Archive for April, 2009

h1

Steps for Configuring TCP/IP

April 20, 2009

By default, the TCP/IP protocol is configured to receive its IP information (IP address, subnet mask, etc.) automatically from a Dynamic Host Configuration Protocol (DHCP) server on the network. Anyway, here’s how it’s done manually:

1. In Windows XP, open the Control Panel and double-click the Network Connections applet. Double-click the Local Area Connection icon. In Windows 2000, click Start> Settings> Network and Dial-Up Connections, and double-click the Local Area Connection icon. In Windows 9x/Me, alternate-click Network Neighborhood and double-click My Network Places to to get to your network settings.

2. Click Properties, highlight the Internet protocol (TCP/IP), and click Properties.

3. In the dialog box, click the Use the Following IP Address radio button.

4. Enter the IP address in the appropriate fields.

5. Press the TAB key to skip down to the subnet mask fields. Note that the subnet mask is entered automatically (this can be overwritten to enter a different subnet mask).

6. Optionally, enter the IP address for a default gateway (router or another computer system that will forward transmissions beyond your network).

7. Optionally, enter the IP address of a primary and secondary DNS server.

8. Click OK to close the dialog box.

9. Click Close to exit the Local Area Connection Status dialog box.

10. Windows will alert you that you must restart the for the changes to take effect.

h1

Access Control Lists

April 20, 2009

Access Control Lists (ACL) are used by routers and other networking devices to control traffic that comes in and out of your network. These access lists can be general in nature or specific to certain types of communications. Access Lists are typically used in firewalls to control communications between public and private networks, but they can also be used on internal routers to regulate traffic within the network. An Access List Entry (ALE), which is contained inside the ACL, usually includes where the network packet is coming from, where it’s going, what the protocol is (whether TCP or UDP), the TCP/IP port it uses, and, finally, whether access is allowed or denied. The types of parameters that can be controlled using an access list include the following:

Source Address – This parameter specifies the originating source IP address of a packet. The source address can be an internal or external machine, or an internal address that it proxies to an external address.

Destination Address – The destination IP address specifies where the packet is going. This can be internal or external to the network.

Port Numbers – This parameter specifies the TCP/IP port number the communication is using. Each type of  TCP/IP service uses a standard port.

Protocol – This parameter identifies the protocol being used in the transmission, such as File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), or Dynamic Host Configuration Protocol (DHCP). This is usually used in conjunction with a port number that’s standard to that protocol or service. This parameter can also be used to define whether the protocol is using TCP or UDP.

Permit or Deny – This parameter is used to permit or deny the communication specified in the access list entry.

The following is an example of an ACL entry for a router:

L 8-1        permit source 192.168.13.2 destination 10.1.5.25 tcp port 80

The syntax used by your router or network device will be similar to this entry, but it varies from vendor to vendor. ACLs can be a valuable security tool for locking down access to certain networks or hosts. This type of access control is critical for preventing spoofing attacks, where an unauthorized user tries to masquerade their external host as an internal system by spoofing the IP address to look like it’s coming from the internal network. An ACL can be set up to prevent external traffic coming in as an internal address.

h1

Virtual Memory & Page File Settings

April 1, 2009

Windows Virtual Memory system works  by writing data that won’t fit into RAM into a page file that holds the overflow. For efficient operation, the page file should be unfragmentedand positioned either on its own physical disk drive (preferably a disk that’s seldom used), or on the Windows disk but not on a drive that’s really just an alternate partition on the same physical drive as the Windows installation drive.

To configure Page File sizes and locations, you must be logged on as a Computer Administrator. Right-click My Computer and select Properties to open the System Properties dialog. Select the Advanced tab, and click the top Settings button under Performance. Select the Advanced tab and click the Change button under Virtual Memory.

After first installing Windows, there will probably be a page file located on drive C: (or the boot drive) with the System Managed Size option selected. You can create page files on more appropriate, faster drives and leave the original file as is, or delete it.

To create a new page file, select a drive letter in the upper part of the dialog and select either Custom Size or System Managed Size. If you want to prevent the page file from fragmenting, create it on a freshly formatted or defragmented drive or and set a custom initial size at 1.5 to 3 times the amount of physical RAM installed in your computer. To prevent the page file from growing or fragmenting, set its maximum size at the same amount. The new file will be created and used immediately.

If you are not sure what your system’s memory demands will be, leave the page file set to System Managed Size and let Windows manage it.

To delete a page file, select a drive letter in the upper-hand part of the dialog and select No Paging File. The file will be freed and deleted when you restart Windows.