Windows XP Professional supports both Workgroup Networks and Domain-Based Networks. Workgroup Networks are also referred to as Peer-to-Peer networks and are the simplest type of network. They are ideal for networks of less than ten computers and supports file and print sharing. Domain-Based Networks are common to large companies and benefit from centralized administration. This results in the implementation of stronger security models with users requiring a user account to logon access network resources.

Section 3.1: Creating Network Connections

In Windows XP Professional you can create number of network connections. These include local area network (LAN) connections, remote connections, Virtual Private Network (VPN) connections and direct connections. All these connections are created in the NETWORK AND INTERNET CONNECTIONS folder.

3.1.1: Local Area Network (LAN)

A Local Area Network is also referred to as an intranet and has client support, such as Client for Microsoft Networks and Client Services for NetWare; services, such as Files and Printer Sharing; and user network protocols. A network protocol is a set of rules and conventions for computers use to communicate over a network. Windows XP Professional supports:

  • TCP/IP, which is the default protocol and is installed automatically in Windows XP Professional;
  • NetBEUI, which is a nonroutable protocol suited for small networks of less than ten computers;
  • AppleTalk, which allows a Windows XP Professional-based computer to communicate on Apple Macintosh networks;
  • NWLink (IPX/SPX), which allows a Windows XP Professional-based computer to communicate on Novell NetWare networks; and
  • DLC, which is a nonroutable protocol that allows a Windows XP Professional-based computer to communicate to an IBM host.

Note: The AppleTalk protocol requires a Windows 2000 Server that is configured with Windows 2000 Services to function properly.

You can also specify the protocol binding order to optimize network performance by placing the protocol that is used the most at the top of the protocol bindings list. The computer will then attempt to use this protocol first when a user attempts to make a connection to a server.

3.1.2: Remote Connections

Remote connections allow mobile computer users to dial into their corporate LAN and are also used to establish a connection to the Internet via an Internet Service Provider (ISP). Remote Access Protocols

Windows XP Professional uses several Remote Access Protocols to allow clients to access Remote Access Servers.

  • Point-to-Point Protocol (PPP) enables remote access clients and servers to operate together in a network. For example, clients running Windows XP Professional can connect to remote networks through any server that uses PPP. Similarly, computers running other remote access software can also use PPP to dial in to a computer running Windows XP Professional configured with an incoming connection. This is the most commonly used remote access protocol.
  • Serial Line Internet Protocol (SLIP) enables Windows XP Professional-based computers to connect to a SLIP server. SLIP is most commonly used with Telnet, and is not suitable for most modern remote access applications. Windows XP Professional does not include a SLIP server component.
  • RAS is an older protocol used by Microsoft. Client computers running Windows XP Professional use the RAS protocol to connect to remote access servers running Microsoft Windows NT 3.1, Microsoft Windows for Workgroups, Microsoft MS-DOS, or LAN Manager. Security for Remote Connections

Windows XP Professional uses authentication and authentication protocols to ensure network security. Authentication refers to the process in which the computer or network system checks a user's name and password against an authoritative database and only grants access if the user name and password match those in the database. Authentication protocols are used to transmit and receive user names and passwords. Windows XP Professional supports a number of authentication protocols:

  • PAP is the least secure authentication protocol and transmits passwords in plain text, i.e. unencrypted. This is used when two computers cannot negotiate a more secure form of authentication.
  • SPAP is a proprietary authentication protocol used by Shiva clients to dial in to computers running Windows 2000 Server and by Windows XP Professional clients to dial in to Shiva servers.
  • CHAP resolves the problem of transmitting passwords in clear text by negotiating a secure form of encrypted authentication by using Message Digest 5 (MD5), which is a challenge-response hashing scheme. You should use CHAP when you have clients that are not running Microsoft operating systems
  • MS-CHAP uses the same type of authentication but uses MD4 as its hashing method. You can use MS-CHAP for clients running Windows NT version 4.0 and later, or Microsoft Windows 95 and later.
  • MS-CHAP v2 is more advanced than CHAP and MS-CHAP and uses mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving data. You can use MS-CHAP v2 for dial-up clients running Windows 2000 or later, or for VPN clients running Windows NT 4.0 or Windows 98 or later
  • EAP is an extension of PPP, which is the basis for PPTP, works with dial-in, PPTP and L2TP clients, and allows additional authentication methods with PPP. These include smart cards, public key authentication and certificates

3.1.3: Virtual Private Network (VNP)

Virtual Private Networks (VNP) use a tunneling protocol to secure a private network that is established across a public network. Windows XP Professional supports two tunneling protocols that can be used to create a VNP connection:

  • Point-to-Point Tunneling Protocol (PPTP), which is a TCP/IP protocol that can encapsulate TCP/IP, IPX/SPX, or NetBEUI protocols. PPTP tunnels must be authenticated by using the same authentication mechanisms as PPP connections; and
  • L2TP, which is a combination of PPTP and Layer 2 Forwarding. L2PT does not provide data encryption but relies on Internet Protocol Security (IPSec), which is group of services and protocol that supports the secured transfer of information across an IP internetwork.