1 ISM sample Assignment2 Contents Introduction..................................................................................................................................... 3 TASK 1 ........................................................................................................................................... 4 1.1 Account naming convention for Reading Room .................................................................. 4 1.2: Demonstrate how to implement domain user accounts in accordance with plan ................ 9 1.3 Password change policy...................................................................................................... 12 1.4 Applying terminal restriction.............................................................................................. 15 1.5 Structure of global, universal and domain local groups ..................................................... 19 1.6 Creating group policy and applying it to users ................................................................. 21 TASK 2 ......................................................................................................................................... 42 2.1 Architectural design of the Reading Room network........................................................... 42 2.2 Relate various hardware, protocols to the various layers of the OSI model....................... 43 2.3 Network types, topologies and network operating systems................................................ 47 2.4 Diagnosing/troubleshooting network connectivity issues .................................................. 49 2.5 IP addressing....................................................................................................................... 53 TASK 3 ......................................................................................................................................... 57 3.1 Discuss the need for DFS in Reading Room. ..................................................................... 57 3.2: write a report on the suggested usage of DFS for a specific installation........................... 61 3.3 The need for security certificate in Reading Room ............................................................ 65 3.4: Installation and issuing of Certificate Authority................................................................ 65 TASK 4 ......................................................................................................................................... 75 4.1 Installing IIS........................................................................................................................ 75 4.2: Connecting with remotely with website ............................................................................ 79 4.3 Installing and configuring NAT or ICS .............................................................................. 80 Conclusion .................................................................................................................................... 823 References..................................................................................................................................... 82 Introduction Here we need to create a multiple number of accounts and then we need to create a password in order to protect the networking place from the most of the threads which all required in order to security from the most of the threads. Where there will be separate domain for a network which we need to maintain the different number of users in the entire domain network If your service needs local administrative freedoms, run under the Local System explanation. For processes that require domain administrative rights, perform them by imitating the security setting of a client application. According to the wireless network concept of network there is a limited space to every devices for to transmit the wireless signals, so we need to deliver the signals to the all the users and network uses of the organization needs. Again this wireless signals dependency is depending on the capacity of the devices which are using for the development of this wireless network. Because when goes to the outdoor wireless signals transfer there might be difference in all of the network diagrams for to transfer the network signals to every corner of the usage.4 TASK 1 1. ADMINISTRATIVE TASKS TO MANAGE NETWORK USERS AND RESOURCES 1.1 Account naming convention for Reading Room For user account names it is recommended that the account name should be unique for every domain user under the same domain in Reading Room. For identical names the account name must be different. Reading Room domain name is readingroom.com and there are 15 users in reading room domain. Account naming convention means from when converting of name from the one domain to another domain in the network which will help for the security. When we are having the multiple numbers of users in the network we must require of the name conversion from the network in order to protect the data which is related to all the users in the network and most of the users having their secured data in their most of the places. So, we need to protect the data by using the naming conversion in the entire network. How to create users Firstfor click on start and admintrator tools. Right click on the domain name and select user Then fill in the user details and click on Next5 On the Next page, give password to the user and click Next Now the user has been created and click Finish6 On this page, all the 15 users are created7 For user group names it is recommended that group name should be unique also. 5 user groups are created. Administrator Account Finance Flash Designer Marketing Now I am creating the group where 3 users will be added to each group Right click on the domain name and select New and group Now on this page, write the name of the group and give the Group Scope and click OK89 Now on this screenshot, all the 15 Users’names and 5 Groups are listed For computers under the domain will have the following naming convention - xxx-xxxxx (for example rdr-fdk01, where rdr means reading room, fdk means front desk, 1 is the serial number). 1.2: Demonstrate how to implement domain user accounts in accordance with plan There are three domain user accounts as we shown in the below names: Predefined User and group accounts connected with the operating system. Built-In User and group accounts connected with the operating system, applications, and services.10 Implicit Special groups created implicitly when retrieving network resources; also identified as special identities. We can see in the below diagrams about the domain user accounts like how to create and then how to change the password when we required: There will be like different type of accounts which will be helpful for reorganization of accounts which all related to the different type of accounts in the network. There are different types of the domains in the network which relates to the different type of users with in the same network. Whenever any user is going to access the network which is related to one network related information then they can access from the other domain as well but there should be some limitation related to the network related information access restriction. As we can see in the above picture there two users which all related to the different type of domain and then they are trying to access the related information. When this case happens then the data should be in a form of some specific.11 There is a case as we can see in the above diagram about the user trying to access the information from the domain controller which is related to the users required information they can access the data with some restriction. Below are the major benefits which are related to the user’s access, those are as listed below: Provide the access to the network resources. Provide the access token for authentication. Are created in the active directory access services on a domain controller. As we can show in the above those are the benefits for the domain specific users’ access related to the network access related data. 1.2 Implementing log on hours Log on hours can be implemented for every user. For this go Start Menu > Administrative Tools > Active Directory Users and Computers. Now select the user (for example Adam) and go to properties. Click on account. Now click logon hours. Log on hours12 1.3 Password change policy A secured password policy can secured the system also. Several password policies are applied for the users in the domain. By default there is a password policy for every domain. But for readingroom.com domain the following password polices are proposed – Minimum/maximum age – The maximum age for each password will be 15 days. After 15 days the passwords will expire for all the users. The minimum age of the password will be 1 day. On this page, define the password settings by how long the password can be changed13 Password length – The password length for the reading room user must be minimum 8 characters. Complexity requirements - All the passwords must meet the complexity requirements.14 Password complexity Account lockout duration – Account lockout duration will be 30 minutes. After 5 unsuccessful login attempt the account will be locked.15 Account lockout duration 1.4 Applying terminal restriction Remote desktop services in windows server 2008 has changed from terminal services. Application access always runs in one direction. The majority progression to get management is to presume that all users of the terminal server have permission to get all the applications on the server. The limited applications have access through a particular application security groups. Because windows is set up to default actions, the implementation habitually used the application installed on windows terminal server will also be available by default to all the users, cannot be able to get all except some different file system level. Account management system has to install on a terminal server a system to enable users to open the application and attain to logon easily with the legitimate user ID and password. The benefit is that the users cannot automatically do new applications onto the server. This mechanism helps to protect against crooked applications sent by e-mail or download16 On the Next screenshots, tick Smart cards and then OK17 For showing a special and original demonstration for Terminal Server screen, first for, you have to make sure that The Allow Connections only from Computers is ticked. When altering this set up on the server, you have to make sure that the client connections are linked to the Terminal Server with the fresh extension port labeled on the server IP address.18 In this screenshot, Easy Print and Limiting Redirected Printers. When the local attached devices at the workstation level have been configured, make sure redirect only that printer to the Terminal Server which uses it. Now, you can limit Users Account. It is unusual for a user to work in the vicinity with certain application and get contact to the Terminal Server and be able to right to use other applications. And you can configure additional security with the Group Policy. 1. Limit Terminal Services Users to go a Single Remote Session 2. Do not Permit Drive Redirection 3. Apply Limit for detached Sessions 4. Disable Microsoft Windows Installer19 1.5 Structure of global, universal and domain local groups Building good composition of global, universal and domain local groups is very important for readingroom.com domain. For each of the resources that are used it is a general rule to avoid assigning of permissions to any individual. In its place, allocate permissions to users of groups. For long term basis this is quite time saving and helps in making troubleshooting permission much simpler. However the types of group that can be used for assigning permission generally depend on the user account which is located in Active Directory of that domain. For any domain account the choice of groups depend on functional level of that domain. In general cases the account that are located in a single computer workgroup, so the system administrator will simply locate the account into any Local group which exists only in the computer thereby giving local permissions for any of the resources. In this process the account gains all permission by serving as a member of any of the local groups. This can be easily remembered with letter sequence A L O that translates into “Account that goes into Local Groups as well as the getting Permissions.” (techtarget.com, 2004). However it is more complicated to assign permission to any domain account which is in the Active Directory. Initially the type of group which can be used actually20 depends on functional level of that particular domain. Next the strategy which is seen in that regard of that group actually depends on what is isolated as well as how all the things are managed in the group. In domain account you may remember the whole sequences as A G U D L P that actually translates into “Account goes to Global Groups, in turn Global groups go into Universal Groups, Further Universal Groups into Domain Local group and then the Domain Local groups get the required permissions.” The below draw figure explains the whole concept (techtarget.com, 2004). Here is a closer look to all the type of groups that can be used, as well as how and when those can be used. Here is the list of domain group types that should be familiar: Domain local groups Global groups Universal groups Global groups The global groups are actually created in the Active Directory of the domain but it can be placed to the Domain Local group which is in a Universal group or in any domain. Normally Global groups contain all users from the domain where they are formed. They may also contain several other global groups in case the domain is in least Windows 2000 mode. This is known as nesting global groups (techtarget.com, 2004). Domain local groups The domain locals groups are also formed in Active Directory of the domain as well as the control access to any resource which is contained in that particular domain. It may contain users in the local groups but is not generally recommended by Microsoft. Universal groups The Universal groups are created on domain controller. The universal groups are generally created within the Active Directory but then gain not specified to any particular domain. The21 groups can contain member form any other domain and be used to give full access to other resources within the domain. Normally users in the groups can be members of any universal group; however it is not suggested by Microsoft. In that case Universal membership should be restricted to only global groups and several other universal groups (techtarget.com, 2004). 1.6 Creating group policy and applying it to users Creating Quota for Administrator Group From Administrator tools click on File Server Resource Manager (Local) Then double click on Quota Management and double click Quota Template22 Then click on Create Template23 Then give Template Name and Space Limit and click OK24 Then right click on the Name you created25 Then select Create Quota from Template26 Now select Local Disc and click on Make New folder, click OK27 Then write the Folder Name and click OK28 Then click Create29 Now the Quota has just created on the Hard Disc. Now we have to create the Folder for the same Group so right click on the group name30 Now right click to Local disc31 Right click on the group’s name32 Select Share33 click Security and click on OK34 Now the File Sharing has been created35 Now you have to give Permission to that Group, so right click on the Folder Group’s Name and select Properties36 Then click Security to restrict or give privilege to that particular Group and click OK37 Then write the Group Name and click on Check Names and OK38 Highlight the Group Name and give the Permissions39 As we can see the Full Control has been given to the Administrator. The Administrator has access all40 Here there are the 5 Files Folder Sharing41 Here there are the 5 Groups which have particular Quotas on the Hard Drive42 TASK 2 2.1 Architectural design of the Reading Room network . The company employed 450 workers. The computers used by the employees in different departments come with various hardware and software specification. For example, the computers used by the Administration Department have not high hardware profiles while the computers for the Designers and Back End Developers are high-end machines with higher dispensation, memory and graphics ability. Floor plan – It is assumed that Reading Room is 5 stored long. Each floor is 10000 square feet. Workstations – For 450 users there will be around 450 workstations including 10 network43 printers. 2.2 Relate various hardware, protocols to the various layers of the OSI model In this report it is recommended to use switches (layer 2) and routers (Layer 3). For active directory and domain there will be 1 main server and 1 backup server. The number of workstation may vary from 300-500. Global mesh is a unified network. Several of them are guided by large public and private organizations, like government businesses or trade places of work, and are kept for restricted use. The majority of them usually opted for widely publiclyaccessible internetwork, which is producing the Internet interconnection of networks. These ISP networks combined to each other, give access for many much of users all over the world. Better communication across these diverse infrastructures requires the application to be consistent and frequently recognized technologies and protocols. Intranet Intranet is a private network that controlled inside an enterprise. Intranet may consist of much connections Local Area Network and can use leased lines in the wide area network. Usually, an Intranet is a part of connection from one or more entrance computers to the exterior Internet. The major reason of an Intranet is sharing company information and computing assets between employees. An Intranet can be also used to make easy in groups working and for teleconferences. Benefits of Running an Intranet44 The key benefit of operating an Intranet is because very low coast and dependable. Also because many computers in a corporation are by now capable to connect to the internet, purchasing an additional hardware for the end user is not necessary. Only part of equipment like a web server to host the Intranet can be purchased . In the above diagram, the diverse type of networking devices in table can use the different type of OSI model layers as shown in the below diagram. About the OSI model different layers in the networking. Diverse type of networking layers in the network those are show in the below listed screenshot45 Why we need OSI Model: Are the world's biggest developer and publisher of international standards. ISO helps to run and make many international standards in many technological areas to cover the similar excellence of a product or development despite of corporation. The OSI (Open Systems Interconnection) model gives a place of universal design strategies for data transportation systems and gives a standard method to explain how a range of layers of data message systems interrelate. Applying the reason of the ISO principles to computer networking, a computer part, or computer software requires to obey to put the values so that the creation will labor no wherever you are in the earth. Putting the OSI model into perspective Good consideration of the aim of the model and some of the center ideologies, will so far in general appreciate of computer networking. Not only focusing on the complex facts of the OSI model at first place, so there won’t be confusion later. The model was made in the 1970s and the technology is changing day by day. There will be disagreed between some books one another with on different aspects of the higher layers. The way of thinking after the upper layers are for dispensing which are not virtually as helpful today. Why we need OSI Model? The seven layers of the OSI Model can be remembered by with the following memory aide:46  Layer one, the Physical layer gives the path from which data goes in the middle of devices on the network.  Layer two, the Data Link layer gives a system from which network devices can contribute to the communication channel.  Layer three, the Network layer's most important reason is to make a decision in which physical path the information should go after from its foundation to its end.  Layer four, is the Transport layer which provides the upper layers through a communication channel to the network. Reasons following the OSI model are:  to smash network communication into slighter, easy parts so it won’t be difficult to expand and to make possible consistency of network mechanisms to permit multiple merchant expansion and assistance.  Have good knowledge to understand the obtainable principles are currently in place.  To enable the components to function, manufactures must be aware of the track, layer one, and how the track is divided layer two.  Knowledge and accepting the OSI model can be confusing.47 2.3 Network types, topologies and network operating systems Hybrid Network Topology Image It is recommended to use star hybrid topology. For each sub network there will be separate switch. Why Hybrid Topology? . Hybrid topology is combined to a range of links and nodes, there is a communication between them and each other is able to transfer data. It has also some advantages and disadvantages of Star, Bus, Ring, Mesh and Tree topologies. Why I have chose Hybrid Network topology, because Hybrid Network Topology application is used in many Area Networks. Hybrid has two different things. Likewise, in this category of topology, there are two diverse topologies integrated to form and giving it to be a best topology. This group of topologies is made according to the requirements of the organization. For example, if a ring topology is in one office department while a bus topology in another department, putting them together will obtain Hybrid topology. Connecting two topologies parallel cannot be termed as Hybrid topology. Star-Ring and Star-Bus networks are familiar like hybrid network. Here are the benefits and drawbacks of this networking architecture Advantages of Hybrid Network Topology48  Reliable: different other networks, fault discovering and troubleshooting are easy in this type of topology. If a fault is found in part, this part cannot be used from the rest of the network, immediately the correction process start with no effect to others to work  Scalable: with no affecting existing architecture, Hybrid topology will be easy to augment the size of network by putting new component.  Flexible: Hybrid network works to the organization requirements demand and also with the availability of their resources. Importance attention can be given to nodes where the traffic is too much also where higher fault can be found  Effective: Hybrid topology is group of two or more topologies where a way can be planned to get strengths of part topologies are high and the fault found can be isolated. Disadvantages of Hybrid Topology 1) Complexity of Design: The principal drawbacks of hybrid topology are its design. It is difficult to design this kind of architecture. Configuration and installation procedure required advanced knowledge. 2) Costly Hub: The use of different networks connection of hubs is very expensive. These hubs are different from the old ones and need to be strong enough to work with mixed architectures and should be working even one part of network breaks down. 3) Costly Infrastructure: As hybrid architectures equipments are very expensive 2.4 Diagnosing/troubleshooting network connectivity issues . Only the administrator can carry on to troubleshot the network connectivity49 Troubleshooting Network Connectivity Issues using various commands and third party tools A command prompt also referred to filter as quick as possible a short text message at the start of the command line on a command line border. A command line interface (CLI) is an all text show mode that is given in a console or terminal window by a shell Ping is a basic Internet program that allows a user to verify that a particular IP address exists and can accept requests. The verb "ping" means the act of using the ping utility or command Ex: Ping an IP address to configure:50 Path ping an IP Address tools Path ping is a network which moves toward and use an address in the specific tasks of network storage by differing the way the communication paths are managed and controlled. If there is a connection breaks down for a message networks, this connection must retry. In the storage networks, Failure is to cause a system crash and the error is very small for storage networks.51 Tracert IP Address . Trace Route command traces a route in order to use and verify the path that an IP packet took to arrive at a destination. This utility can be ran by typing tracert IP Address.52 Third Party IP address like Google www.google.co.uk to see how their system works53 2.5 IP addressing It is assumed that there will be 450 computers in 10 subnets. So there will be approximately 45 computers per subnet. A class B address 172.16.0.0 is taken. To allocate the IP addresses the class B address is divided into several subnets. To use the IPs efficiently VLSM technique is applied (Rouse, 2014). Using the VLSM calculator (vlsm-calc.net, 2014) the IP subnets of the office are defined as following - Major Network: 172.16.0.0/16 Available IP addresses in major network: 65534 Number of IP addresses needed: 450 Available IP addresses in allocated subnets: 62054 Subnet Name Needed Size Allocated Size Address Mask Dec Mask Assignable Range Broadcast A 45 62 172.16.0.0 /26 255.255.255.192 172.16.0.1 - 172.16.0.62 172.16.0.63 B 45 62 172.16.0.64 /26 255.255.255.192 172.16.0.65 - 172.16.0.126 172.16.0.127 C 45 62 172.16.0.128 /26 255.255.255.192 172.16.0.129 - 172.16.0.190 172.16.0.191 D 45 62 172.16.0.192 /26 255.255.255.192 172.16.0.193 - 172.16.0.254 172.16.0.255 E 45 62 172.16.1.0 /26 255.255.255.192 172.16.1.1 - 172.16.1.62 172.16.1.63 F 45 62 172.16.1.64 /26 255.255.255.192 172.16.1.65 - 172.16.1.126 172.16.1.127 G 45 62 172.16.1.128 /26 255.255.255.192 172.16.1.129 - 172.16.1.190 172.16.1.191 H 45 62 172.16.1.192 /26 255.255.255.192 172.16.1.193 - 172.16.1.254 172.16.1.255 I 45 62 172.16.2.0 /26 255.255.255.192 172.16.2.1 - 172.16.2.62 172.16.2.6355 J 45 62 172.16.2.64 /26 255.255.255.192 172.16.2.65 - 172.16.2.126 172.16.2.127 The Class A address support large networks, which more than 16 million host addresses available. Class A IP addresses is used only the first octet to show the network address. The rest three octets offer for host addresses. The Class B address support and moderate the requests of large networks. The Class B address is responsible for using the first two of the four octets to choose the network address. The remaining two octets are to identify host addresses. The Class C address room is most regularly used of the unique address classes. This address56 room was planned to support small networks with a maximum of 254 hosts . The Class D address enables multicasting in an IP address. A multicast address is a unique network address that guide packets with that destination address to predefine groups of IP addresses. A unique station can at the same time transit a lone stream of data to multiple recipients A Class E address has been reserved for Internet use in the future research. The graphic below shows the IP address range of the first octet both in decimal and binary for each IP address Class.57 TASK 3 Security measures to safeguard network resources 3.1 Discuss the need for DFS in Reading Room. In a distributed file system, the server can be distributed across several physical computer nodes Several Computing nodes called as file servers are required for high performance storage and retrieve operations. Name server: Computer hardware or software server that maps the client names to stored entities such as directories and files. Cache manager: the primary tool for retrieving a cache instance – Can be present at both server and client sides. DFS in Windows Server 2008 - The new DFS-Names space and DFS-Replication which are present in Windows series of operating systems like 2003 R2, 2008and 2008 R2 have substantial enhancements over the previous introduced File Replication Service (FRS) and DFS products. For example, Consider there are few changes made on a PowerPoint slide and the file is 5MB; FRS would repeat the entire 5MB file for the old DFS whereas DFS-Replication only duplicates a few bytes. DFS-R helps to keep folders synchronized between various servers across limited bandwidth and network connections .DFS-R is capable of handling huge volume of data and replicates only the changed file blocks instead of the entire file DFS-R exists in Windows OS 2003 R2 and 2008 series of operating system. One can use DFS-R to reproduce DFS records in Windows OS 2003 R2, but it is possible to reproduce DFS and System volume data in Windows OS 2008 and Windows OS 2008 R2. In order to practice DFSReplication for reproduction, the conditions that need to be satisfied is that the DFS servers might be running in all sorts of Windows operating system as stated above. There is no need to improve the Distributed computing Systems. We can see in the below screenshots how the DFS will be happened: Go to New DFS Root Wizard:58 and then click on next, this page appeared:59 then click on next to select the target shared Folder for the DFS link Then click OK The new page will show you the Replication Policy folder and click ok60 Then highlight the target information and click OK Then highlight the information needed and go to the next page61 In the above screenshots we can see how the distributed file system will work. DSF is a sharing folder on the computer where the user and the other side of the cable have to know the present physical place of the files sharing and folders to enable them, so they can be able to access these sharing files and folders. Also, DFS can be done as stand alone or domain base. Implementing DFS as domain based will result to obtain a biggest advantage which will facilitate searching for the files. 3.2: write a report on the suggested usage of DFS for a specific installation e.g. a large call entre client database A Distributed File System is just a classical model of a file system dispersed crosswise diverse machines. The reason is to endorse sharing of detached files. The assets on a main machine are local to itself. Other resources machines are remote. A file system gives a service for clients. The server interface is the normal set of file operations to create, read, etc. on files. Clients, servers, and storage are dispersed across machines. Configuration and implementation may vary -62 Servers may run on dedicated machines, OR Servers and clients can be on the same machines. The OS itself can be distributed (with the file system a part of that distribution. A distribution layer can be interposed between a conventional OS and the file system. Clients should view a DFS the same way they would a centralized FS; the distribution is hidden at a lower level. Performance is concerned with throughput and response time. Naming is the mapping between logical and physical objects. Example: A user filename maps to . In a conventional file system, it's understood where the file actually resides; the system and disk are known. In a transparent DFS, the location of a file, somewhere in the network, is hidden. File replication means multiple copies of a file; mapping returns a SET of locations for the replicas. Location transparency -  Any name of a file cannot divulgate the secret of the file physical location .  File name must be kept with more security in the physical disk blocks  This is a comfortable and adequate way to distribute data.  Can illustrate communication between component units and machines. Location independence -  Changing the name of the file is not necessary even when the file's physical storage location changes.  Active, one-to-many mapping.  Good file concept.  Elevates sharing the storage space itself.  Distinct the identification hierarchy from the storage devices.63 Most DFSs today:  Maintain the site with transparency systems.  Cannot carry migration; (routine movement of a file from machine to machine.)  Files are eternally allied with explicit disk blocks. CACHE UPDATE POLICY:  A write through cache has best dependability. But the user must wait for writes to get to the server. Used by NFS.  Delayed write - write desires total faster. Data may be written over the earlier cache write, saving a remote write. Poor reliability on a crash.  Redden for a moment afterward tries to control the incidence of writes.  Write on shut delays the write even longer.  Which would you use for a database file? For file editing? Benefits of DFS we naturally ask about the benefits. Many of them are obvious from the explanation provided above, but below is a list of benefits.  Resources management and accessibility (users access all resources through a single point)  Accessibility (users do not need to know the physical location of the shared folder, then can navigate to it through Explorer and domain tree)  Fault tolerance (shares can be replicated, so if the server in Chicago goes down, resources still will be available to users) Work load management (DFS allows administrators to distribute shared folders and workloads across several servers for more efficient network and server resources use.64 CACHE CONSISTENCY: The fundamental matter is how to conclude that the client-cached data is reliable with what's on the server. Client - initiated approach - The client asks the server if the cached data is OK. What should be the incidence of asking? On file open, at fixed time interval. Server - initiated approach - Potentialities: A and B together have the same file open. When A closes the file, B "discards" its copy. Then B has to start over. The server is informed for on every file open. Disable caching by other clients for that file if a file is opened For each block, you have to get permission for Get read and write, then disable caching only for the unique blocks. COMPARISON OF CACHING AND REMOTE SERVICE:65 a lot of remote accesses can be accepted by a local cache. There's a better agreement of area reference in file accesses. Servers can be available only infrequently slightly than for each access. Cache reliability is the major issue with caching. When there are uncommon writes, caching get success. In area with many writes, the work demands to keep reliability overwhelms caching advantages. Caching demands entire divide instrument to carry acquiring and storage of large amounts of data. Remote service purely does what's necessary for each call. As such, caching puts an extra layer and mechanism and enough difficult than remote service. 3.3 The need for security certificate in Reading Room Security certificates or SSL certificates are very vital for security. The security certificates guarantee that the using page is secured. There is several certified authority available in market.. When we are looking using in a single network we should use a separate network in order to protect from the most of the threads and which will help us in the further processing of the data connection in between the users in the same domain or any other domain. Security access is like any of the user’s data which is related to their personal information or any other information which is mainly required by the most of the places. Because many of the places data consumes the very essential and most required part then this will help for the most of the places in the data accessing which is related to the same network and then by which we can identify for most of the authentication places when they are trying to access the data. 3.4: Installation and issuing of Certificate Authority: Below screenshots will represent about the installing of Certificate Authority Click on start and Add Roles and Select server Roles and click Next66 Then under Server Roles, highlight AD CS and click on Next67 Then Add Roles Wizard, highlight Roles Services and click on Next Now under Roles Services, highlight Setup Type, chose the option needed and click on Next68 Then under Setup Type, highlight CA Type and click on Next Now under CA Type, highlight Private Key and click on Next69 Now under Private Key, highlight Cryptography then click on Next Then under Cryptography, highlight CA Name and click on Next70 Then Set Validity Period and click on Next Click on Next to configure Certificate Database71 Then click on next to confirm Installation Sections Then click on Install to see the progress Installation72 Now you can see the Installation Results, means Installation succeeded Like this we will install certificate authority.73 What are the Hierarchical and Cross-Certified CA Models? According to Supersedes Web Trust for Certification Authorities Principles Version 1.0 August 2000) The Certification of Authorities may be associated with two essential architectures or a hybrid of the two: (1) hierarchical and (2) cross certified (shared trust). In a hierarchical model, a highest level (or “Root”) CA is deployed and secondary CAs may be build for a range of business units, domains or communities of interest. The Root CA validates the secondary CAs, which in twist issue certificates to lower row CAs or straight to subscribers. Such a Root CA naturally has more rigorous security requirements than a minority CA. Though it is hard for an aggressor to access the Root CA (which in a number of implementations is only online in the uncommon occasion that it have to issue, renew, or revoke subordinate CA certificates), one disadvantage to this model is that the Root CA represents a single point of failure. In the hierarchical model, the Root CA holds the established “community of trust” by ensuring that each entity in the hierarchy conforms to a minimum set of practices. Adherence to the established policies may be tested through audits of the subordinate CAs and, in a number of cases, the Registration Authorities. The following diagram shows the organization and associations among certification authorities and subscribers in service of a hierarchical model. In an option model, cross-certified CAs is created on a “peer-to-peer” model, quietly than deploying an ordinary Root CA, the cross-certification model shares trust among CAs known to one another. Cross certification is a procedure in which two CAs confirm the honesty of the other’ In an alternative model, cross-certified CAs are built on a “peer-to-peer” model. Rather Root CA Sub-CA Sub-CA Certificate Certificate Certificate Certificate Sub-CA Certificate Certificate74 than deploying a common Root CA, the cross-certification model shares trust among CAs known to one another. Cross certification is a procedure in which two CAs certify the honesty of the other’s certificates. If two CAs, CA1 and CA2, cross-certify, CA1 creates and digitally symbols a certificate containing the public key of CA2 (and vice versa). As a result, users in moreover CA domain are secured and each CA trusts the other and so subscribers in each domain can reliance each other. Cross-certified CAs is not topic to the single point of failure in the hierarchical model. But, the network is only as physically powerful as the weakest CA, and demands repeated policing. In the cross-certified model, to create and preserve a community of trust, audits may be performed to make sure that each cross-certified CA conforms to a smallest place of practices as approved ahead by the members of the community of trust. The next diagram presents the structure and associations among certification authorities and subscribers working in a cross-certified CA-1, CA-2, CA-3 Cross Certify Each Other In a hybrid model, both a hierarchical structure and cross-certification are engaged. For example, two existing hierarchical communities of trust may want to cross-certify each other, such that members of each community can rely upon the certificates issued by the other to conduct e-commerce. CA-1 CA-2 CA-3 Certificate Certificate Certificate Certificate Certificate Certificate75 TASK 4 4.1 Installing IIS  Click Start, point to All Programs and go to Administrative Tools and then click Server Manager.  In Server Manager Tools scroll down to the option Roles Summary, then choose Add Roles.  On the Select Server Roles page select Web Server (IIS). Then an introduction to web server page will open up with links informing about additional features required for Web Server (IIS).  Select the IIS services to be installed in the Role Services section of the Wizard, add only the necessary features and then click on Next.  Add Required Role Services and then click install to commence the installation process.  IIS is now installed with a succeeded message on the Installation Results page. It is now installed with a default feature for hosting the role service ASP.NET on Windows Server. Click Close to complete.  Open a Web Browser and Navigate to http://localhost to confirm that the Web server is running properly.76 Click start and click Add required features Then highlight the needed file and click Next77 Then Click highlight the desired Folder and click Next Then you can see web server (IIS), highlight it and click Next78 Then click to confirm for installation and click Next Now the installation began79 Now the installation is successful 4.2: Connecting with remotely with website 1. Open IIS Manager. ... 2. In the Connections pane, expand Create New Connection in the toolbar. 3. Click Connect to a Site to open the Connect to Site Wizard. 4. On the Specify Site Connection Details page: ... Click Next80 4.3 Installing and configuring NAT or ICS Permit NAT with Windows Server 2008 R2 - Start the Server Manager from Administrative Tool Folder. Click next in Server Manager Console click Add roles which is under Roles Summary, Select Network Policy and Access Services from list of server roles. Click next and then proceed. Then select Routing and Remote Access Service from the list of role services. Follow the steps in Add Roles Wizard and complete the full installation process. After the installation process is completed, Routing and Remote Access service is then installed in an all new disabled state. Now to enable ad configure the whole remote access server log in as a member of Administrator group. Following this the next step is enabling Routing and Remote Access Service or RRAS. If RRAS server is member of domain, the user needs to add computer account to the server to IAS and RAS security group, all in the domain where server is the member. Begin with Routing and Remote Access console from the Administrative Tools Folder. Then right click on server object and proceed to configure as well as Enable Routing and Remove access.81 We can see in the below diagram about The NAT configuration: In the above diagram we need to provide the all the necessary information which is required for the Host and then Gateway address and Netmask address.82 In the above screen, we need to fill the again advanced settings of network address translation which is related to the NBNS timeout. Conclusion As we defined in the above pages, about the IIS and then network related information and then server’s configuration, and then NAT configuration, and also security certificate and then most of the address, related information other any related information. From where, we need to understand the basic understanding of the network related information, which is most required part of the any other related information, for the network access, and then data protection from the threads in the network and much other information. References Designing an appropriate group strategy for accessing resources (2004), Available at - http://searchwindowsserver.techtarget.com/feature/Designing-an-appropriate-groupstrategy-for-accessing-resources Remote Desktop Services (Terminal Services) Command Reference (2012). Available at - https://technet.microsoft.com/en-us/library/cc725766.aspx Rouse, M (2014), variable-length subnet mask (VLSM) Available at - http://searchnetworking.techtarget.com/definition/variable-length-subnet-mask VLSM calculator (2015), Available at – www.vlsm-calc.net http://www.windowsecurity.com/articles-tutorials/authentication http://codebreakers57.hubpages.com/hub/setupanintranet www.google.co.uk/webhp?sourceid=chrome-instant&rlz