9781837634507
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime

Author (1)

author image
Jordan Krause

Jordan Krause has been an IT professional for more than 20 years and has received 9 Microsoft MVP awards for his work with Microsoft server and networking technologies. One of the world's first experts on Microsoft DirectAccess, he has a passion for helping companies find the best ways to enable a remote workforce. Committed to continuous learning, Jordan holds certifications as an MCSE, MCSA, and MCITP Enterprise Administrator, and has authored numerous books on Microsoft technologies. Jordan lives in beautiful West Michigan (USA), but works daily with companies around the world.
Read more about Jordan Krause

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages