• Ronnie Wong

    @razmik-artonian-0 said in VPN for Wireless:

    Lets say we are given the following info:
    A site-to-site VPN connection using IPsec Tunnel with both AH and ESP enabled to provide authentication and Encryption respectively.
    Looking at the info provided to us can you tell which encryption algorithm is being used? I mean , since IPsec is not an encryption algorithm in itself.

    Not from provided info. It just tells you it implements AH and ESP, instead of just AH. This is the called Tunnel Mode the encryption is negotiated between the endpoints.

    posted in Security read more
  • Ronnie Wong


    On the overview video of that show, please look to the upper right hand corner of the video. If there are files associated with the show, they will be downloadable from the link there, usually zipped up. If not, please let us know here and we can verify they were uploaded or if we just don't have them.

    posted in Microsoft read more
  • Ronnie Wong

    @razmik-artonian-0 said in VPN for Wireless:

    I know this might not be the smartest question but I am trying to understand the concept or the theory.

    It's not a bad question and it's not about smart or not. You asked and we're here to try to point you in the right direction

    WPA uses TKIP for encryption protocol. WPA-2 uses CCMP for encryption protocol.
    IPsec is used to encrypt IP traffic or data in transit.
    How can WPA-2 use two encryption protocols simultaneously (CCMP and IPsec) ?
    The same question could be asked about WPA in relation to TKIP and IPsec.

    IPsec is not an encryption algorithm itself. It is a framework that defines how to provide (Hashing, Authentication, DH Group, Lifetime, Encryption) within a end-to-end tunnel.

    Wireless Encryption, regardless of protocol you're using is protecting the connection between you and the AP. There is no encryption on the other end if it not provided. It is only protection your connection to a certain point.

    IPsec only see's the wireless connection and not the encryption. So it builds a tunnel first then encrypts data within the tunnel, regardless of an encrypted Wireless connection or un-encrypted wireless encryption.

    posted in Security read more
  • Ronnie Wong

    @razmik-artonian-0 said in VPN for Wireless:

    But can we use VPN for wireless encryption? If so , will we be using IPSEC ?

    There's a couple of ways to read this question, at least to me, let me explain...

    • Can we use VPN for encryption with existing wireless encryption like WEP, WPA, WPA-2.?
    • Can we use VPN for wireless encryption instead of existing wireless encryption.

    In both instances, yes...the IPsec is probably what you'll use.

    If I am connected to an existing protected wireless network, I can build up an IPsec VPN tunnel through that. How do I know, I'm doing it as I type. I'm using an OpenVPN client to do so on a network that has WPA-2.

    If I am connected through an open access point such as an airport or hotel, which provides access but no encryption, I connect using an IPsec VPN and it works just as well.

    posted in Security read more
  • Ronnie Wong


    I've not seen that particular episode...but if an IP address is within -, then it is a Class B address. If your ip address is, This fits within -, technically (even if we don't use 127 range for hosts). Your address would be a Class A address. This would be correct and not a deviation from what I'm guessing Wes has said.

    So either this is not the particular correction or there's another correction that you wanted to make.

    posted in CompTIA read more
  • Ronnie Wong

    @razmik-artonian-0 said in SFTP versus FTPS:

    I know SFTP is FTP over SSH and FTPS is FTP over SSL/TLS.

    Could you please compare/contrast SFTP and FTPS ?

    I'm answering this one first because to me it makes sense to do so.

    • FTPS is essentially FTP with security built on top of it. When you connect it's basically FTP, remember that it operates over "control" and "data" channels. By default FTP, neither is secured. But with FTPS, you can choose to secure one or both (so either "control" and "data" or just "data"). But it's a choice that has to be setup to do so. But using it, does make sure connection is secured for data to pass through a secured connection. It uses multiple ports, the more requests the more ports are opened.
    • SFTP, is not built upon FTP but rather on SSH. So right there is a big difference. The other is SFTP uses only a single connection that encrypts both authentication information and data files being transferred. There is no if it's configured to do so or not. It is by nature built on SSH. Uses only a single port for all the connections needed.
    • Both methods can use multiple means of authentication. Both provide security.

    When do we use SFTP and when do we use FTPS?

    • Short answer is which ever one is set up for you on the other side but it's not a helpful answer. I know...but that's reality and let me explain why...
    • @Michael-McKenney gave a couple of good examples.
    • For me, it comes down to passing through a firewall and what you're destination is willing to do .
      • You and the other end will have to open a range of ports in your firewalls to allow for FTPS connections, which can be a security risk for your network or security policy doesn't allow the opening of a range of ports. SFTP needs only a single port number for all SFTP communications and makes it easier to secure through the firewall.

    posted in Security read more
  • Ronnie Wong

    @t-h said in NIC Teaming Term Confusion:


    In Windows Server 101 "Networking Fundamentals" video and PDF I'm getting a little confused about the terms. I've Googled it but didn't find what I needed, so could someone check my understanding?

    • Switch Dependent and Switch Independent are terms that apply only to both Inbound and Outbound traffic.

    I'm not sure that they apply ONLY to inbound and outbound traffic. They are mode whereby

    • if you use Switch Independent, the teaming is handled by Windows Server without any need to configure the switch since the ports can be on multiple switches.
    • If you're using Switch Dependent, it requires configuration on the SWITCH to become NIC teaming aware even though those teamed ports are on the same physical switch or same modularized switch.
    • Switch Independent teaming utilizes Active/Active and Active/Standby NIC settings to determine performance vs. redundancy.

    This Active/Standby is when the administrator doesn't want to use the bandwidth aggregation capabilities of NIC Teaming. The default I believe, from memory, is Active/Active

    • Active/Active and Active/Standby are NIC Team settings that applies to BOTH inbound and outbound traffic and only applicable to Switch Independent teaming.

    I'm sure that it applies to bi-directional traffic since in both instances the NIC Teaming is "seen" and "behaves" like a single connection.

    • Switch Dependent teaming is funneling all traffic through a single switch like one big "pipe" for performance. It automatically treats the NICs as one big NIC, thus has no use for the Active/Active and Active/Standby settings.

    Regardless of which mode you choose, Windows server will see it as a single NIC with aggregated bandwidth. On single switch for dependent mode, there is no redundant device for failover. So instead you'll have to something like LACP teaming or static teaming for individual port failures.

    • Load Balancing aka Distribution Algorithms apply only to Outbound traffic.

    The best practice in load balancing is keep the traffic from a tcp-stream on a single network adapter. This can really only apply to outbound since we cannot control how the data will arrive at the switch from the other side, we can though from source send a TCP stream to a single NIC.


    Thank you for posting and apologies for any of my confusing instruction!

    posted in Microsoft read more
  • Ronnie Wong


    Containers on Windows behave a bit different than on Linux. So, I believe probably the best way to think about it is that in Windows it's a virtualized application rather than need what a traditional vm needs. In the background it's still using the built in Hyper-V functionality, even on Windows 10, you'll see that it will require you to install the hyper-v feature then reboot and now your desktop is essentially running as a VM on the Hyper-V Hypervisor.

    The context is probably about the functionality needed:

    • if you need kernel level isolation, then Hyper-V containers are really specialized isolated VMs.
    • If you do not need kernel level isolation, then Windows containers are isolated through namespace, remote access and control and process isolation but not kernel level

    posted in Microsoft read more
  • Ronnie Wong


    If all emails from you domain to that domain are getting bounced. Then something has changed on your end.

    I would compare previous settings to the current settings for email and see what has changed.

    posted in Microsoft read more