Windows 2012 Server Network Security - Bitpipedocs.media.bitpipe.com/io_10x/io_102267/item_757397/Windows 2012... · CHAPTER 2 Network Infrastructure ... Windows Server 2012 Resource

Windows 2012 Server Network Security

Save 30% on Syngress books and eBooks n Save 30% on all Syngress books and eBooks at the Elsevier

Store when you use promo code CW3013.n Free shipping on all orders. No minimum purchase.n Offer valid only on Syngress books sold by the Elsevier store until

31 December 2014.

Click here to order a copy of: Windows Server 2012 Server Network Security

How it works: 1. Choose a Syngress title.2. Add the title to your shopping cart.3. Click on “Enter Discount Code” in your shopping cart.4. Enter code CW3013 to obtain your discount and click apply.

http://store.elsevier.com/product.jsp?isbn=9781597499583&utm_source=Publicity&utm_medium=clusteremail&utm_campaign=cyberadmsecwar

AMSTERDAM • BOSTON • HEIDELBERG • LONDONNEW YORK • OXFORD • PARIS • SAN DIEGO

SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO

Syngress is an Imprint of Elsevier

Derrick Rountree

Richard Hicks, Technical Editor

Windows 2012 Server Network Security

Securing Your Windows Network Systems and

Infrastructure

Acquiring Editor: Chris KatsaropoulosEditorial Project Manager: Heather SchererProject Manager: Priya KumaraguruparanDesigner: Mark Rogers

Syngress is an imprint of Elsevier225 Wyman Street, Waltham, MA 02451, USA

Copyright © 2013 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrange-ments with organizations, such as the Copyright Clearance Center and the Copyright Licens-ing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

NoticesKnowledge and best practice in this field are constantly changing. As new research and experi-ence broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

Library of Congress Cataloging-in-Publication DataApplication submitted.

British Library Cataloguing-in-Publication DataA catalogue record for this book is available from the British Library.

ISBN: 978-1-59749-958-3

Printed in the United States of America13 14 15 10 9 8 7 6 5 4 3 2 1

v

Contents

DEDICATION ixACKNOWLEDGMENTS xiABOUT THE AUTHOR xiiiABOUT THE TECHNICAL EDITOR xvPREFACE xvii

CHAPTER 1 Introduction �� 1 Intro to Windows 8 and Windows Server 2012 ��1 Server Manager ��1 Powershell ��6 Intro to IPv6 ��6 IPv6 Architecture ��7 Summary ��10

CHAPTER 2 Network Infrastructure�� 11 Introduction ��11 DHCP ��11 DHCP Overview��11 DHCP Installation and Initial Configuration ��12 Initial DHCP Configuration ��16 Protecting Your DHCP Environment ��18 DNS ��26 DNS Overview ��26 DNS Installation and Initial Configuration ��26 Protecting Your DNS Environment��32 WINS ��37 WINS Overview ��38 WINS Feature Installation and Initial Configuration ��39 Protecting Your WINS Environment ��40 Summary ��44

CHAPTER 3 Securing Network Access �� 45 Introduction �� 45

Contentsvi

General Network Settings �� 45 Network Discovery �� 45 Network Location �� 46 Wireless Security �� 47 Wireless Properties �� 47 Security Types �� 47 Wireless Encryption �� 48 Windows Firewall �� 49 Network Profiles �� 49 Windows Firewall Configuration �� 51 Windows Firewall with Advanced Security �� 53 IPSEC �� 64 IPSec Overview �� 65 Configuring IPSec �� 67 IPSec Monitoring in Windows Firewall with Advanced Security �� 72 Windows 8 Resource Sharing �� 74 HomeGroup �� 74 Advanced Sharing Settings �� 75 Windows Server 2012 Resource Sharing�� 80 Summary �� 87

CHAPTER 4 Secure Remote Access �� 89 Introduction �� 89 TELNET �� 90 Telnet Server �� 90 Telnet Client �� 91 Remote Desktop Services �� 92 Remote Desktop on Windows 8 �� 92

Remote Desktop Services Role on Windows Server 2012 �� 94

Remote Desktop Connection Client �� 99 Remote Access Role �� 107 Remote Access Role Installation and Configuration �� 107 DirectAccess �� 112 VPN �� 112 Network Policy and Access Services �� 114 NPAS Installation and Configuration �� 114 Network Policy Server �� 118 Health Registration Authority �� 120 Host Credential Authorization Protocol �� 121 Summary �� 121

Contents vii

CHAPTER 5 Internet Connection Security �� 123 Internet Explorer Security �� 123 Domain Highlighting �� 124 Frequently Visited Sites�� 124 Safety Features �� 125 Internet Options �� 130 General �� 132 Security �� 137 Privacy �� 155 Content �� 158 Connections �� 161 Programs �� 162 Advanced �� 165

CHAPTER 6 Network Diagnostics and Troubleshooting �� 167 Task Manager �� 167 Processes �� 168 Performance Tab �� 169 App History �� 172 Startup �� 172 Users �� 173 Services �� 173 Resource Monitor �� 173 Resource Monitor Overview Tab �� 175 Resource Monitor Network Tab �� 177 Performance Monitor �� 178 Data Collector Sets �� 178 Event Viewer �� 182 Windows Logs �� 182 Applications and Services Logs �� 184 Network Monitor �� 185 Summary �� 185

CHAPTER 7 Network Tools and Utilities �� 187 Introduction �� 187 Local Security Policy �� 187 Local Policies �� 188 Network List Manager Policies �� 192 IP Security Policies on the Local Computer �� 193 Advanced Audit Policy Configuration �� 196 Group Policy �� 199

Contentsviii

Computer Configuration > Policies > Windows Settings �� 199 Computer Configuration > Policies > Administrative Templates: Policy Definitions (ADMX Files)

Retrieved from the Local Computer �� 200 Computer Configuration > Preferences > Windows Settings �� 200 Computer Configuration > Preferences > Control Panel Settings �� 201 User Configuration > Policies > Windows Settings�� 201 User Configuration > Policies > Administrative Templates �� 201 Computer Configuration > Preferences > Windows Settings �� 201 Computer Configuration > Preferences > Control Panel Settings �� 201 Security Configuration Wizard �� 201 Using the Security Configuration Wizard �� 202 Command-Line Tools �� 219 Ipconfig �� 219 Ping �� 220 Tracert �� 220 Netstat �� 221 NBTStat �� 222 ARP �� 222 Getmac �� 222 NET �� 223 Pathping �� 224 Route �� 224 NETSH �� 225 PowerShell Commands �� 227 General Networking �� 227 Network Management �� 228 Other Relevant Tools �� 228 PortQry �� 228 Microsoft Security Compliance Manager �� 229 Microsoft Baseline Security Analyzer �� 229 Enhanced Mitigation Experience Toolkit �� 229 Attack Surface Analyzer �� 229 Summary �� 229

INDEX �� 231

Dedication

This book is dedicated to my daughter Riley, the most amazing two-year-old ever.

ix

This page is intentionally left blank

xi

Acknowledgments

I would like to thank my wife Michelle, my mother Claudine, and my sister Kanesha. I would also like to thank the Elsevier staff, especially Angelina Ward and Heather Scherer. It has truly been a pleasure working with you.


xiii

About the Author

Derrick Rountree (CISSP, CASP, MCSE) has been in the IT field for almost 20 years. He has a Bachelor of Science degree in Electrical Engineering. Derrick has held positions as a network administrator, an IT consultant, a QA engineer, and an Enterprise Architect. He has experience in network security, operating system security, application security, and secure software development. Derrick has contributed to several other Syngress and Elsevier publications on Citrix, Microsoft, and Cisco technologies.


xv

About the Technical Editor

Richard Hicks is a network and information security expert specialized in Microsoft technologies, an MCP, MCSE, MCITP Enterprise Administrator, CISSP, and four-time Microsoft Most Valuable Professional (MVP). He has traveled around the world speaking to network engineers, security adminis-trators, and IT professionals about Microsoft edge security and remote access solutions. A former information security engineer for a Fortune 100 financial services company in the US. He has nearly two decades of experience work-ing in large-scale corporate computing environments. He has designed and deployed perimeter defense and secure remote access solutions for some of the largest companies in the world. Richard has served as a technical reviewer on several Windows networking and security books and is a contributing au-thor for WindowsSecurity.com and ISAserver.org. He is an avid fan of Major League Baseball and in particular the Los Angeles Angels (of Anaheim!), and enjoys craft beer and single malt Scotch whisky. Born and raised in Southern California, he still resides there with Anne, the love of his life and wife of 27 years, along with their four children. You can keep up with Richard by visiting http://www.richardhicks.com/.


xvii

Windows 8 and Windows Server 2012 are major releases for Microsoft. There are a lot of new networking features and improvements to old features. We will be looking at these features from a security perspective. We will cover general functionality where necessary, but our focus will be on security. We will discuss how to secure your general networking features. We will also discuss how to implement security-related features.

You must keep in mind that security is not just about cryptography and virus protection. The basis of information security is the CIA triad. This includes confidentiality, integrity, and availability. We’re going to discuss ways of mak-ing your networked systems secure, stable, and highly available.

This book is not an administrator’s guide. We won’t be going over where to find tools and utilities. We also won’t be going over general configuration informa-tion, unless we are configuring a security-related feature. If you need in-depth information about features and functionality, it’s recommended that you use supplemental reference material.

INTENDED AUDIENCE

This book is intended for anyone who will be using, administering, or securing Windows 8 or Windows Server 2012 systems and networks. In the past, security was just for security professionals. They were the only ones who cared about making sure systems were safe. Nowadays, we realize that everyone has a hand in making sure the environment is secure. A DNS Administrator, for example, must make sure that not only is the DNS infrastructure doing name resolu-tion properly, but also that it’s available when needed and is protected against unauthorized requests.

To get the full value from this book, an individual should have a good understanding of general networking concepts. You should also have a good understanding of how to administer Windows systems. Since the book will not

Preface

Prefacexviii Preface

be covering general Windows functionality, it’s important to have an under-standing of how to navigate the new look and feel of Windows system.

WHY IS THIS INFORMATION IMPORTANT

Nowadays, we realize it’s everyone’s responsibility to make sure the system they use is secure. With the release of a new operating system comes a new set of attacks. It’s important that you have the right information needed to mitigate these attacks. This is what this book will provide you with.

The cyber world is evolving. Companies not only have to worry about external threats, but also internal threats. Attacks are becoming more complex and more calculated. Attackers don’t always attack the system they want directly. They may compromise another system and use that system to attack their ulti-mate target. Even if you don’t want a certain system to have valuable informa-tion on it, it still needs to be protected. You don’t want that system to be the one used to compromise another system.

New initiatives like BYOD (Bring Your Own Device) are allowing corporate users to bring their personal devices into the workplace. This has caused a blur in the line between corporate and personal systems. You have both types of devices on the network. So, it’s important that both types of devices be secured.

THE STRUCTURE OF THE BOOK

This book is broken down into seven chapters, including the Introduction. The chapters flow from infrastructure outward to Internet connectivity. Then it’s wrapped up with the tools you need to monitor and administer these environments.

Chapter 1: Introduction

The Introduction will give you a general overview of the tools needed to man-age Windows systems. We provide this overview to ensure that there is a good foundation for the concepts we cover later. We will also go over IPv6. The con-figuration and management of an IPv6 environment is different from an IPv4 environment. So we want to make sure you have a good understanding of some of the new concepts before we move forward.

Preface xix

Chapter 2: Network Infrastructure

This chapter will discuss how to securely deploy your network infrastruc-ture. The infrastructure is what will provide the basis for the rest of your net-work connectivity. We will cover how to secure your DHCP, DNS, and WINS infrastructure.

Chapter 3: Securing Network Access

This chapter will cover how to connect a system to network. We will cover both wired and wireless access. We will go over to basic connectivity and access as well as to more advanced concepts like Windows Firewall and IPSec.

Chapter 4: Secure Remote Access

This chapter will cover remote access to your network and to individual sys-tems. It’s important that this be done in a secure way to prevent unauthorized access and information leakage.

Chapter 5: Internet Connection Security

In this chapter, we will discuss how to secure Internet Connections. We will start with Internet Explorer and then move to general Internet security settings.

Chapter 6: Network Diagnostics and Troubleshooting

In this chapter, we will cover tools that can be used to monitor and troubleshoot your systems. They can be used to help ensure availability. They can also be used to detect unwanted or malicious activity.

Chapter 7: Network Tools and Utilities

This chapter discusses some of the network tools and utilities that can be used to configure, manage, and secure Windows networking components. We will cover some simple command-line utilities as well as more robust tools.


Windows 2012 Server Network Security. © 2013 Elsevier Inc. All rights reserved.

http://dx.doi.org/10.1016/B978-1-59749-958-3.00001-71

CHAPTER 1

Introduction

CONTENTS

Intro to Windows 8 and Windows Server 2012 ��1Server Manager..................1Dashboard .................................. 2Local Server ................................ 2Add Roles and Features ............ 2Notifications ............................... 4Manage ....................................... 6Tools ........................................... 6Powershell ..........................6

Intro to IPv6 ��6IPv6 Architecture ...............7IPv6 Addressing ......................... 7IPv6 Address Types ................... 8IPv6 Special Addresses ............. 8IPv6 Addressing ......................... 9

Summary ��10

n Intro to Windows 8 and Windows Server 2012n Intro to IPv6

INFORMATION IN THIS CHAPTER

Networking is a key component of any environment. Windows 8 and Windows Server 2012 offer a wide range of networking features and functionality. It’s important that you understand these features and functionality so that you can properly secure them. But, before we get into those, we will start with some more general information. In this chapter, we will start with an overview of some of the key components of Windows 8 and Windows Server 2012 that will help you as we go through the rest of the chapters. Then we will move into a discussion of IPv6, and how it’s implemented in Windows 8 and Windows Server 2012.

INTRO TO WINDOWS 8 AND WINDOWS SERVER 2012When you look at Windows 8 and Windows Server 2012, the first thing you will notice is a big difference in the UI. But, that’s not the only difference. There are some important differences in the management of the operating systems. There is a new Server Manager console that offers new management function-ality and there has been increased functionality built into Powershell.

Server ManagerIn Windows Server 2012, Server Manager has been enhanced to provide greater management and monitoring functionality. It’s your starting point for a lot of gen-eral administrative functions you will need to perform. You can access event and performance information. You can also install new roles and services from here.

http://dx.doi.org/10.1016/B978-1-59749-958-3.00001-7

CHAPTER 1: Introduction2

Dashboard

When you log into Windows Server 2012, Server Manager will open. You will be presented with the Dashboard view, as seen in Figure 1.1. The Dashboard view allows you to access information about different roles and services that have been installed on the system. You can view information on manageabil-ity, events, performance, and BPA results.

Local ServerThe Local Server section, as seen in Figure 1.2, will give you detailed informa-tion about the server to which you are currently connected. You can view server properties, events, services, Best Practices Analyzer information, performance information, and roles and features information.

Add Roles and FeaturesServer Manager is where you go to Add Roles and Features to your server. In upcoming chapters, we will be installing different roles and features. Most of these installs will be launched from Server Manager. The first few steps of all the installs will be the same. So, instead of repeating these steps multiple times, we will go through these steps now:

1. In the Server Manager Dashboard, select Add Roles and Features. This will launch the Add Roles and Features Wizard. First, you will be presented with the Before You Begin screen, as seen in Figure 1.3. This screen describes what can be done using the wizard. It also gives configuration suggestions to follow before you continue with the wizard. Click Next.

FIGURE 1.1 Server Manager Dashboard View

Intro to Windows 8 and Windows Server 2012 3

2. Next, you will see the Installation Type screen, as seen in Figure 1.4. You have two options. You can install roles or features on the system; or you can install VDI (Virtual Disk Infrastructure) services on the system. Select Role-based or feature-based installation, and click Next.

FIGURE 1.2 Server Manager Local Server View

FIGURE 1.3 Add Roles and Features Wizard Before You Begin Screen


3. Next you will see the Server Selection screen, as seen in Figure 1.5. Here, you can choose to install to a server or to a VHD (virtual hard disk). If you choose a VHD, you have the option to install to a VHD attached to an online server, or to install to an offline VHD. Select Select a server from the server pool. Then choose the server you want to install onto, and click Next.

Config ExportOne useful feature of the Roles and Features Wizard is the ability to export an installation configuration. After you have finished configuring the settings for an installation, you have the option to save the configuration to an XML file. You can then use Powershell to script an install with the same settings on a different server. This not only makes it easier to install multiple servers, but it also helps to ensure consistent installations. The command you would use to perform the install is as follows:

Install-WindowsFeature-ConfigurationPathFile <exportedconfig.xml>.

NotificationsThe Notifications section of Server Manager, as seen in Figure 1.6, will pro-vide notification and alert messages. For example, after you install a role,

FIGURE 1.4 Add Roles and Features Wizard Installation Type Screen

Intro to Windows 8 and Windows Server 2012 5

FIGURE 1.5 Add Roles and Features Server Selection Screen

FIGURE 1.6 Server Manager Notifications Sections


a notification will be posted letting you know that the install was successful. You will also get a notification after an install, if there is post-install configura-tion that needs to be done.

ManageThe Manage menu provides you the ability to add and remove roles and features. You can add servers to be managed by Server Manager. You can also create server groups.

ToolsThe Tools menu brings up a list of various tools that you can use to manage your server. There are entries for Local Security Policy, Performance Monitor, Resource Monitor, the Security Configuration Wizard, and many other options. Some of these security-related tools will be covered later in this book.

PowershellPowershell is a very powerful management language used with Windows sys-tem. Windows Powershell is a combination command-line shell and scripting language. Powershell allows access to COM and WMI management compo-nents. This greatly expands the potential of the Powershell language.

Powershell is one of the main tools used for managing Windows systems. In fact, many Windows management consoles are actually built on top of Powershell. Powershell includes a hosting API that can be used by GUI appli-cations to access Powershell functionality. Powershell commands can be exe-cuted as cmdlets, Powershell scripts, Powershell functions, and standalone executables. The Powershell process will launch cmdlets within the Powershell process. Standalone executables will be launched as a different process. As Windows moves forward, there will be an increasing reliance on Powershell. It's important that you understand how to use it to manage and administer your systems. As we go through this book we will periodically reference differ-ent Powershell commands than may be useful to you.

INTRO TO IPv6IPv6 is the newest version of the IP protocol. It was designed to replace IPv4, which is the version used throughout most of the Internet. The problem was that there weren’t enough IPv4 addresses to satisfy the needs of the growing Internet. IPv6 has been long talked about, but it is just now picking up steam. More and more Internet Service Providers are supporting the protocol. World IPv6 Launch Day was June 6, 2012. This was the day many ISPs and vendors permanently enabled IPv6 on for their products and services.

Intro to IPv6 7

IPv6 Architecture

The IPv6 architecture is very different from the IPv4 architecture. These archi-tecture differences are what make IPv6 the choice for the future. IPv6 is scal-able, secure, and relatively easy to set up.

IPv6 AddressingIPv6 addresses are 128 bits long. Compare that to IPv4 addresses which are 32 bits. This means there are 3.4 × 1038 addresses. That’s approximately 4.8 × 1028 addresses for each person on earth. There is almost no way we will ever use any-where near that many addresses. The main benefit of having that many addresses available is that you can waste addresses. With IPv4 addresses, there was no room for waste. You had to make sure you made the most efficient use of addresses pos-sible. With IPv6, that’s no longer a concern. You should make sure you come up with a scheme that is best for your organization, but it’s ok if you waste addresses.

IPv6 NotationIPv6 addresses consist of eight groups of 16-bit numbers, separated by colons. The 16-bit numbers are represented as hex digits:

abcd:1234:1234:abcd:0230:0bcd:1234:a0cd

As you can see IPv6 addresses can be quite long and very hard to remember. To make things a little bit easier, IPv6 addresses can be abbreviated. There are two ways IPv6 addresses which can be abbreviated. The abbreviations are based on the existence of zeros. First of all you can remove one or more leading zeros from a group of 4 hex digits:

abcd:1234:0000:abcd:0230:0bcd:1234:a0cd

becomes

abcd:1234:0:abcd:230:bcd:1234:a0cd

Also, you can remove an entire section of zeros and replace with a double colon (::). The double colon can only be used once in an address:

0000:0000:abcd:1234: abcd:1234:abcd:1234

becomes

::abcd:1234: abcd:1234:abcd:1234

or

abcd:1234:0000:0000:0000:abcd:1234:abcd

becomes

abcd:1234::abcd:1234:abcd


In IPv4 you had the network portion of the address and the host portion of the address. The subnet mask is used to tell you which portion of the address is which. There are two ways to write IPv4 subnet masks. You can use the traditional form, 255.255.255.0, for example. Or you can use the CIDR format, /24. In IPv6, the network portion of the address is called the prefix. The prefix is also denoted by the subnet mask. But, IPv6 subnet masks are only written using the CIDR format.

IPv6 Address Types

There are three types of addresses used with IPv6: unicast, multicast, and anycast. Unicast addresses are what you would call regular addresses. They are the addresses usually bound to your network card. Unicast addresses should be unique on a network, meaning a single unicast address should only represent a single system. Multicast addresses are used to make a one-to-many connection. Multiple systems can listen on the same multicast address. So, when a system sends out a message using a multicast address, multiple systems may respond. Multicast addresses will start with FF0 or FF1. FF02::2 is the multicast address used by routers. IPv6 uses multicast addresses to accomplish a lot of the functionality performed by broadcast addresses in IPv4. Anycast addresses are addresses that are shared by multiple system. Anycast addresses are generally used to find network devices like routers. When a message is sent out via an anycast address, any system using that address may respond.

Unicast addresses come in four flavors: global, site-local, link-local, and unique local. Global addresses are routable throughout the Internet. Global IPv6 addresses start with 001. Site-local addresses are only routable within a specified site within an organization. Link-local and unique local addresses will be covered in the next section on special addresses.

Note: The concept of sites has been deprecated in IPv6, so site-local addresses are no longer used.

IPv6 Special AddressesThere are several special addresses in IPv6. These addresses or groups of addresses serve very specific function. We will cover the loopback address, link-local addresses, and unique local addresses.

Loopback AddressThe loopback address, also called localhost, is probably familiar to you. It is an internal address that routes back to the local system. The loopback address in IPv4 is 127.0.01. In IPv6, the loopback address is 0:0:0:0:0:0:0:1 or ::1.

Intro to IPv6 9

Link-Local AddressesLink-local addresses are intended to only be used on a single network segment or subnet. Routers will not route link-local addresses. Link-local addresses also existed in IPv4. They existed in the address block 169.254.0.0/16. These addresses were used by the DHCP autoconfiguration service on a system when a DHCP address could not be obtained. Link-local addresses allow you to have network connectivity until another more suitable address can be obtained. In IPv6, the address block fe80::/64 has been reserved for link-local addresses. The bottom 64 bits used for the address are random. In IPv6 link-local addresses may be assigned by the stateless address autoconfiguration process. IPv6 sys-tem must have a link-local address in order for some of internal protocol func-tions to work properly. So, during a normal startup process, an IPv6 system will obtain a link-local address before it receives a regular, routable IP address.

Unique Local AddressUnique local addresses are a set of addresses that are intended for use in inter-nal networks. They are similar to “private” IPv4 addresses. These addresses can only be used within a specified organization. They are not routable on the global Internet. Using unique local addresses can help prevent external systems from having direct access to your internal systems. The address block fc00::/7 has been reserved to use for unique local addresses.

IPv6 AddressingWhen you look at the IP configuration on an IPv6 system, you will see mul-tiple addresses. First you will see the public address. The public address is the address used by other systems to contact an IPv6 system. This is the address that would be registered in the DNS server. You will also see what is called a temporary address. It’s called temporary because it may change after a given interval. The temporary address is the address used when making connections to other systems, such as when you browse the Internet. This adds an addi-tional layer of security because it would be very difficult to trace this temporary address back to the originating system.

Note: On Windows systems, the public address is simply label IPv6 address.

The third type of address you may see is a tentative address. After the system generates an address, it is considered tentative until the verification process to make sure the address does not exist elsewhere on the network completes. The verification process happens so quickly that you will probably never actu-ally see an address labeled tentative.

Stateless Address AutoconfigurationIPv6 systems can automatically configure themselves when on a network with an IPv6 compliant router. The process is as follows:


1. The system boots up and generates a link-local address.2. A message is sent to the multicast address FF02::2 to find a router.3. The router sends back a link address or prefix.4. The system uses the prefix as the beginning portion of the address and

randomly generates the ending portion of the address.

SUMMARY

Windows 8 and Windows Server 2012 have many similarities to older versions of Windows, but there are also many new aspects. There are new features and improvements on old features. The new Server Manager offers an improved management interface. There are also improvements to Windows Powershell that greatly expand its effectiveness.

IPv6 has been around for a while. It's also been supported in Windows systems for quite some time. But, as IPv6 grows in popularity, it’s essential that you have a good understanding of it and how it works on Windows systems.

FM Header

231

Index

AActive directory, 16, 25, 30, 32, 34, 37,

49, 78, 188, 199–200, 229–230ActiveX Filtering, 128Additional services, 206Adding sites to the Internet zone, 148Address Resolution Protocol

(ARP), 23, 222Advanced audit policy configuration

configure basic system auditing, 198

DS access, 196granular audit control, 196–199local group policy object

node, 196tracking, 196

Advanced Encryption Standard (AES), 48

Advanced sharing settingsdevice sharing

all networks, 79–80guest or public, 77–78private network, 75–77

AES. See Advanced Encryption Standard

Audit policyaudit object access, 188audit policy change, 188audit privilege use, 188audit process tracking, 188audit system events, 188detect malicious network

activity, 188Applications and services logs

network-related informationInternet Explorer, 184Microsoft Windows

nodes, 184ARP. See Address Resolution ProtocolAttack surface analyzer, 229

BBinary and script behaviors

COM components, 140HTML, 140Windows Script

components, 140

CCommand line tools

ARPtranslate IP addresses

to MAC addresses, 222Getmac

query system MAC addresses, 222–223

Ipconfigdisplay and manipulate IP

information, 219NET command, 223NETSH

command-line network management utility, 225

network management interface, 225

NETSH Context Commands, 225NETSH Sub-Contexts

netsh<context>command, 226Netstat

current connection information, 221

protocol information, 221TCP SYN attack, 221

Pathpingsource to destination

computer, 224Ping

denial of service attack, 220ICMP echo request

message, 220

ping command, 220ping flood, 220round-trip time, 220

Routenetwork routing table, 224

Tracertrouters or hops, 220–221tracert command, 220–221Windows version of

traceroute, 220–221Components of Windows Server

DHCP, 11DNS, 11WINS, 11

Computer certificatesKerberos v5, 70–71NTLMv2, 70–71

Computer configuration policiesadministrative templates

local computer, 200network, 200policy definitions (ADMX

Files) retrieved, 200system, 200Windows components, 200

Windows settingsname resolution policy, 199policy-based QoS, 200security settings, 199–200

Computer configuration preferences

control panel settingconfigure preferences, 201

Windows settings node, 200–201Configuration database, 204Connection files

notepad, 106.rdp file, 106

Connect from anywherecredentials, 105

232 Index Index

RD gateway server setting, 105Connection request policy

nodep, 105Creating zones

lookup zonesforward lookup zones, 30reverse lookup zones, 30

name resolutiondomain name (FQDN), 26IP address, 26

DData collector sets

kernel trace setting, 179performance configuration, 179performance counter, 179performance monitor, 178system diagnostics, 178system performance, 178user defined section, 179

Data settingscaches and databases

application cache, 135indexed database caches, 135

historylisting of websites, 134–135

temporary Internet filesview files button, 134view objects button, 134

DCM. See Desired Configuration Management

Delete browsing historydelete browsing history on

exit, 133delete manually, 133

Denial of service (DOS), 220Desired Configuration Management

(DCM), 229DHCP. See Dynamic Host

Configuration Protocol DHCP audit logging

bootIP address, 24DHCP management console, 23dynamic BOOTP request, 24NAP policy

Microsoft NAP, 114packet dropped, 24scope address pool, 23

DHCP environment protectionbogus IP address, 19design anonymous, 18MAC address generation

software, 19

malicious client system, 19DHCP installation, 12, 16

DHCP server, 12–13DHCP overview

broadcast messages, 11DHCP server authorization

DHCP management console, 23rogue DHCP server attack, 22–23

DHCP server roleconfirmation screen, 13, 15feature screen, 13–14server information screen, 13–14server role screen, 13

DHCP snoopingARP spoofing, 23layer 2 network switch, 23rogue DHCP servers, 23

DHCP unique identifier. See also DUID

Differentiated Services Code Point (DSCP), 200–201

DNS. See Domain Name ServiceDNS environment

DNS cache, 34secure cache, 34

DNS forwarders, 34DNS installation and initial

configurationconfirmation screen, 26, 28DNS server information

screen, 26, 28feature screen, 26installation complete, 26, 29post installation alert, 30result screen, 26, 29server role screen

DNS feature window, 27, 30DNS name resolution services, 44DNSSEC

authenticated denial-of- existence, 34

digital signaturesresponse verification, 34

secure the DNS protocol, 34trust anchors, 34zone signing, 34

DNS server activityLogging

debug logging, 37, 39event logging, 37–38

monitoringautomatic testing, 37manual testing, 37

DNS settingsDNS registration

DNS A, 24PTR records, 24

name protection, 25DNSUPDATEPROXY

secure dynamic updates, 25Windows Active Directory

environment, 25DNS zone security

DNS zone information, 35Domain highlighting, 124Domain Name Service

(DNS), 24–26, 37–38DOS. See Denial of serviceDownloads

file download, 141font download, 141

DSCP. See Differentiated Services Code Point

Dynamic host configuration protocol (DHCP), 11–26

DHCPbootstrap protocol, 11hard disk configuration

information, 11IP configuration

information, 11, 20network configuration

information, 11proxy configuration

information, 11DUID, 21Dynamic updates option

allow, 37do not allow, 37only allow secure, 37

EEMET. See Enhanced Mitigation

Experience ToolkitEMET

security vulnerabilities prevention, 229

threat mitigation technologies, 229

Enhanced Mitigation Experience Toolkit (EMET), 229

Event viewerevent properties window, 183 event viewer session, 182Windows system

application information, 182

233Index

monitoring and logging, 182system information, 182user information, 182

External media playercontrols media files

disable, 140enable, 140

FForward lookup zones

dynamic update screensecured dynamic updates, 32unsecured dynamic

updates, 32newzones wizard, 30welcome screen, 30zone file screen, 32zone name screen

domain name, 30, 31

GGroup policy

local security policy, 199multiple system configuration

settings, 199

HHCAP See Host Credential

Authorization PolicyHCAP

Cisco network access control server, 114

connection request policy node, 121

Microsoft NAP solution, 114network policy server console, 121

Health registration authority (HRA), 114, 117, 120

Host credential authorization policy (HCAP), 114, 121

HRAcertification authority

settings, 120console, 120request policies

cryptographic policies, 120transport policies, 120–121

HRA, See Health Registration Authority

IIAID, 21Infrastructure

DHCP, 44DNS, 44WINS, 44

Initial DHCP configurationactive directory servicesauthorization screen, 16–18DHCP post-initial configuration

server manager alert, 16wizard, 16–17

management console, 18post-deployment

configuration, 16summary screen, 18–19

InPrivate, 158Interface association identifier. See

also IAIDInternet Explorer security, 123Internet options

advanced, 165applet, 130–131connections, 161content, 158general

browsing history, 132home page, 132

privacy, 162programs, 130–131security, 137–155

Internet Protocol security, 64Internet Service Provider (ISP), 6IPSec. See Internet Protocol securityIP address, 12, 18–26, 34IPsec monitoring in Windows

Firewalladvanced security, 74connection security rules, 72security associations

security connection information, 74

IPSec overviewconfiguring IPSec

authentication exemption rules, 67

connection security rules plug-in, 67

custom rules, 67isolation rules, 67server-to-server rules, 67tunnel rules, 74

host-to-host network, 65host-to-network, 65Internet Protocol security

(IPSec), 64IPSec AH

authentication header, 65IP packet, 65–66replay attack, 65–66

network-to-network, 65IPSec ESP

confidentialty, 66encapsulation security

payload, 66IPSec security association

network flow authentication, 67

network flow encrption, 67IP security policies

IP filter list management, 193IPSec policies configuration, 193IP security policy name

screen, 195IP security policy screen, 195, 197local computer, 193manage filter actions, 196, 198manage IP filter list tab, 195, 197name screen, 195secure communications

screen, 195–196wizard welcome screen,

193–194IPv4

CIDR format, 8IPv4 network portion, 8IPv4 subnet mask, 8prefix, 8

IPv6IP protocol, 6ISP, 6vendors, 6

IPv6 addressing128 bits long, 73.4×1038 address, 7IP configuration

DNS server, 9multiple address, 9public address, 9 temporary address, 9

tentative addressaddress labled tentative, 9verification process, 9

IPv6 architecture, 7–10IPv6 notation

16-bit numbers, 7double colon (::), 7hex digits, 7leading zeros, 7

IPv6 address typesmulticast addresses, 8

234 Index Index

unicast addressesglobal addresses, 8link-local addresses, 8regular address, 8site-local addresses, 8unique local addresses, 8

IPv6 special addresseslink-local addresses

DHCP autoconfiguration service, 9

internal protocol functions, 9 routable IP address, 9single network segment or

subnet, 9stateless address auto-

configuration process, 9loopback address

localhost, address, 8unique local addresses

internal networks, 9ISP. See Internet Service Provider

KKernel trace settings, 179

LLAN. See Local area networkLAN

proxy server settings, 161LDAP signing screen, 209Local Area Network (LAN), 61, 104,

161–162, 177, 191, 226Local devices and resources

local resource usageclipboard, 103drive, 103ports, 103printers, 103smart cards, 103, 105

Local security policyaccount policies, 187IPSec policies, 187local policies

audit policy, 188security option, 188

IP security policies, 187, 193–196Loose XAML

content rendering, 138

MMalware try, 219Media devices

password configuration, 74Media sharing

file sharing connections40-bit encrption, 7956-bit encrpytion, 79128-bit encrption, 79

Media streamingoptions window, 79, 81

Microsoft Baseline Security Analyzer

command-line, 229GUI interface, 229vulnerability assessment, 229

Microsoft security compliance manager

desired configuration management, 229

guide recommendations, 229Microsoft website, 229

Microsoft Windowsapplications and

services, 184–185Microsoft node, 184–185

NNAP. See Network Access ProtectionNAP

drop client packet, 25restricted access, 25

Navigate windows, 144.NET Framework

Loose XAML—disable, 146reliant components

components with manifests, 139

XAML browser applications— disable, 146

XPS documents—enable, 146Networking, 1, 227–228Network access

client-server, 45resource sharing, 45secure resource, 45

Network Access Protection (NAP), 24–25, 70, 114, 118, 184, 200, 226

Network configuration, 45Network discovery

DNS client, 46function discovery resource

publication, 46SSDP discovery, 46UPnP DeviceHost Service, 46

Network flooding, 176Network infrastructure, 11Networking features, 1Networking functionality, 1Network list manager policies

all networks, 192unidentified networks, 192

Network locationdomain administrator, 46–47home network

homegroup option, 46trusted network option, 46

network settingspre-list of settings, 46

public networkuntrusted network, 46

work networkworkplace, 46

Network managementDHCP server, 228DHCP server role, 228DNS reverse lookup zone, 228

Network monitorMicrosoft web site, 185network capture and analysis, 185network interface, 185network traffic filtering, 185parsing options, 185

Network namename section, 192–193user permission section,

192–193Network not broadcasting name

malicius users, 47SSID, 47

Network Policy and Access Services (NPAS), 114–121

Network Policy Server (NPS), 25, 114, 118–121

Network profilesdomain networks

active directory domain, 49guest or public networks, 49private networks

home network, 49private profile, 75–76workgroupmode, 49work network, 49

Windows Firewall configuration, 49Network profile information

active<profile type> network, 50incoming connections

block all connections, 50

235Index

block all connections including apps, 50

notification state, 51status information, 50–51Windows Firewall state, 50

Network properties windowsnetwork icon, 193network location, 193–194network name, 192–193

NPASdeploy RADIUS, 114installation and configuration

authentication requirements screen, 114–118

certification authority screen, 114, 117

confirmation screen, 118–119health registration authority

role service, 114, 117information screen, 114, 116results screen, 118role, 114–115role services screen, 114, 116server authentication screen,

118–119server roles screen, 114–115

NPSconfiguration wizard, 118, 120

RADIUS server for 802.1X Wire-less /Wired Connections, 118

RADIUS server for Dial-up/VPN Connections, 118

NPAS. See Network policy and access services

NPS. See Network Policy ServerNetwork security

networking monitoring, 167trouble-shooting, 167

NULL session, 189

OOutbound authentication methods,

212– 213Outbound rules, 62–63

PPacket Internet groper utility, 220Password protection sharing, 80Performance counter, 178, 180Peformance monitor, 178, 181Ping. See Packet Internet groper

utility

PKU2U, 189Pop-up Blocker

notifications and blocking level, 158

PortQryPortQRYUI, 228port scanner, 228

Post-install configuration, 18, 16, 23Powershell

combination command-line shell and scripting language, 6

COM management component, 6hosting API, 6Power management language, 6Powershell functions, 6Powershell scripts, 6Standalone executables, 6Windows management

consoles, 6Windows system, 6WMI management components, 6

Powershell commandsconfigure a static IP address, 227list IP Addresses, 227management commands

to authorize a DHCP server, 228

create a DNS reverse lookup zone, 228

install DHCP Server role, 228perform an install using an

exported configuration, 228NetAdapter, 227NetTCPIP

TCP/IP protocol, 227Powershell module, 227set DNS address, 228show network adapter

information, 227Windows system management,

227Privacy

tracking information, 155Programs

local security policy, 105performance

persistent bitmap caching, 104reconnect if the connection is

dropped, 104programs tab, 103server authentication, 105start a program

file name, 104

program path, 104section, 104

Protected modesecurity zones back to default

levels, 138Proxy server, 12, 22PTR records, 24

QQuality of service, 200QOS. See Quality of service

RRegistry settings, 212Remote audio, 102–103Remote access

VPN settingsrouting and remote access

console, 112–113Remote access role

directaccessapplication servers, 112configuration node, 112–113infrastructure server, 112remote access management

console, 112–113remote access server, 112remote client, 112reporting node, 112

installation and configurationapplying settings

window, 112configure remote access,

109–110confirmation screen, 109–110getting started wizard, 109, 111overview screen, 107–108results screen, 109server manager notifications

area, 109server role screen, 107services screen, 109window, 107–108

VPNpacket filtering, 112–113PKI, 112–113remote access console,

112–113RRAS VPN, 107, 109secure authentication

method, 112–113RRAS routing, 107

RD. See Remote DesktopRemote access VPN, 112–113Remote assistance

advanced buttonsettings window, 93–94

configure, 93invitations, 93remote tab, 93section, 93system Properties window, 93Windows Vista, 93

Remote Desktop (RD), 92–107Remote desktop connection client

GUI, 100connection properties, 101mstsc command, 100

Remote Desktop Gateway Role Service

installation and initial configurationconfirmation screen, 97–98feature screen, 97results screen, 97role feature, 97–98

remoteapp program, 97secure remote access, 97session-based desktops, 97virtual desktops, 97

Remote desktop servicesconnections, 93–94local administrators group, 94network level

authentication, 93–94remote desktop

functionality, 93–94Windows 8

remote assistance, 93Remote desktop services role

Web accessremote session desktop, 99session collection, 99start menu, 99web browser, 99

Windows Server 2012connection broker, 94features screen, 94gateway, 94, 97–99information

screen, 94–95installation and configuration,

94, 99licensing, 94remoteapp program, 94, 99

security-related configuration, 94

server roles screen , 94–95session-based desktop, 94session host, 94virtual desktop, 94virtualization host, 94

Remote system accesscomputer room, 89data center, 89

Render legacy filters, 125Reserved IP address

DHCP reservationDHCP scope, 21–22

firewall entries, 20IPv4

IP address, 21MAC address, 21reservation name, 21

IPv6DUID, 21IAIA, 21IPv6 address, 21reservation, 21

MAC address, 20–21physical security

network entry point, 22password protection, 22

static IP address, 20Resource monitor

overview tabCPU, 175–176disk, 175–176general overview, 175–176memory, 175–176network, 175–176

troubleshooting, 173–175performance monitor

configuration information setting, 178

data, 179, 181event trace data, 178log statistics, 178performance counter, 178real time statistics, 178

performance tabfiles window, 173–175listening ports, 178network activity,

process, 177resmon.exe, 173–175run window, 173–175search programs, 173–175

suspicious activity, tracking, 173–175

Resource monitor network tabconnection information, 177filtering option, 178four section

listening ports, 177–178network activity, 177–178processes with network

activity, 177–178TCP connection, 177–178

local LAN usage, 177network activity, 177network usage information, 177number of TCP connections, 177port information, 177wireless network usage, 177

Report unsafe website, 130–131Rogue DHCP server

denial of service attack, 22domain-based

administrators, 22Role-based service, 204

SS4U2Self, 189Safety features, 125Scripting

active scripting, 145Secure Cache Against

Pollution, 34name server record, 34

Securitythe Internet zone, 137local intranet zone, 137restricted sites, 137trusted sites, 137

Security configuration wizardadditional services screen,

206, 208administration and other options

screen, 206–207apply security policy screen,

216, 218audit policy sections, 214audit policy summary screen,

212, 215completing screen, 216, 218configuration action

screen, 203configuration database

screen, 204

236 Index Index

Oriyano

237

confirm service changes screen, 206, 209

domain accounts, 212–213include security templates button

window, 216–217LDAP Signing screen, 209, 212network security rules screen,

209–210network security section, 209–210outbound authentication

methods screen, 212registry settings section, 209, 211registry settings summary screen,

212, 214role-based service configuration

wizard, 204–205save security policy

section, 216security configuration wizard,

204–205select client features screen,

205, 207security policy file name, 216–217select server screen, 202–203select server roles screen, 204, 206SMB security signatures screen,

209, 211system audit policy screen,

212, 215unspecified services screen,

206, 208welcome screen, 202

Security optionsconfigured, 189–192domain member, 189Microsoft network client, 189network access, 189network security, 190incoming traffic, 191PKU2U authentication, 191registry key, 189–192sign secure channel data

secure channel traffic, 189Security types, 47, 49

802.1x authentication, 48open authentication, 47WPA2, 48WPA authentication

preshared key, 48WiFi protected access, 48

WPA-Enterprisecentral authentication

server, 48Server authentication, 105Server manager

add roles and featureadd roles and features wizard,

2–4before you begin screen, 2installation type screen, 3–4role-based or feature-based

installation, 3, 5server manager dashboard,

2–3VDI (Virtual Disk

Infrastructure), 3config export

installation configuration, 4install-WindowsFeature-

ConfigurationPathFile <exportedconfig.xml>, 4

multiple servers, 4Powershell, 4XML file, 4

dashboardBPA results, 2events, 2manageability, 2performance, 2

local serverbest practices analyzer

information, 2section, 2–3

managemanage menu-6

notificationsalert messages, 4–6section, 5

server selection screen, 4–5server pool, 4VHD, 4

Server manager consolemonitoring, 1performance, 1services, 1

Server roles, 202–209Server-to-server connection rule

advanced certificate criteria properties window, 70–71, 73

advanced optioncustom authentication

method, 70authentication method

computer certificate, 70

custom method, 70screen, 70

connection security rules, 68customize button

add first authentication method window as seen, 70, 72

customize advanced authen-tication methods screen, 70–71

endpoints screen, 68–69health certificate, 70new connection security rule

wizard, 68profile screen, 71, 73requirements screen, 68–69rule type screen, 68

SMB security signatures, 209Start of authority (SOA)

master of recordowns the records for the

zone, 35Stateless address autoconfiguration

IPv6 compliant router, 9–10Straightforward process, 202Subtle malicious activity

loggingdebug logging, 37event logging, 37

monitoringprovide real-time information,

37–38

TTask manager

Windows 8, 167Windows 2012, 167

Task manager seven tabsApp history, 172Performance tab, 169–171, 175processes, 168services, 173startup, 172–173users, 173

TELNETclient component

command prompt, 91escape character, 91NTLM authentication, 91– 92only password

authentication, 91programs and features, 91–92

Index

Oriyano

238 Index Index

security considerations, 92Telnet Client prompt, 91–92TELNET ENVIRON, 92Telnet session switch, 91Windows Server 2012, 90

security considerationsTelnet traffic, 92

server componentconfiguring, 90–91host system, 90installings, 90–91Windows 8, 90

Tlntadmn command, 90–91Temporal key integrity protocol

(TKIP), 48TKIP. See Temporal key integrity

protocolTools

local security policy, 6performance monitor, 6, 167task manager, 167tools menu

entries, 6Tracking protection, 127–128Turn off smartscreen filter, 130Two versions of Internet Explorer

classic version, 123–124new Windows Store app version,

123–124

UUI, 1Uniform resource locator, 201User authentication

anonymous logon, 146automatic logon only in Intranet

zone, 146automatic logon with current

username and password, 146prompt for username and

password, 146User configuration policies

administrative templatesnetwork, 201system, 201Windows Components, 200

Windows settingsdifferentiated services code

point, 201policy-based QoS, 201

User rights assignmentpolicies control

access this computer from the

network, 188add workstations to the

domain, 188allow log on through Remote

Desktop Services, 188deny access to this computer

from the network, 188deny log on through Remote

Desktop Services, 188force shutdown from a remote

system, 189generate security audit, 189

Use smartscreen filter, 145

VVHD. See virtual hard diskVirtual hard disk, 4View objects button, 134

WWebpage privacy policy, 128WEP. See wired equivalent privacyWiFi Protected Access (WPA), 48Windows, 185Windows 1, 8, 167, 189, 220, 228Windows Firewall

Protects network connections, 49Protects systems Internet

connections, 49Windows Firewall configuration

advanced settings, 53–64change notification settings, 52restore defaults

restore defaults button, 53–54trouble shooting my network, 51turn Windows Firewall

on-off, 53Windows Firewall rule properties

advancedadvanced tab, 61, 64allow the connection, 55–56allow the connection if it is

secure, 55–56edge travesal, 61interface type, 61profile, 61

general tab, 55–56local principles

local user, 61–62tab, 61–62

programs and servicescustom application package

settings, 58–59

custom service setting, 58–59tab, 57–58

protocol and portsICMP protocol, 60, 62local port, 60remote port, 60tab, 60–61

remote computer tab, 58–60computer specific

condition, 58remote users

tab, 58, 66scope

IP address, 60subnet address, 60tab, 60, 63

Windows Internet Name Service (WINS), 37–44

Windows Logsdate and time, 183event ID, 183five logs

application, 183forwarded events, 184security, 183–184setup, 184system, 184

levellogging level of event, 182

keywordsaudit failure, 183audit success, 183security log, 183

sourcetask category, 183

Windows 8 resource sharinghomegroup

homegroup screen, 74–75home network, 74PC settings, 74secure password, 74

libraries and devicesdocuments, 74music, 74pictures, 74printers and devices, 74read only acess, 74videos, 74

Windows Server 2012anycast.addresses, 8DHCP name protection

non-windows systems, 25multicast addresses

Oriyano

239Index

broadcast addresses, 8FF0, 8FF1, 8one-to-many connection, 8routers, 8

operating system, 1Powershell, 1resource sharing

confirmation screen, 82, 86file and storage service, 80–81management properties screen,

82, 85new share wizard, 80, 82–86other setting screen, 82, 84permission screen, 82, 84profile screen, 80result screen, 82, 86server manager, 1, 80share location screen, 82–83share name screen, 82–83quota screen, 82, 85

WINS. See Windows Internet Name Service

WINSadditional feature installation

add feature, 39

confirmation screen, 39feature screen, 40result screen, 35

burst handlingDOS attack, 42registration requests, 42

database verification, 42initial configuration, 38–39malicious hosts, 38mapping Windows NetBIOS

names, 38NetBIOS, 39protection, 39server database verification, 40server logging

Windows event logging, 42WINS replication

consistency, 44fault tolerance, 44integrity, 44replication partner node, 44replication types

pull replication, 44push replication, 44

Wired Equivalent Privacy (WEP), 48Wireless encryption

AES256-bit keys, 48fedral government, 48FIPS complaint

environment, 48data transmission, 48TKIP, 48WEP

encrption method, 48Wireless properties

active inbound firewall rule, 64wireless connection, 47

Wireless securityconfiguring wireless

network, 47secure wireless network, 47

WPA. See WiFi Protected Access

XXAML browser applications, 138

ZZone transfer, 36


Documents

Windows 2012 Server Network Security - Bitpipedocs.media.bitpipe.com/io_10x/io_102267/item_757397/Windows 2012... · CHAPTER 2 Network Infrastructure ... Windows Server 2012 Resource