What is a DMZ?

DMZ is short for DeMilitarized Zone.

In military jargon, a DMZ is an area of land that serves as a buffer between two enemies. The most well known DMZ in the world is the DMZ that protects South Korea from North Korea.

In Network Security jargon, a DMZ is a network that serves as a buffer between a secure protected internal network and the insecure Internet.

A DMZ usually contains servers which provide services to users from the Internet, such as web, ftp, email (SMTP, POP3 and IMAP4), and DNS servers. Although these servers must be open to limited access from the Internet, they should also be protected by a Firewall.

The term Perimeter Network is also used to describe a DMZ.

How to Create a DMZ

The most simple method of creating a DMZ is to utilize a firewall with three or more network interfaces. Each interface is assigned a specific role:

• Internal trusted network
• DMZ network
• External un-trusted network (the Internet)

Using a 4-port Ethernet card in your firewall will enable you to create a network in this configuration, or even enable you to create a network with two separate DMZ's.

Separating your DMZ hosts into multiple DMZ's will help to limit the damage that can be done if one of your DMZ hosts is compromised.

DMZ Firewall Rules

A firewall will normally be configured to protect the Internal network from the Internet.

To create a DMZ, the firewall should also enforce rules to protect the DMZ from the Internet and rules to protect the Internal network from the DMZ.

This will make it more difficult for an attacker to penetrate your Internal network, even if they do manage to gain access to your DMZ hosts.

How do I Setup a Remote Desktop Web Connection?

Remote Desktop Web Connection is a useful alternative to the regular Remote Desktop because it can be used without installing any software on the client machine.

Steps to Setup Remote Desktop Web Connection

• Click on Start.
• Go to Control Panel.
• Select Add or Remove Programs.
• Go to Add/ Remove windows components.
• Select Internet Information services( IIS) and click on Details.
• Click on the World Wide Web service.
• Now select Remote Desktop Web Connection and click ok.
• Now in click next in the Windows Components Wizard dialog box.
• Now open Internet Services Manager.
• Expand the folder hierarchy until you reach the local computer name\Web Sites\Default Web Site\tsweb folder.
• Now right click on the tsweb folder and then click Properties.
• Click the Dircetory Security tab on the Properties dialog box.
• In Anonymous Access and Authentication Control, click Edit.
• Check the Anonymous Access check box on the Authentication Methods dialog box, and then click OK twice.

Opening TCP Ports in Windows:

pening TCP ports in Windows may be necessary for getting certain applications to run correctly. Each application may require a specific port to operate on. While your computer can and does open ports on its own, in certain situations you may need to do this manually. Here are some tips

Step 1. Launch Windows and click Start, then My Network Places. A new window should pop up. Select Network Tasks and then click View Network Connections

Step 2. Select the connection you use for the internet. If you do not know the connection which accesses the internet, you can disable each connection one at a time and then use your browser to see if your internet connection works. Once you find the connection that accesses the internet, right click on it and select properties.

Step 3. A new window should pop up. Select the Advanced Tab and then select Settings.

Step 4. Right-click the connection that you use for the Internet, and then click Properties. Click the Advanced tab, and then click Settings.

Important Note: If your Settings button is unavailable, this means that all ports are open. Since all ports are open, you do not have to go any further to open ports manually- your job is complete.

Step 5 Click on Add to open a new port - you will see several fields. Fill in information for the following fields. For the description box and the name or IP address boxes add the details of the computer hosting the service. For IP Address you can use the following: 127.0.0.1. For the field External port and Internal port boxes, input again the IP address 127.0.0.1.

Step 6. Click TCP and then select OK. You have manually opened a TCP port on Windows.

Networking, A Beginner’s Guide, 5th Edition

Networking, A Beginner’s Guide, 5th Edition
448 pages | McGraw-Hill Osborne Media; 5 edition (October 19, 2009) | ISBN: 0071633553 | PDF | 9.3 MB

A practical guide to networking fundamentals. Fully up to date with the latest technologies, this introductory handbook covers wired and wireless network design, configuration, hardware, protocols, security, backup, recovery, virtualization, and more. After laying the groundwork, Networking: A Beginner’s Guide, Fifth Edition explains, step-by-step, how to install, set up, and administer Windows Server 2008, Exchange Server 2010, Fedora 10, and Apache. If you’re beginning a career in networking or looking to refresh your skills, you need this detailed reference.

- Learn about network cabling, topologies, hardware, and the OSI Model – Set up a small office and home office (SOHO) wired or wireless network
- Connect LANs and WANs
- Work with network protocols–TCP/IP, UDP, DHCP, HTTP, FTP, SMTP, VoIP, and others
- Enable remote access through a VPN or other methods
- Secure your network and handle backup and disaster recovery
- Install, configure, and administer Windows Server 2008, Exchange Server 2010, Fedora 10, and Apache
- Understand virtualization technologies, and learn how to set up and use VMware Server
- Learn how the Sarbanes-Oxley Act of 2002 affects networking and IT professionals

Bruce Hallberg has been involved in IT for more than 25 years and has consulted for Fortune 1000 firms on the implementation of management information and networking systems. He is the bestselling author of more than 20 books.

Download

http://hotfile.com/dl/19080344/13e85b7/Networking_A_Beginners_Guide_5th_Edition.rar.html

Easy Duplicate Finder 2.2.2

Find and delete duplicate files on your computerfast and easy.What do you think, how much hard disk space on your PC is occupied by duplicate files? Easy Duplicate Finder will show you. Easy Duplicate File Finder is a powerful tool, that will help you in your task to find and delete duplicate files.

Download

http://rapidshare.com/files/200467355/DuplicateF.2.2.2_bsa.rar

How to use the MS Office research capabilities

MS Office Office 2003 had integrated a research button on the interface of Word, Excel, OneNote, Outlook and Powerpoint. The tool will let you search for word definitions, stock quotes, and more in-depth sources like the Encarta Encyclopedia.

To start using this functionality on MS Office 2003, click the Research button under the Tools menu:

A window will appear where you can type a keyword you want to research. See the example below where I searched for "Battlestar Galactica":

I like the fact that it easily connects to other research services like HighBeam Research and not just MS sources like MSN and Encarta. The good thing about this research thing compared to Google and other search engines is that it can switch from one resource type to another very quickly. For example, to switch to dictionary, just click on the resource type dropdown then choose Encarta Dictionary:

Another great thing about this is that it also supports language translation where you can translate a word or the whole document to another language! Also, if business and stocks is your thing, it is integrated real-time with stock quotes and company information. A bunch of third party web services are also tied-up like Gale, Factiva and WordLingo. This means you are not limited to the Microsoft resources! You can also add your own Sharepoint site inside your Intranet which is a very helpful thing for us corporate Sharepoint users.

Lost Administrator Password in Windows 7 or Vista

Unfortunately, there are a lot of ways you can lose access to your Windows logon account, one being simple forgetting the password. This happens ways more often than you would think!

But in reality, there are several ways you can end up losing access to an administrator account, including

1. Setting a new password for an Administrator account and then forgetting the password.
2. Deleting an Administrator account and not being able to log into another one.
3. Changing an Administrator account to a standard user account and not being able to log into another Administrator account
4. Windows 7 or Vista becoming corrupted and not accepting a correct password

Note that in order for this to work, System Restore had to be enabled and there has to be a restore point that was created before you lost access.

To get started, pop in the Windows 7 or Vista DVD into your drive and restart the computer. Press a key when you get the Press any key to boot from CD or DVD.

If you don't have a Windows 7 or Vista disc, you have to boot into the Advanced Boot Options screen and then choose Repair your computer.

Choose the Language, Time and current format, and keyboard. Then click Next. If you booted from the DVD, you'll see the Repair your computer link at this step.

Now choose the operating system you want to repair. Then click Next.

Now click the System Restore link and find a restore point that you want to use.

Make sure to pick a restore point that is sufficiently past the date when you lost access to your Administrator account. Restart your computer and see if you can log in.

If you've managed to recover access to your Administrator account, you should think about creating a set of password recovery disks for Windows Vista or 7. So even if you forget the Administrator password, you can regain access using the disks. Enjoy!

creating an elastic web page using Dreamweaver

Unlike liquid web content that automatically adapts to a visitor's browser width, the elastic layout adjusts depending on the browser's text size setting. Relative to the size of the text, the elastic layout retains it's form even if you resize your browser window. It is a good layout choice for page contents that you don't want to automatically resize according to the browser width.

A sample elastic page at default normal font size is below:

A liquid design on the other hand will produce a squeezed layout if you shorten the width of the browser:

The elastic layout on the other hand will retain its layout no matter what the width or height of the browser is.

Now that you see what it will look like, and behave I will show you how to create this using Adobe Dreamweaver.

Dreamweaver is one of my favorite web editing tools, it's well defined templates lets users quickly create HTML frames and layouts. To make an elastic page in Dreamweaver just create a new page and then click Blank Template > HTML template:

Choose any of the layouts with an elastic label. A preview will appear on the right hand corner. Click the create button to create the page:

The created page will appear in Dreamweaver' s editor:

I like how it creates the page with sample text data loaded on it. This eases a designer's visualization of the page during development. It shows at once how a header will look like and how the paragraph elements will look once you put some real content in.

How to improve a wireless network to be the Best

10 tips for improving your wireless network

Extend the range and the strength of your wireless network

If Windows ever notifies you about a weak signal, it probably means your connection isn't as fast or as reliable as it could be. Worse, you might lose your connection entirely in some parts of your home. If you're looking to improve the signal for your wireless network, try some of these tips for extending your wireless range and improving your wireless network performance.

1.	Position your wireless router (or wireless access point) in a central location. When possible, place your wireless router in a central location in your home. If your wireless router is against an outside wall of your home, the signal will be weak on the other side of your home. Don't worry if you can't move your wireless router, because there are many other ways to improve your connection.
2.	Move the router off the floor and away from walls and metal objects (such as metal file cabinets). Metal, walls, and floors will interfere with your router's wireless signals. The closer your router is to these obstructions, the more severe the interference, and the weaker your connection will be.
3.	Replace your router's antenna. The antennas supplied with your router are designed to be omni-directional, meaning they broadcast in all directions around the router. If your router is near an outside wall, half of the wireless signals will be sent outside your home, and much of your router's power will be wasted. Most routers don't allow you to increase the power output, but you can make better use of the power. Upgrade to a hi-gain antenna that focuses the wireless signals only one direction. You can aim the signal in the direction you need it most.
4.	Replace your computer's wireless network adapter. Wireless network signals must be sent both to and from your computer. Sometimes, your router can broadcast strongly enough to reach your computer, but your computer can't send signals back to your router. To improve this, replace your laptop's PC card-based wireless network adapter with a USB network adapter that uses an external antenna. In particular, consider the Hawking Hi-Gain Wireless USB network adapter, which adds an external, hi-gain antenna to your computer and can significantly improve your range. Laptops with built-in wireless typically have excellent antennas and don't need to have their network adapters upgraded.
5.	Add a wireless repeater. Wireless repeaters extend your wireless network range without requiring you to add any wiring. Just place the wireless repeater halfway between your wireless access point and your computer, and you'll get an instant boost to your wireless signal strength. Check out the wireless repeaters from ViewSonic, D-Link, Linksys, and Buffalo Technology.
6.	Change your wireless channel. Wireless routers can broadcast on several different channels, similar to the way radio stations use different channels. In the United States and Canada, these channels are 1, 6, and 11. Just like you'll sometimes hear interference on one radio station while another is perfectly clear, sometimes one wireless channel is clearer than others. Try changing your wireless router's channel through your router's configuration page to see if your signal strength improves. You don't need to change your computer's configuration, because it'll automatically detect the new channel.
7.	Reduce wireless interference. If you have cordless phones or other wireless electronics in your home, your computer might not be able to "hear" your router over the noise from the other wireless devices. To quiet the noise, avoid wireless electronics that use the 2.4GHz frequency. Instead, look for cordless phones that use the 5.8GHz or 900MHz frequencies.
8.	Update your firmware or your network adapter driver. Router manufacturers regularly make free improvements to their routers. Sometimes, these improvements increase performance. To get the latest firmware updates for your router, visit your router manufacturer's Web site. Similarly, network adapter vendors occasionally update the software that Windows XP uses to communicate with your network adapter, known as the driver. These updates typically improve performance and reliability. To get the updates, visit Microsoft Update, and then under Select by Type click Hardware, Optional. Install any updates relating to your wireless network adapter. It wouldn't hurt to install any other updates while you're visiting Microsoft Update, too. Note When you go to Microsoft Update, you have two options: the Express Install for critical and security updates and Custom Install for high priority and optional updates. You may find more driver updates when you use Custom Install.
9.	Pick equipment from a single vendor. While a Linksys router will work with a D-Link network adapter, you often get better performance if you pick a router and network adapter from the same vendor. Some vendors offer a performance boost of up to twice the performance when you choose their hardware: Linksys has the SpeedBooster technology, and D-Link has the 108G enhancement.
10.	Upgrade 802.11b devices to 802.11g. 802.11b is the most common type of wireless network, but 802.11g is about five times faster. 802.11g is backward-compatible with 802.11b, so you can still use any 802.11b equipment that you have. If you're using 802.11b and you're unhappy with the performance, consider replacing your router and network adapters with 802.11g-compatible equipment. If you're buying new equipment, definitely choose 802.11g. Wireless networks never reach the theoretical bandwidth limits. 802.11b networks typically get 2-5Mbps. 802.11g is usually in the 13-23Mbps range. Belkin's Pre-N equipment has been measured at 37-42Mbps.

Securing Exchange Server 2003 with ISA Server 2004

Securing Exchange With ISA Server 2004

You might be thinking that running Exchange Server 2003 on the Internet itself is tempting, however you should be concerned with the security issues in doing so -- there are many attacks and automated scripts in the hands of hackers that pound on Exchange machines and attempt to compromise them. Outlook Web Access can be a useful option, however there are security issues with deploying this as well. And the fact remains that sometimes you absolutely need to provide full access for Microsoft Outlook clients, and the Web Access front-end just won't cut it. This article will highlight the security issues involved with providing Outlook Web Access or full Outlook client connections over the Internet, and then discuss how Microsoft's new ISA Server 2004 can be configured to mitigate these threats. We'll start with Outlook Web Access (OWA) as the simplest solution. Before we begin, however, please note that this article does not focus on securing the Exchange message transfer agent (MTA) itself, instead we will only look at how to secure remote access to Exchange services from a user's perspective. Securing Outlook Web Access with ISA 2004 Some of your users might be able to get away with just using Outlook Web Access, the great tool that mimics Outlook's interface in a web browser, in lieu of the traditional Outlook client. OWA is good for Exchange organizations because web browsers are prevalent, affording your users more opportunities to check e-mail while they're away from their desk. As well, the user interface is familiar to your users, so there is very little learning curve involved. However, there are qualms about Outlook Web Access in regards to security. How might one go about securing it? OWA can use HTTPS -- the secure, tunneled version of the HTTP protocol -- but it lacks any intrusion detection features. More problematically, all versions of OWA but the most recent one do not include a session timeout feature, so clients will remain logged into their OWA session until they click the logout button. Picture an airport Internet kiosk, and your chief financial officer checking his e-mail through OWA. He simply closes the browser when he is finished, but the clever information spy will then re-open the browser after he has walked away, revisit the previous site, and gain access to a very sensitive and important e-mail account. That is certainly a very bad situation, and it's happened before. The need for ISA 2004 To make OWA secure, there are four things that an administrator, must do: Inspect all SSL traffic at the application layer to make sure the traffic is what it claims to be. This prevents a significant portion of today's attacks. Maintain wire privacy, as sensitive information is very often transmitted through e-mail. You need to enforce the HTTP and HTML standards to make sure that nefarious code doesn't sneak through via weaknesses in these protocols and standards. You want to block URL-based attacks by enforcing only known URLs. This protects you against attacks that request unusual actions, have a large number of characters, or are encoded using an alternate character set. All in all, when you have this quadruple-layered security scenario protecting OWA, you can feel reasonably confident that data trusted to OWA's mechanisms is secure. Enter ISA Server 2004, which can help you enforce the above requirements. When you put ISA Server in front of your OWA front-end server or servers, there are numerous benefits. The ISA Server in effect becomes the bastion host, terminating all connections with its Web Proxy feature, decrypting HTTPS to inspect the content of the packets transmitted through the machine, enforcing known-URL access with URLScan, and ultimately re-encrypting everything for transmission to the OWA server, living safely behind the ISA frontline machine. Pre-authentication of connections ISA 2004 also provides another benefit: pre-authentication of connections. Here's how that works: the ISA Server actually hosts the forms that a user is used to seeing -- such as the login screen. This screen queries the user for her credentials, and once the user enters them into the form, ISA verifies them against Active Directory. Note that RADIUS is also supported, so even ISA machines that do not trust or are not members of a domain can do this pre-authentication. ISA then takes the result of that verification and embeds the credentials into the actual HTTP headers of the packets that it forwards to the front-end OWA server, so the user doesn't get a second prompt. In effect, the ISA server is vetting your users with an actual OWA form, ensuring they are who they say they are, and actually authenticating them at the perimeter of your network, before the packets ever hit the OWA server. Figure 1, below, shows an overview of this process. Figure 1: Forms-based authentication with ISA Server 2004 and OWA More information on how you would configure this environment is available as a step-by-step document from Microsoft. Tom Shinder also has a great reference for configuring firewall publishing rules to allow external access to OWA sites at ISAServer.org. Issues with the Outlook Client and VPN VPN clients, present in all versions of Windows, are the typical choice for anyone needing to provide full Outlook client functionality to users across the Internet. However, VPN security leaves a lot to be desired, at least out of the box: while PPTP can be made secure, doing so requires an extensive knowledge of both the machines running the VPN software (a feat not always possible when you're dealing with your users' home machines) and a deep familiarity with encryption techniques and settings. Of course, there are also logistical hurdles you'll jump through when using a VPN -- they simply won't work in some public locations because of firewalls blocking the needed ports, there are problems with using IPsec and L2TP across the Internet because of packet fragmentation issues, and other issues. And finally, while VPNs are useful tools to connect remote clients to corporate networks, they are less useful for connecting from a corporate network to an application service provider (ASP) that might be running your Exchange servers for you. So therein lies the problem: how does one provide secure access to an Exchange server for remote users while not making those users jump through hoops to get access to their groupware application? The best answer to this may be to deploy a machine running Microsoft Internet Security and Acceleration Server 2004. Securing the Outlook client with Exchange 2003 RPC and ISA 2004 The grim reality is that people have grown at best accustomed, and at worst absolutely dependent, on full Outlook client functionality. For example, suppose your corporation has standardized on LookOut, the popular Outlook search plug-in, or perhaps you have a third-party calendaring and agenda plug-in. You might also require the ability to synchronize your mailbox with a handheld PDA-like device, or your users might need Outlook 2003's ability to work seamlessly offline, with full Outlook functionality even when not connected to an Exchange server. Your front-line customer service users may depend heavily on custom functionality offered by client-side rules, or your organization may require its users to take advantage of a standard, business-wide address book. Security features in Exchange 2003 Exchange 2003 itself has made great strides in this area, enabling new functionality called RPC-over-HTTP. RPC-over-HTTP is a beneficial addition to the product, because it allows RPC requests to be encapsulated in the HTTP protocol, for which most firewalls are already configured and allow access. RPC-over-HTTP depends on an element of Exchange 2003 called the RPC proxy, an ISAPI extension running in IIS (actually on a front-end Outlook Web Access server) that sets up an RPC session after authentication. Essentially, the Outlook client connects to this filter using RPC-over-HTTP, and the filter terminates the "over-HTTP" portion of the connection, takes out the RPC requests, and passes them back to the Exchange server. However, RPC-over-HTTP isn't a panacea. It only supports basic HTTP authentication, so you need to make sure such the HTTP connection uses SSL. Also, there is no support for SecurID, and the limitation here is two-fold. For one, there is no dialog within Outlook 2003 to ask for the SecurID PIN from the user's device. And secondly, Exchange has no built-in, direct ability to proxy authentication requests to an RSA ACE server and not to Active Directory. RADIUS authentication is also not possible with RPC-over-HTTP, nor is the use of client certificates in most cases. So, while RPC-over-HTTP solves some configuration problems and some legitimate security problems, there remain other issues to address. ISA 2004 and the Exchange RPC Filter ISA 2004 comes bundled with the Exchange RPC Filter, which takes the good parts of the RPC Proxy element that is included with the raw Exchange 2003 product to allow RPC-over-HTTP connections, and then marries them with a certain intelligence about how Exchange does its business. The Exchange RPC filter is programmed to know how Exchange RPC connections are established and what the proper format for that protocol is. It also allows only Exchange RPC UUIDs to be transmitted, all the while enforcing client authentication and requiring encryption. Here's how it works: The client connects to the Exchange RPC filter's quasi-portmapper. This piece of the puzzle really isn't a portmapper -- it just acts like one, which reduces the attack surface by only responding to requests for Exchange-based RPC. Once the connection is established, the ISA Server returns the filter's Exchange RPC port numbers. Remember, the client is connecting to the filter which then uses the RPC element proxy in Exchange 2003 itself, so the client never directly touches the Exchange server during this stage. The client, filled with knowledge about the location of RPC ports, logs onto Exchange. During this process, Exchange refers the logon to Active Directory, which makes the final decision on whether the user is authenticated or not. The RPC filter on the ISA Server is monitoring this process the whole time, waiting for the approval from AD that the user is valid. Once it sees that approval, the filter makes sure that the connection is using encryption (if you specify that you want to require it), and then the client sees his mailbox open. It's also important to note that the entire process just outlined is transparent from the client's perspective. They will see a username and password prompt when they open Outlook and they are away from the corporate network, but once the user enters those credentials, he will see an approximately five second delay and then his mailbox will open. Thus, this solution passes the first litmus test of all security solutions -- make it easy for the user to do things securely. This solution also protects you from various RPC-based attacks. For example, the ISA RPC filter is immune from reconnaissance attacks and denial of service attacks against the RPC portmapper. All known attacks fail, but even if an attack were successfully able to penetrate the RPC filter, recall that Exchange is still protected since ISA works at the perimeter to vet your connections before they ever touch your Exchange server. This solution is also impervious to service attacks, mainly because such attacks require reconnaissance information that is unavailable. Also, the back end of this RPC filter connection, the ISA to Exchange Server part of the transmission, simply dies if the first part of the connection (the client to the ISA server) isn't correctly positioned or formatted. How would you go about deploying this solution? Figure 2 shows an example network diagram, with a standalone ISA 2004 machine in the de-militarized zone (DMZ) protecting the back-end Exchange servers and Active Directory. The ISA Server provides the forms-based authentication for OWA that I discussed in the previous section, and also provides secure RPC access for Outlook clients as well. Figure 2: An example deployment of ISA Server 2004 to protect public-facing Exchange services Microsoft has a detailed reference to deploying ISA Server 2004 in front of Exchange front-end and back-end servers on their website.

Setting up Network Connections in Windows 7

The following are the steps to setup different types of connections in Windows 7.

To set up a connection

• Click Start, and then click Control Panel.
• Under Network and Internet, click View network status and tasks.

• From the Network and Sharing Center window, click the Set up a new connection or network link.

• From the Set Up a Connection or Network dialog box displayed, there are few options to choose from:

* Connect to the Internet - It opens the Connect to the Internet dialog box, where you select the type of connection (wireless, broadband [PPPoE] or dialup) to use. Then, you need to give the information required for you to log on to the Internet service provider (ISP) or wireless network for the type of connection you choose.

* Set up a new network - This option leads to a wizard that walks you through the steps of configuring a new wireless router or access point.

* Connect to a workplace - This option opens the Connect to a Workplace dialog box, where you choose between using a VPN or dialup connection for connecting. If you click the Use My Internet Connection (VPN) button, a Connect to a Workplace dialog box opens, where you enter the Internet address and destination name you use to log on to the network at your workplace as provided by the network's administrator. If you click the Dial Directly button, a Connect to Workplace dialog box opens, where you enter the dialup information.

* Set up a dial-up connection - Using this option opens the Set Up a Dial-Up Connection dialog box, where you enter the dialup information for your ISP, including the phone number, username, and password.


Note that if you're running Windows 7 on a laptop/computer with wireless capabilities, you can see the Set Up a Connection or Network dialog box contains additional two options:

* Manually Connect to a Wireless Network - This option enables you to select a network that isn't automatically detected by the computer or create a new wireless connection by using a different wireless network adapter installed on your computer.

* Set Up a Wireless Ad Hoc (Computer to Computer) Network - You can use this option to create a temporary network connection between two wireless laptop computers for sharing files, peripherals, and the Internet. (Note: The laptops must be within 30 feet of one another.)

• Depending to the option that you choose, you need to follows the on-screen instructions to complete the setup process.

Step by Step Installation of Windows Server 2008 (Exclusive by Spediawol)

How to Install Windows Server 2008 Step by Step

Installing Windows Server 2008 is pretty straightforward and is very much like installing Windows Vista, but I thought I'd list the necessary steps here for additional information. For those of you who have never installed Vista before, the entire installation process is different than it used to be in previous Microsoft operating systems, and notably much easier to perform.

Using Vista's installation routine is a major benefit, especially for a server OS. Administrators can partition the system's hard drives during setup. More importantly, they can install the necessary AHCI or RAID storage drivers from a CD/DVD or even a USB thumb drive. Thus, error-prone floppies can finally be sent to the garbage bin.

Note: Windows Server 2008 can also be installed as a Server Core installation, which is a cut-down version of Windows without the Windows Explorer GUI. Because you don't have the Windows Explorer to provide the GUI interface that you are used to, you configure everything through the command line interface or remotely using a Microsoft Management Console (MMC). The Server Core can be used for dedicated machines with basic roles such as Domain controller/Active Directory Domain Services, DNS Server, DHCP Server, file server, print server, Windows Media Server, IIS 7 web server and Windows Server Virtualization virtual server.

To use Windows Server 2008 you need to meet the following hardware requirements:

Component	Requirement
Processor	• Minimum: 1GHz (x86 processor) or 1.4GHz (x64 processor) • Recommended: 2GHz or faster Note: An Intel Itanium 2 processor is required for Windows Server 2008 for Itanium-based Systems
Memory	• Minimum: 512MB RAM • Recommended: 2GB RAM or greater • Maximum (32-bit systems): 4GB (Standard) or 64GB (Enterprise and Datacenter) • Maximum (64-bit systems): 32GB (Standard) or 2TB (Enterprise, Datacenter and Itanium-based Systems)
Available Disk Space	• Minimum: 10GB • Recommended: 40GB or greater Note: Computers with more than 16GB of RAM will require more disk space for paging, hibernation, and dump files
Drive	DVD-ROM drive
Display and Peripherals	• Super VGA (800 x 600) or higher-resolution monitor • Keyboard • Microsoft Mouse or compatible pointing device

Upgrade notes:

I will not discuss the upgrade process in this article, but for your general knowledge, the upgrade paths available for Windows Server 2008 shown in the table below:

If you are currently running:	You can upgrade to:
Windows Server 2003 Standard Edition (R2, Service Pack 1 or Service Pack 2)	Full Installation of Windows Server 2008 Standard Edition Full Installation of Windows Server 2008 Enterprise Edition
Windows Server 2003 Enterprise Edition (R2, Service Pack 1 or Service Pack 2)	Full Installation of Windows Server 2008 Enterprise Edition
Windows Server 2003 Datacenter Edition (R2, Service Pack 1 or Service Pack 2)	Full Installation of Windows Server 2008 Datacenter Edition

Follow this procedure to install Windows Server 2008:

1. Insert the appropriate Windows Server 2008 installation media into your DVD drive.

2. Reboot the computer.

3. When prompted for an installation language and other regional options, make your selection and press Next.

4. Next, press Install Now to begin the installation process.

5. Product activation is now also identical with that found in Windows Vista. Enter your Product ID in the next window, and if you want to automatically activate Windows the moment the installation finishes, click Next.

If you do not have the Product ID available right now, you can leave the box empty, and click Next. You will need to provide the Product ID later, after the server installation is over. Press No.

6. Because you did not provide the correct ID, the installation process cannot determine what kind of Windows Server 2008 license you own, and therefore you will be prompted to select your correct version in the next screen, assuming you are telling the truth and will provide the correct ID to prove your selection later on.

7. If you did provide the right Product ID, select the Full version of the right Windows version you're prompted, and click Next.

8. Read and accept the license terms by clicking to select the checkbox and pressing Next.

9. In the "Which type of installation do you want?" window, click the only available option – Custom (Advanced).

10. In the "Where do you want to install Windows?", if you're installing the server on a regular IDE hard disk, click to select the first disk, usually Disk 0, and click Next.

If you're installing on a hard disk that's connected to a SCSI controller, click Load Driver and insert the media provided by the controller's manufacturer.

If you must, you can also click Drive Options and manually create a partition on the destination hard disk.

11. The installation now begins, and you can go and have lunch. Copying the setup files from the DVD to the hard drive only takes about one minute. However, extracting and uncompressing the files takes a good deal longer. After 20 minutes, the operating system is installed. The exact time it takes to install server core depends upon your hardware specifications. Faster disks will perform much faster installs… Windows Server 2008 takes up approximately 10 GB of hard drive space.

The installation process will reboot your computer, so, if in step #10 you inserted a floppy disk (either real or virtual), make sure you remove it before going to lunch, as you'll find the server hanged without the ability to boot (you can bypass this by configuring the server to boot from a CD/DVD and then from the hard disk in the booting order on the server's BIOS)

12. Then the server reboots you'll be prompted with the new Windows Server 2008 type of login screen. Press CTRL+ALT+DEL to log in.

13. Click on Other User.

14. The default Administrator is blank, so just type Administrator and press Enter.

15. You will be prompted to change the user's password. You have no choice but to press Ok.

16. In the password changing dialog box, leave the default password blank (duh, read step #15…), and enter a new, complex, at-least-7-characte rs-long new password twice. A password like "topsecret" is not valid (it's not complex), but one like "T0pSecreT!" sure is. Make sure you remember it.

17. Someone thought it would be cool to nag you once more, so now you'll be prompted to accept the fact that the password had been changed. Press Ok.

18. Finally, the desktop appears and that's it, you're logged on and can begin working. You will be greeted by an assistant for the initial server configuration, and after performing some initial configuration tasks, you will be able to start working.

Next, for the initial configuration tasks please follow my other Windows Server 2008 articles found on the Related Windows Server 2008 Articles section below.

RHEL4 Servers Configuration Complete

RHEL4 Servers Configuration

"A Contribution by ALI"

Samba Server Configuration

For samba server we have Linux on one side and other side WINDOWS.

Server Side

Ø First of all we copy the “smb.conf” file as “smb.conf.org”.

cp /etc/samba/smb. conf /etc/samba/smb.conf.org

Ø Open file in vi editor and write some statements in it.

vi /etc/samba/smb. conf

[Global Section]

· workgroup = saints (Domain Name)

· netbios name = bscs5 ( File server name. it gives in client side in run command. e.g \\bscs5)

· server string = saints server (optional)

· hosts allow = 192.168.0. 127.0.0.1 or 127.

· hosts deny = 0.0.0.0 / 0

· log file = /var/log/samba/ %m.log (% m means it replace by pc name)

· encrypt passwords = yes

· smb passwd file = /etc/samba/smbpassw d (All samba users r in it)

· unix password sync = yes

· interfaces = eth * lo

· bind interfaces only = yes

· local master = yes

· os level = 64

· domain master = yes

· preferred master = yes

· domain logons = yes

· logon script = netlogon.bat

· add user script = /usr/sbin/useradd –d /dev/null –g machines –s /bin/false –M %U

· logon drive = Z:

· logon path =\\%L\profiles\ %U

· wins support = yes

[Shared Section]

[Homes]

· path = /home/samba/ profiles/ %U

· browsable = no

· writeable = yes

· create mode = 0750 (Files permissions)

· directory mode = 0775 (Directories permissions)

[netlogon]

· path = /home/netlogon

· browsable =no

· write list = @admins (it’s a group name)

[Profiles]

· path = /home/samba/ profiles

· browsable = no

· writeable = yes

· create mask =0600

· directory mask = 0700

· guest ok = yes

Now we make one folder that can access all users.

[Shared]

· path = /home/shared

· writeable = yes

· browsable = yes

· force create mode = 0775

· force directory mode = 3770

· guest ok = yes

· create mask = 0765

First press Esc button then write :wq.

Ø Now restart service

service smb restart

Ø Create groups and directories.

· groupadd –g 600 admins

· groupadd –g 601 machines

· mkdir /home/samba

· mkdir /home/netlogon

· mkdir /home/samba/ profiles

· chmod 1757 /home/samba/ profiles

· chmod 0775 /home/netlogon

· chown root.admins /home/netlogon

Ø Create user in linux.

· adduser muneeb

· passwd muneeb (press enter then its asked to enter passwd)

Ø Now add user in samba.

· smbpasswd –a muneeb (-a means if user not exist in samba then it add otherwise create and give password).

· smbpasswd muneeb (press enter then its asked to enter passwd).

Ø Now we create home directory for samba user in profiles.

· mkdir /home/samba/ profiles/ muneeb

· chown muneeb /home/samba/ profiles/ muneeb (Here 1^st Muneeb is samba user and 2^nd Muneeb is directory).

· chgrp muneeb /home/samba/ profiles/ muneeb (Here 1^st muneeb is group name and 2^nd Muneeb is directory).

Note:-

When we create user then its group with the same name is also created.

Ø Now we apply some commands on sheel.

· Useradd –d /dev/null –g machines –s /bin/false –M meebe (Here meebe is a client pc name).

· vi /etc/passwd (File open in vi editor and search meebe and write $ at the end of the meebe. Like this (meebe$)

· smbpasswd –am meebe (meebe is added into samba).

Ø Now check the samba configuration on server side.

· smbclient //bscs5/profiles –U muneeb (when we press enter then it will asked to enter password. We enter the Muneeb user’s password).

Ø Write this command to check the “etho” in the firewall settings.

· system-config- securitylevel

Client Side

My Computer èProperties è Computer NameèChange

Enter Domain name is “saints”.

Then a small window is open and its will required user name and password. We will enter the privileged user and its password. (user name = Root and its password).

“Welcome to the saints domain” message shown and restart pc and login with samba user. If some error comes then we also have some changes.

StartèrunèregeditèHKEY_LOCAL_MACHINEèSYSTEMèCurrentConsoleSet èServicesèNetlogonèParameters

Double click on “requiresignorseal” and write 0 at the place on 1. And restart pc and again loin with samba user.

NIS SERVER Configuration

NIS stands for “Network Information System”. NIS servers are typically used to synchronize account information. They can share the contents of /etc/passwd, /etc/shadow and /etc/group files. For NIS server both pc have Linux.

Server Side

Ø Start NIS services

· service ypserv restart

· service portmap restart

Ø Open file in vi editor and add one line.

· vi /etc/sysconfig/ network

· NISDOMAIN = saint

Ø Restart the service

· service ypserv restart

Ø Now create one file and write some lines.

· vi /var/yp/securenets

· 255.255.255. 255 127.0.0.1

· 255.255.255. 0 192.168.0.0

Ø Restart the services

· service portmap restart

· service ypserv restart

· service ypxfrd restart

Ø Simple open file search “all” word. For search first press Esc then write /all: and press enter.

· vi /var/yp/Makefile

Ø write command for master server. It generate NIS maps show output in shell then press ctrl+d to move next then press y.

· /usr/lib/yp/ ypinit –m

Ø Restart the services and also permanent on.

· service portmap restart

· service ypserv restart

· service yppasswdd restart

· service ypxfrd restart

· chkconfig portmap on

· chkconfig ypserv on

· chkconfig yppasswdd on

· chkconfig ypxfrd on

Ø Now we create an NIS user

· adduser –u 1000 nisuser

· passwd nisuser nisuser

Ø Now move into /var/yp directory and write “make”. After the creation of every user.

· cd /var/vp

· make (It generates token of nisuser).

Ø Test to check services. [Optional]

· ps –auxf | grep yp

Ø Start the sshd service and also permanent on.

· service sshd restart

· chkconfig sshd on

Ø Write this command to check the “etho” in the firewall settings.

· system-config- securitylevel

Client Side

Ø First of all we check some RPMS that should be available on client side.

· rpm –qa | grep portmap

· rpm –qa | grep ypbind

· rpm –qa | grep yp-tools

· rpm –qa | grep authconfig

Ø To give NIS domain name and IP write this line.

· system-config- authentication –gui (One window is open check the “enable NIS Support” and click on “Configure NIS” button).

· NIS domain name = saint

· IP Address = IP Address of Server

Ø Start the ypbind service.

· service ypbind start

if OK then successful if error then check the log file.

· tail f /var/log/messages

Ø Restart the services

· service sshd restart

· service portmap restart

· service ypxfrd restart

· service ypbind restart

Ø Write some commands on shell.

· ypwhich (Display the IP address of server)

· ypcat passwd (It should display the password file of server machine).

· getent passwd (Display local password file & maps should be displayed).

Ø Create home directory of nisuser and also change its permissions.

· mkdir /home/nisuser

· chmod 700 /home/nisuser/

Ø Copy files into nisuser directory and also change its owner.

· cp /etc/skel/.* /home/nisuser/

· chown –R nisuser:nisuser /home/nisuser/ (Here 1st nisuser is user name, 2^nd nisuser is group name and 3^rd nisuser is directory name).

Ø Restart the ypbind service and also write ypmatch statement.

· srvice ypbind restart

· ypmatch nisuser passwd

Ø Restart and permanent on all services.

· srvice ypbind restart

· service portmap restart

· service ypxfrd restart

· service sshd restart

· chkconfig ypbind on

· chkconfig portmap on

· chkconfig ypxfrd on

· chkconfig sshd on

Ø Write this command to check the “etho” in the firewall settings.

· system-config- securitylevel

NFS Server Configuration

NFS stands for “Network File System”. It is use for sharing of files on network. For sharing of files we have Linux on both sides.

Server Side

Ø First of all open the “exports” file and give shares line by line. One share in one line.

· vi /etc/exports

· /mnt/share *(ro or rw,async,no_ root_squash or root_squash)

· Press Esc then write :wq.

· exportfs -ra

Here * shows all IP Address

“ro” means read only and “rw” means read write.

Ø Make Directory and also change its permissions.

· mkdir /mnt/share

· cd /mnt/share

· mkdir a b c

· cd ..

· chmod –R 1777 share/

Ø Restart and permanent on the service.

· service nfs restart

· chkconfig nfs on

Client Side

Ø Restart and permanent on the service.

· service nfs restart

· chkconfig nfs on

Ø Make Directory

· mkdir /mnt/myshare

Ø Mount and Umount the share directory.

· mount 192.168.0.2: /mnt/share /mnt/myshare

· umount 192.168.0.2: /mnt/mysahre

Here 192.168.0.2 it’s a server ip address.

/mnt/share it’s a source.

/mnt/myshare it’s a destination.

Ø Restart and permanent on the service.

· service nfs restart

· chkconfig nfs on

SQUID Server Configuration

It’s a caching server that is use to provide the internet facility of clients.

Server Side

Ø For SQUID server SAMBA server should be configured. And check the SQUID package.

· rpm –qa |grep squid

Ø After install the SQUID package then apply this command for creating the subdirectories for the caching purpose.

· squid –Z

Ø Now open the squid config file in vi editor.

· vi /etc/squid/squid. conf

Ø Now changes in file.

· acl clients src=192.168.0.0/ 24 (Here we declare a variable with the name clients and we store IP range in it).

· http-access allow clients

· http-access deny all

Client Side

Click on Internet ExplorerèToolsèInternet OptionsèConnectionsèLAN Settings

In proxy server give IP Address of server in Address Field and in Port field give port number is “3128”. It’s a by default port number we can’t change it. And restart the computer.

Apache Server Configuration

It is a web server.

Web Hosting

The World Wide Web is a massive collection of web sites, all hosted on computers (called web servers) all over the world. The web server (computer) where your web site's html files, graphics, etc. reside is known as the web host. Web hosting clients simply upload their web sites to a shared (or dedicated) webserver, which the ISP maintains to ensure a constant, fast connection to the Internet.

Ø First of all open the configuration file of apache.

· vi /etc/httpd/conf/ httpd.conf

Ø Simply we make some changes in it

· Search the word “UserDir disable” and remark it by # sign. By default it is unmark.

· Search the word “UserDir public_html” and unmark it by removing the # sign. By default it is mark.

· We can write “MyWeb” at the place of “public_html” because it’s a optional.

· In a “directory” tag we write “/home/*/MyWeb “.

· Save the file.

Ø Now create a new user and change its permissions.

· useradd apache1.

· chmod 711 /home/apache1

Ø Make a Directory and also change its permissions.

· mkdir /home/apache1/ MyWeb

· chmod 755 /home/apache1/ MyWeb/

Ø Restart the service.

· service httpd restart

Ø Simply make a HTML or PHP file and save it into /home/apache1/ MyWeb path.

Ø To Access the file write on the browser.

· http://localhost/ ~apache1/ filename of html

Password Protected Folders

It means when we want to access the files through browser then is asked for user authentication.

Ø Make a Directory.

· mkdir /var/www/html/ web

Ø Open the configuration file of apache.

· vi /etc/httpd/conf/ httpd.conf

Ø Simply we add some lines in it

· Make a directory.

· (Here /var/www/html its document root we must write it)

· AuthType basic

· AuthName “Please Login to Access the Files”

· AuthUserFile /home/apache1/ .mypasswd

· Require valid-user

·

· Save the file

Ø Now we add user in “.mypasswd” file for this we write some commands on shell.

· htpasswd –c /home/apache1/ .mypasswd apacheuser1 (Only first time we write –c by adding user next time we don’t write –c. “apacheuaer1” it’s a user name that we want to add in a file.)

· give password of apacheuser

· htpasswd /home/apache1/ .mypasswd apacheuser2

Ø Now restart the service.

· service httpd restart

Ø For removing user we manually remove it from file.

Ø To view the .mypasswd file write “vi /home/apache1/ .mypasswd” .

Ø .mypasswd file users and their encrypted passwords are in it.

FTP SERVER Configuration

Server Side

Ø How To Get VSFTPD Started

You can start, stop, or restart VSFTPD after booting by using these commands:

[root@bigboy tmp]# service vsftpd start

[root@bigboy tmp]# service vsftpd stop

[root@bigboy tmp]# service vsftpd restart

To configure VSFTPD to start at boot you can use the chkconfig command.

[root@bigboy tmp]# chkconfig vsftpd on

Ø Testing the Status of VSFTPD
You can always test whether the VSFTPD process is running by using the netstat -a command which lists all the TCP and UDP ports on which the server is listening for traffic. This example shows the expected output.

[root@bigboy root]# netstat -a | grep ftp

tcp        0        0        *:ftp         *:*        LISTEN

[root@bigboy root]#

If VSFTPD wasn't running, there would be no output at all. 

Ø Now open the FTP configuration file. Simply read it.

· vi /etc/vsftpd/ vsftpd.conf

Ø The /etc/vsftpd. ftpusers File

For added security, you may restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd. ftpusers file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access. As FTP doesn't encrypt passwords, thereby increasing the risk of data or passwords being compromised, it is a good idea to let these entries remain and add new entries for additional security.

Ø Anonymous Upload

If you want remote users to write data to your FTP server, then you should create a write-only directory within /var/ftp/pub. This will allow your users to upload but not access other files uploaded by other users. The commands you need are:

[root@bigboy tmp]# mkdir /var/ftp/pub/ upload

[root@bigboy tmp]# chmod 722 /var/ftp/pub/ upload

Ø FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have. The directive in this file is.

ftpd_banner= Welcome to the Saints FTP Server

Ø FTP Users with Only Read Access to a Shared Directory

In this example, anonymous FTP is not desired, but a group of trusted users need to have read only access to a directory for downloading files. Here are the steps:

1) Disable anonymous FTP. Comment out the anonymous_enable line in the vsftpd.conf file like this:

# Allow anonymous FTP?

anonymous_enable= NO

2) Enable individual logins by making sure you have the local_enable line uncommented in the vsftpd.conf file like this:

# Uncomment this to allow local users to log in.

local_enable= YES

3) Start VSFTP.

[root@bigboy tmp]# service vsftpd start

4) Create a user group and shared directory. In this case, use /home/ftp-users and a user group name of ftp-users for the remote users

[root@bigboy tmp]# groupadd ftp-users

[root@bigboy tmp]# mkdir /home/ftp-docs

5) Make the directory accessible to the ftp-users group.

[root@bigboy tmp]# chmod 750 /home/ftp-docs

[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs

6) Add users, and make their default directory /home/ftp-docs

[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs ftpuser1

[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs ftpuser2

[root@bigboy tmp]# passwd ftpuser1

[root@bigboy tmp]# passwd ftpuser2

7) Copy files which u want to share b/w users into the /home/ftp-docs directory

8) Change the permissions of the files in the /home/ftp-docs directory for read only access by the group

[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs/ *

[root@bigboy tmp]# chmod 740 /home/ftp-docs/ *

Users should now be able to log in via FTP to the server using their new usernames and passwords. If you absolutely don't want any FTP users to be able to write to any directory, then you should set the write_enable line in your vsftpd.conf file to no:

write_enable = NO

Remember, you must restart VSFTPD for the configuration file changes to take effect.

Client Side

Ø Here is a simple test procedure you can use to make sure everything is working correctly:

1) Connect to ftpuser1 via FTP 

[root@smallfry tmp]# ftp 192.168.1.100 (Here 192.168.1.100 is a server IP address)

Connected to 192.168.1.100 (192.168.1.100)

220 ready, dude (vsFTPd 1.1.0: beat me, break me)

Name (192.168.1.100: root): user1

331 Please specify the password.

Password:

230 Login successful. Have fun.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

As expected, we can't do an upload transfer of testfile to ftpuser1

ftp> put testfile

local: testfile remote: testfile

227 Entering Passive Mode (192,168,1,100, 181,210)

553 Could not create file.

ftp>

But we can view and download a copy of the VSFTPD RPM located on the FTP server ftpuser1

ftp> ls

227 Entering Passive Mode (192,168,1,100, 35,173)

150 Here comes the directory listing.

-rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0- 1.i386.rpm

226 Directory send OK.

ftp> get file name file name (e.g. index.html index.html.tmp)

local: index.html.tmp remote: index.html

227 Entering Passive Mode (192,168,1,100, 44,156)

150 Opening BINARY mode data connection for index.html (76288 bytes).

226 File send OK.

76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec)

ftp> exit

221 Goodbye.

[root@smallfry tmp]#

As expected, anonymous FTP fails.

[root@smallfry tmp]# ftp 192.168.1.100

Connected to 192.168.1.100 (192.168.1.100)

220 ready, dude (vsFTPd 1.1.0: beat me, break me)

Name (192.168.1.100: root): anonymous

331 Please specify the password.

Password:

530 Login incorrect.

Login failed.

ftp> quit

Ø      File is save on root’s path.

Change Root’s Password without knowing the root password

Ø When grub boot select REDHAT LINUX and press ‘p’.

Ø Then enter the grub password.

Ø Now select require line and press ‘e’.

Ø At the end of the line press space and write ‘1’.

Ø Then press ‘b’.

Ø Now system boot and single mode display.

Ø Write passwd root

Ø Enter new password.

Ø Write Init 6. (It means restart computer).

Rebuild RPMS Database

Ø When our RPMS are damage then we rebuild these.

· rpm --rebuilddb -vvv

Check User Group

Ø When we want to know the user groups then write this command.

· groups username