Time
10 hours 41 minutes
Difficulty
Beginner
CEU/CPE
12

Video Transcription

00:05
http and https. These are all very well known are common ways of surfing the Internet
00:13
stands for hypertext transfer protocol. Our basic, http, which is your regular Web browsing, goes on. Report. 80.
00:20
TCP
00:25
Ridge recreated a scaled down version of FTP to support exchange of HTML files cause all Web page come down to a text based
00:34
file
00:36
that the Web that the your browser translates. So what's actually being transferred over the wire is
00:42
file of text that's turned into
00:46
what you see in the Web browser.
00:49
It's that runs a report. 80
00:53
Https
00:55
is secure Web browsing. It's over SSL or a T. L s
00:59
uses Port 443
01:00
This is typically what you'd see when you're accessing a bank
01:06
to make sure your dad is encrypted.
01:07
More, more sites, even non banking sites, even just for basic Loggins or even for search engines. Now they enable https.
01:21
Now, when I say encryption, that's only encrypting it between
01:25
your Web browser in the Web server
01:29
at the other end. So it doesn't guarantee that the data is encrypted.
01:34
Once it gets you download something, it's no longer encrypted from the Web. It's just got encrypted over the transfer. Someone else is already looking at stuff on your computer. They be able to see it. It's not.
01:45
It's just encrypting the information being sent over the Internet between those two servers.
01:49
Certificates? Yes, yes, it uses certificates
01:57
and usually their automatic. Or do you have to configure Intel so you don't have to do a certificate on your end?
02:02
The several have any trusted certificate,
02:06
so there'll be a certificate.
02:08
So there's major providers that issue trusted certificates. And then your browser maintains a list of certificates that are known to be trusted. And they're from recognized sources such as very sign.
02:21
And so a individual hosting something like a bank and a certificate. The name of the Pacific is linked to the name of the website.
02:29
So when you're that Web page, we'll check the certificate for that Web page and make sure the name matches and they'll check where that certificate was issued from. It has issued by one of the trusted sources
02:39
that are maintained by your browser.
02:43
On there.
02:45
There's, ah, number of known trusted ones like Very Sign
02:49
and Go Daddy. They issued certificate. They're known to be trusted across the Internet,
02:53
so But to get that certificate from Verizon ago, Daddy, the company that's running the server has to go prove they're who they are usually through some kind of validation process by doing paperwork, having a lawyer and then say this is the name. I'm gonna use it for
03:09
the company. Like Verizon or go. Daddy will issue that certificate with the name, innit? Well, generator should have kit that has that common name in it. The website address
03:20
and they'll use it on their server. So then when you go from your web browser, you're gonna go there and your brother's gonna do that work for you. It's gonna check what's called a certificate relocation list
03:29
to see if it's a bad certificate or not.
03:30
And if it's not that, it's gonna say, Okay, good. Now if you if it doesn't match where it's hosting a certificate. But
03:38
it's been, uh,
03:40
revoked, which means it could have expired. Or the very signer go, Daddy. One of them has revoked it because they've been doing bad stuff. Your brows will give you an heir
03:50
until you are. You sure you really want to go to this site because it looks like it's bad now. This could also happen if someone is trying to impersonate your bank site
03:59
and they're hosting a bad certificate because they don't They're not the real person. They didn't get it from very sign. They're spoofing the address. That would also be a reason you could get an error saying, Hey,
04:09
the names don't match the name of the address you're going to in the name. That's no certificate.
04:14
Not good, Yes, 07 certificates play a very big part,
04:19
so there's different levels of shift it like I have.
04:23
I host my own Web mail server. Not going to say the address,
04:29
but
04:30
but to do that, I want to. I had to run over https. I want to run my mail securely. So I had to go to go Daddy and buy a certificate
04:36
and go through a validation process through their Web page. And then they issued me a certificate for that name.
04:42
Now, if I ever tried to access my
04:44
my mail server through another name than the one that's on the certificate, I'm going to get air.
04:48
A lot of lot of programs will. It'll give you a warning, saying Hey,
04:53
this this isn't good.
04:57
And most browsers you'll know if it's a secure site because they'll be a little
05:00
usually little padlock or something similar right next to the address bar and the address. Also say H T T P s in front of the
05:09
from the address. Most of times you can click on that little
05:14
that little lock that padlock and open up a window that I'll show you the details of the certificate secrecy
05:19
who it was issued to. There might be a point of contact of the company. Either point of contacts. Phone number. I'll tell you, when the certificate expires,
05:27
it will give you all the details where the where the company's located. Well, should have an address in there. Also.
05:35
Good question. Thank you.
05:38
That answer your question. Yeah.
05:42
So already peas remote. Just talk protocol Runs a report 3389
05:47
This is kind of Microsoft replacement to tell Amara state solution, since they don't do till now as stage natively,
05:57
it's a way to do, since
05:59
Windows has always been a graphical base, it didn't start off at a command line based like UNIX and Lennox did.
06:04
We need to be if we want remotely manage. Windows machines do a lot of the task. We need to be able to still have
06:11
a Windows interface. So they came up with our DP. The client comes with most
06:15
comes with Windows X, P and on,
06:18
and they all can run Rdp as a server also, so
06:23
you usually have to enable the already P. If you want to allow someone remote desktop into your host,
06:28
you have to enable it. That could be enabled through the my computer
06:30
options.
06:35
So this became very useful for a room for advanced access servers. They could log into the server and what they get a window would come up and it would show this the same desktop like you'd have from your local machine. But I'd be the desktop of the remote machine.
06:51
And then I T administrators could also remotely access
06:56
customer PCs to do troubleshooting using the same technology.
07:00
So already P is installed by default as a server and a client,
07:05
but it's not enabled as a server unless you
07:09
by default, you have to go consciously turned on, and you got to say who's allowed to access it
07:14
and you can restrict it further down to certain eyepiece and users
07:19
Key things to do If you ever go to turn on
07:21
remote desktop on your computer that you want to remotely access is make sure that 3389 is open on the firewall for the host,
07:34
and you should always make sure it's not my default encrypted. Make sure you turn on encryption
07:44
and they've developed other clients for um, so there's clients for Mac clinics and Android
07:50
and IOS devices to be out. Oh yeah, I guess I always devices fall under Mac, but your eye, your iPods and your iPhones. There's clients out there to access Windows machines remotely.
08:05
That's right, Pee Boy Sorry P is allowing you to do regular type phone calls over an Ethernet network and said the traditional phone lines
08:13
it uses the real time transport protocol
08:20
defines type of packets to move voice and data. This important for quality of service, saying we want voice and data service is to take priority over other service is
08:30
on the networks of the If the network should get congested,
08:33
we want to save voice and data take well. It's a voice data had takes precedence over data because
08:39
we want the voice to be clean on a phone call.
08:48
So session initiation protocol it h 0.3 to 3. They were on top of the real time transfer protocol.
08:56
They handle the initiation seven delivery of voice of right P,
09:03
and we also have real time streaming protocol. Another way of doing voice over i P, which runs on top of our teepee on port 554
09:18
d h E p. Another important protocol that almost every network has to have.
09:26
So we can define our I p address on a computer on the network. Two ways. We can either go into the computer setting and manually set
09:35
the I P address.
09:37
Or we can use
09:39
what's called the A C P or dynamic host configuration protocol.
09:43
This provides a server that will delegate I p addresses to your clients so you can figure client to look for GHT. P doesn't need to know the address of service could be a CPS of broadcast service.
09:54
Just look for anyone broadcasting D a c P requests.
09:58
Was it find it will go ahead. You know, I'm I need I P address.
10:03
So it's a four step process.
10:05
So important. 67 U T P.
10:07
The client. The computer that needs an i p a. Dressing to go out and say, Hey, I need I need I P address and then a server will offer it. You should only have one, because if you have multiple servers doing th e p, you're gonna have conflicts.
10:22
So the 1st 1 that answers and there's only one per network
10:26
uh, we'll say, Hey, here's an I P address and on the server itself will define what I P addresses are for that network.
10:37
It does more than just the i p address. It does everything else that's needed to set up a computer,
10:43
such as also set your default gateway and also set your D. N s.
10:52
So when you get a I P address from the D. A. C P server,
10:58
you'll have what's called a lease. And that's how long that I P address is valid. For
11:05
now, when you disconnect, it doesn't automatically release that one away to the lease
11:09
is up, so you'll see this issue a lot in hotels and other common areas that use public WiFi.
11:16
So you connect to the public WiFi and you get you get a d h d P address. So they say, Okay, here's the I p. Address, and I'm gonna figure a network of
11:26
Let me do that for you automatically, and you're on it for maybe 10 minutes or
11:31
15 minutes, and then you disconnect well, that p addresses still assigned to you and assigned to you by your Mac address.
11:37
So if I only have X number I p addresses available on the D. C. P server
11:43
and I've had say I have 200 dresses available. I've had 200 people connect for just 10 minutes, but my d C P lease is for a day.
11:52
Well, even though all of people may not be connected anymore, I come in his user number,
11:58
uh, 201.
12:00
I'm not gonna get an address because there's no address available, even though they're not being used there, still reserved to someone.
12:07
So if you're in a high traffic environment where you have a high turnover of user's, gonna make sure you have a really short D. C. P lease
12:13
said that dress will get released back to the pool of I P addresses so that other people can use it.
12:20
You may also see this in the hotel environment. We're also after 24 hours you have to re log into there
12:26
website. That's because they'll take away your D h e P address. Enforce your reconnect in Rio Rio. Authenticate.
12:39
So the day she pees maintain on Central Server.
12:43
We knew we could do different kinds of allocations so we could do dynamic allocations.
12:48
We just say, here's a big set,
12:50
um, of I p addresses.
12:52
They're good for a day. First come, first serve,
12:56
we could do the automatic where we keep a list of past assignments.
13:01
So there are magically re used up for the same hosts.
13:05
Uh, static
13:07
is where we say, Okay, we're gonna gonna work. That's not the spear allocation. So we're gonna set our settings ourselves
13:15
on. Reservations are important. So when we do a d c. P address, we use a Mac address. That's how it knows. That's how it knows who you are. So say, anytime this Mac address connects the network and goes looks for I p, it's gonna get this
13:28
this i p and that's how we started our format. So we can make reservations, which is kind of the other side of static. Instead of going statically assigning a
13:37
addressed the each PC by physically going to that PC, we can use D g p to make sure it still gets the same address every time. So what we do is on the D. C. P server will make a reservation like a hotel reservation. We say
13:50
every time,
13:52
indefinitely. Every time this Mac address connects the network,
13:56
give it the same I p address.
14:01
Now that would most kindly be done if you have
14:03
workstations that need specific kind of access is that you set custom rules for so we have
14:09
We have one workstation that's always gonna have toe be able to reach a certain be able to go out to a certain website that we have blocked
14:16
so we can identify that work station by its i p address. But
14:20
if the lease runs up and it happens to get a different I p address, then we need to reset our rule
14:26
on the firewall seo or on our proxy, whoever's doing the filtering for our website, uh, web, uh, traffic. We don't know what the I p address anymore. But if we assign a static one through D c. P, I always keep that same i p address,
14:39
but we don't ever have to go to that machine and set it so
14:43
we could reform at the machine.
14:45
As long as we don't change out the neck next time it gets to the H P address, it's still going to get
14:50
It's gonna get that same, uh, I P
14:52
because the Mac
14:54
did you ever have to renew our release?
14:58
Ah,
15:00
yeah,
15:01
from the client from the host
15:03
in the house
15:05
manually. Do it. If there's an issue I don't know. So you can't force
15:11
a renew release on a client request. So you can You can feel like a few assigned reservation
15:18
for a host
15:20
if you assigned a reservation for a client and you said Okay, I want this Mac address to always have this I p but not the i p. It currently has.
15:28
Ah, you could expire. It's old one.
15:31
Or you could just have them do release renewing the client, reboot it. But the best way to get them to get a new I p address this to you can force their current lease to expire
15:41
on the server, so usually is in Windows. You have a list of all the I P address and the Mac address. Is that what? For the assignments So you can go If you expire it,
15:52
then they're gonna have to force to check for a new
15:56
I P address from the server.
15:58
Now, it doesn't constantly pull the D h E p server. So if you want to happen right away, you're gonna wanna either do a DCP release renew
16:07
on the client,
16:08
or the best way to do is call the client up until on the client machine.
16:12
Physically reboot that box. Next time it comes up, it's gonna check for its I p
16:19
runners.
16:22
Yeah,
16:25
good restart. Yeah, show That's the best way to make sure it's that restart is to restart it.
16:33
Yeah, so sometimes even renew the release renew sometimes. Sometimes it just for whatever reason, x wonky. You want to really make sure that
16:42
the client machine
16:45
gets whatever new assignments you made, have it have a reboot.
16:51
So the other nice thing about DCP is it helps avoid conflicts because the i p the d. A. C p sir is gonna maintain the list of I P addresses and will ensure that you don't have a conflict. We have the same. I pee on two machines.
17:03
So if you want to go change things around, you have to go to each individual machine and change the P. You don't have to track it yourself. The HDP service gonna do all that for you.
17:11
That's a lot easier.
17:15
Most home rodders have the A C. P built into it and realize that most people don't even realize
17:22
that they have to set that. That's possible to set night p address manually because everything now does everything through d A, c, p, even even our phone. When you connect the phone through, I find in your home your cell phone. It's gonna DTP address from your home router.
17:36
Andi have built in D C P servers.
17:38
If you had to de a C P service on the same network,
17:44
it's gonna be whoever responds faster to your request for a *** CPI so you could start getting split
17:48
entries, and if one's not serving the same, it's
17:52
it's just not a good idea.
18:00
So if we have a DCP server serving multiple networks. We can define them into scopes.
18:07
So a scope could be this range of I P addresses
18:11
are going to get, uh you know, so we'll say for our server in the scope, we're gonna say
18:17
this is the range of I P addresses we're gonna give out. We're not going about the whole subjects when I have a section that we'd still have statics
18:22
Because if you have sections that are static, if you have peace or a stack, you want those excluded
18:27
fromthe scope. But the scope defines the area of I P addresses that you're going to sign
18:33
to the A C P clients. It also is where you set the options that you're gonna send to your DCP client or in the scope.
18:44
Well, you can set like your Dina server, your gateway I p. The least time
18:48
I was awful to be set in scope.
18:55
Yes, So I want harp on that again. The static i P. So if you have any static, I p ease
19:00
inside your network. You want to define your scopes to be
19:07
outside of those eyepiece cause you don't wantto your DCP servers not going no static I p unless you tell it.
19:14
So if you if you have a static i p in the middle of a range, you signed that whole range,
19:18
it will try to give out the I p unless you tell it not to.
19:33
So what happens when the A C P fail? So if it cannot find well with Microsoft clients, if it cannot find a C P server, you don't give it a stack address.
19:42
It does what's called automatic private address provisioning, and so it gives it a self an I P. Address the range of 1 69 to 54. Extra extra extra acts could be any number between one and 2 54
19:56
so it gives it some kind of private I p address
20:00
with no Gateway or Dina serve provided.
20:07
That's a good way to tell
20:10
if your DCP is not working on a client when you're touching your client. If you see the 1 69 I've seen that before. If you're looking at your I P address when you're troubleshooting client, you see you have 1 59 or if you're at a hotel and you're trying to get on and you get 1 69 That that's a sign that something wrong. That's one way to tell if the hotel is
20:27
if they're having problems with their DCP were all they released? Their full. Like I mentioned
20:30
because you're getting 1 69 You're not getting a valid address.
20:37
You caught on front desk there, huh?
20:40
Yeah. Yeah,
20:41
That's really more like. Can you tell me where your router is? I can reboot it for you, Or can you pull the plug and play it back in? So I reset everything.

Up Next