Wednesday 25 April 2012

Short note on Tunneling

Tunneling is a way in which data is transferred between two networks securely. All the data being transferred is fragmented into smaller packets or frames and then passed through the tunnel. This process is different from a normal data transfer between nodes. Every frame passing through the tunnel will be encrypted with an additional layer of tunneling encryption and encapsulation, which is also used for routing the packets to the right direction. This encapsulation would then be reverted at the destination with decryption of data, which is later sent to the desired destined node.
A tunnel is a logical path between the source and the destination endpoints between two networks. Every packet is encapsulated at the source and de-capsulated at the destination. This process will keep happening as long as the logical tunnel is persistent between the two endpoints.
Tunneling is also known as the encapsulation and transmission of VPN data, or packets. IPSec tunnel mode enables IP payloads to be encrypted and encapsulated in an IP header so that it can be sent over the corporate IP internetwork or Internet.
IPSec protects, secures and authenticates data between IPSec peer devices by providing per packet data authentication. IPSec peers can be teams of hosts, or teams of security gateways. Data flows between IPSec peers are confidential and protected. The source and destination addresses are encrypted. The original IP datagram is left in tact. The original IP header is copied and moved to the left and becomes a new IP header. The IPSec header is inserted between these two headers. The original IP datagram can be authenticated and encrypted.
The tunnel is the logical path or connection that encapsulated packets travel through the transit internetwork. The tunneling protocol encrypts the original frame so that its content cannot be interpreted. The encapsulation of VPN data traffic is known as tunneling. The Transport Control Protocol/Internet Protocol (TCP/IP) protocol provides the underlying transport mechanism for VPN connectivity.
The two different types of tunneling are:
  • Voluntary tunneling: With voluntary tunneling, the client starts the process of initiating a connection with the VPN server. One of the requirements of voluntary tunneling is an existing connection between the server and client. This is the connection that the VPN client utilizes to create a tunneled connection with the VPN server.
  • Compulsory tunneling: With Compulsory tunneling, a connection is created between:
    • Two VPN servers
    • Two VPN access devices – VPN routers
    In this case, the client dials-in to the remote access server, by using whichever of the following methods:
    • Through the local LAN.
    • Through a internet connection.
    The remote access server produces a tunnel, or VPN server to tunnel the data, thereby compelling the client to use a VPN tunnel to connect to the remote resources.
VPN tunnels can be created at the following layers of the Open Systems Interconnection (OSI) reference model:
  • Data-Link Layer – layer 2: VPN protocols that operate this layer are Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP).
  • Network Layer – layer 3: IPSec can operate as a VPN protocol at the Network layer of the OSI reference model.
Tunneling Protocols Tunneling

VPN Overview

Virtual Private Networks (VPNs) provide secure and advanced connections through a non-secure network by providing data privacy. Private data is secure in a public environment. Remote access VPNs provides a common environment where many different sources such as intermediaries, clients and off-site employees can access information via web browsers or email. Many companies supply their own VPN connections via the Internet. Through their ISPs, remote users running VPN client software are assured private access in a publicly shared environment. By using analog, ISDN, DSL, cable technology, dial and mobile IP; VPNs are implemented over extensive shared infrastructures. Email, database and office applications use these secure remote VPN connections.VPN Tunneling Tunneling
A few of the main components needed to create VPN connections are listed below:
  • VPN services need to be enabled on the server.
  • VPN client software has to be installed on the VPN client. A VPN client utilizes the Internet, tunneling and TCP/IP protocols to establish a connection to the network
  • The server and client have to be on the same network.
  • A Public Key Infrastructure (PKI)
  • The server and client have to use the same:
    • ” Tunneling protocols
    • ” Authentication methods
    • ” Encryption methods.
  • Centralized accounting
Remote access VPNs offer a number of advantages, including:
  • Third parties oversee the dial up to the network.
  • New users can be added with hardly any additional costs and with no extra expense to the infrastructure.
  • Wan circuit and modem costs are eliminated.
  • Remote access VPNs call to local ISP numbers. VPNs can be established from anywhere via the internet.
  • Cable modems enable fast connectivity and are relatively cost efficient.
  • Information is easily and speedily accessible to off-site users in public places via Internet availability and connectivity.

Tunneling Protocols Overview

The tunneling protocols are responsible for the following functions:
  • Tunnel maintenance: This involves both the creation and management of the tunnel.
  • VPN data transfer: This relates to the actual sending of encapsulated VPN data through the tunnel.
The tunneling protocols are:
  • Point-to-Point Tunneling Protocol (PPTP)
  • Layer 2 Tunneling Protocol (L2TP)

How Tunneling Works

There are two types of VPN connections, PPTP (Point-to-Point tunneling protocol) and L2TP (Layer 2 tunneling protocol). Both PPTP and L2TP tunnels are nothing but local sessions between two different endpoints. In case they have to communicate, the tunneling type must be negotiated between the endpoint, either PPTP or L2TP, then more configurable parameters like encryption, address assignment, compression, etc. must be configured in order to get the best possible security over the Internet based private logical tunnel communication. This communication is created, maintained, and terminated with a tunnel management protocol.
Data can be sent once the tunnel is in place and clients or the server can use the same tunnel to send and receive data across the internetwork. The data transfer depends upon the tunneling protocols being used for the transfer. For example, whenever the client wants to send data or payload (the packets containing data) to the tunneling server, the tunnel server adds a header to each packet. This header packet contains the routing information that informs the packet about the destination across the internetwork communication. Once the payload is received at the destination, the header information is verified. After, the destination tunnel server sends the packet to the destined node, client, or server.

Point-to-Point Protocol (PPP)

It is very obvious that the PPTP and L2TP protocols are fully dependent upon PPP connection and it is very much important to understand and examine PPP a little more closely. Initially, PPP was designed to work with only dial-up connections or dedicated connections. If the data transfer is happening over PPP connection, then the packets going over PPP are encapsulated within PPP frames and then sent across or transmitted over to the destination dial-up or PPP server.
There are four distinct phases of negotiation in a PPP connection. Each of these four phases must complete successfully before the PPP connection is ready to transfer user data.
  • Phase 1: PPP Link Establishment First step is where PPP uses the LCP or Link Control Protocol to connect to the destination network. Apart from establishing the connection, LCP is also responsible for maintaining and terminating the connection. For example, during this phase 1, LCP connects to the destination and prepares the authentication protocol which will be used in phase 2. Next step would be to negotiate and find out if these two nodes in a PPP connection would agree on any compression or encryption algorithm. If the answer is yes then the same is implemented in Phase 4.
  • Phase 2: A User Authentication Second step is where the user credentials are sent to the remote destination for authentication. There are different secure authentication programs. The secure authentication method must be used to safeguard the user credentials. If using PAP (password Authentication Protocol) for authorizing user credential, the user information is passed in plain clear text that can be captured easily. This is the only time that the user must take utmost care in handling his/her credential from any theft. If for any reason an intruder captures these credentials, once the user connection is authenticated, the intruder will trap the communication, disconnect the original user, and take control of the connection.
  • Phase 3: PPP Callback Control The Microsoft implementation of PPP includes an optional callback control phase. This phase uses the Callback Control Protocol (CBCP) immediately after the authentication phase. If configured for callback, both the remote client and NAS disconnect after authentication. The NAS then calls the remote client back at a specified phone number. This provides an additional level of security to dial-up connections. The NAS allows connections from remote clients physically residing at specific phone numbers only. Callback is only used for dial-up connections, not for VPN connections.
  • Phase 4: Invoking Network Layer Protocol(s) Once the previous phases have been completed, PPP invokes the various network control protocols (NCPs) that were selected during the link establishment phase (Phase 1) to configure protocols that the remote client uses. For example, during this phase, IPCP is used to assign a dynamic address to the PPP client. In the Microsoft implementation of PPP, the Compression Control Protocol (CCP) is used to negotiate both data compression (using MPPC) and data encryption (using MPPE).

Data Transfer

Once the four phases of PPP negotiation have been completed, PPP begins to forward data to and from the two peers. Each transmitted data packet is wrapped in a PPP header that the receiving system removes. If data compression was selected in phase 1 and negotiated in phase 4, data is compressed before transmission. If data encryption is selected and negotiated, data is encrypted before transmission. If both encryption and compression are negotiated, the data is compressed first then encrypted.

Point-to-Point Tunneling Protocol (PPTP)

PPTP encapsulates PPP frames in IP datagram for transmission over an IP internetwork such as the Internet. PPTP can be used for remote access and router-to-router VPN connections.
PPTP or Point-to-Point tunneling protocol works over TCP ports, which are also used for tunnel management and GRE or Generic Routing Encapsulation protocol to encapsulate any PPP frames that will later be used to send data through the tunnel. Compression or encryption will depend on the tunnel configuration.
Point-to-Point Tunneling Protocol (PPTP), an extension of Point-to-Point Protocol (PPP), encapsulates PPP frames into IP datagrams to transmit data over an IP internetwork. To create and manage the tunnel, PPTP utilizes a TCP connection. A modified version of Generic Route Encapsulation (GRE) deals with data transfer by encapsulating PPP frames for tunneled data. The encapsulated tunnel data can be encrypted and/or compressed. However, PPTP encryption can only be utilized when the authentication protocol is EAP-TLS or MS-CHAP. This is due to PPTP using MPPE to encrypt VPN data in a PPTP VPN, and MPPE needing EAP-TLS or MS-CHAP generated encryption keys.
The authentication methods supported by PPTP are the same authentication mechanisms supported by PPP:
  • PAP
  • CHAP
  • MS-CHAP
  • EAP

Layer Two Tunneling Protocol (L2TP)

Layer 2 Tunneling Protocol (L2TP) is a combination of the benefits and features of PPTP and Cisco’s Layer 2 Forwarding (L2F) protocol. L2TP encapsulates PPP frames, and sends encapsulated data over IP, frame relay, ATM and X.25 networks. With L2TP, the PPP and layer two end-points can exist on different devices. L2TP can also operate as a tunneling protocol over the Internet. L2TP uses UDP packets and a number of L2TP messages for tunnel maintenance. UDP is used to send L2TP encapsulated PPP frames as tunneled data.
While L2TP can provide encryption and compression for encapsulated PPP frames, you have to use Microsoft’s implementation of L2TP with the IPSec security protocol. When L2TP is used with IPSec, the highest level of security is assured. This includes data confidentiality and integrity, data authentication, as well as replay protection. IPSec protects the packets of data and therefore provides security on insecure networks such as the Internet. This is due to IPSec securing the actual packets of data, and not the connection used to convey the data. IPSec utilizes encryption, digital signatures and hashing algorithms to secure data.
IPSec provides the following security features:
  • Authentication; digital signatures are used to authenticate the sender.
  • Data integrity; hash algorithms ensure that data has not been tampered with while in transit.
  • Data privacy; encryption ensures that data cannot be interpreted while in transit.
  • Repay protection; protects data by preventing unauthorized access by any attackers who resend data.
  • The Diffie-Hellman key agreement algorithm is used to generate keys. This makes it possible for confidential key agreement to occur.
  • Non-repudiation; public key digital signatures authenticate the origin of the message.
The two IPSec protocols are:
  • Authentication Header (AH); provides data authentication, data integrity and replay protection for data.
  • Encapsulating Security Payload (ESP); provides data authentication, data confidentiality and integrity, and replay protection.

Port 1723

Port 1723 is a network port that uses both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) in order to transfer data from an application on one machine to an application on another machine. Port 1723 is rarely manually used and background services within the applications that access it usually manage it. This type of access between multiple applications is known as the PPTP (Point-to-Point Tunneling Protocol), which, by default, is usually run on Port 1723.
TCP Vs UDP
While Port 1723 runs both TCP and UDP protocols, each has different purposes. For example, TCP is used to transfer actual data and commands from one application to another and provides assurance that the data will be delivered and received in the same order in which it was sent. UDP, however, is used to transfer raw information in the form of datagrams and does not guarantee that the information will be delivered or received in the proper order. Instead, UDP requires that the application receiving any information sent over Port 1723 or any other port manages that information.
Applications
Port 1723 is mostly used for the PPTP and PPTP VPN (Virtual Private Networking) protocols. These protocols exchange information between multiple devices and applications. For example, if a user wishes to access a server from his/her personal computer in a separate location and a firewall protects that server, the user will need to enable a PPTP VPN between the two devices. Together, the TCP and PPTP VPN provide a secure connection between the two devices and guarantee data transfer. PPTP VPNs may also be used for gaming purposes in order for a user to connect to a private server that is outside his/her own network.
Advantages
Port 1723 is advantageous because it allows users to communicate via applications on multiple computers and networks. When used in conjunction with TCP, Port 1723 guarantees that data is sent and received correctly, while PPTP VPNs manage the security algorithms within the port to protect the user’s data from hackers and other cyber thieves.

Public DNS Servers

DNS (Domain Name System) servers are designed to allow networked devices such as computers, phones, and other servers to look up address records in DNS tables. The majority of DNS servers are configured to provide service to the organizations or people that own or pay service fees for the hardware. There are a number of public DNS servers that will provide DNS resolutions for requesting computers or people. The majority of these servers are purposely public; however, some become public due to misconfiguration or malicious behavior. These typically get fixed once management realizes that they have been providing free service to others.

How Does DNS Work?

The Domain Name System (DNS) is a database that handles translating a fully qualified domain name into an Internet Protocol (IP) address. Most computer networks will have at a minimum one DNS server to handle queries which are commonly referred to as the “name server.” It will store a listing of all of the IP addresses stored on the network as well as a cache of the IP addresses recently accessed outside of the network. On any given network, a computer only needs to know the location of one name server. When a computer goes to lookup an IP address that is not stored on the computer, it will check with the Name Server. The Name Server will see if it is addressed locally, but if someone on the network has recently requested the same address the IP address will be retrieved from the server’s cache.
Each of these cases results in little wait for a response. If the address has not been requested recently, then the Name Server will perform a search by querying two or more name servers. These queries can take anywhere from seconds to a minute based on the network speed. If no resolution is found, an error message is returned to the user.
ps logo2 Public DNS Servers

Public DNS Servers

The following are public DNS servers available for free use at the time of this writing. Before changing your personal or work computer DNS settings, ensure that you note the specifics for the legacy system you are changing in the event the free service has issues or is no longer available.
Google Public DNS
8.8.8.8
8.8.4.4
Level 3 Communications (Broomfield, CO, US)
4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6
Verizon (Reston, VA, US)
151.197.0.38
151.197.0.39
151.202.0.84
151.202.0.85
151.202.0.85
151.203.0.84
151.203.0.85
199.45.32.37
199.45.32.38
199.45.32.40
199.45.32.43
GTE (Irving, TX, US)
192.76.85.133
206.124.64.1
One Connect IP (Albuquerque, NM, US)
67.138.54.100
OpenDNS (San Francisco, CA, US)
208.67.222.222
208.67.220.220
Exetel (Sydney, AU)
220.233.167.31
VRx Network Services (New York, NY, US)
199.166.31.3
SpeakEasy (Seattle, WA, US)
66.93.87.2
216.231.41.2
216.254.95.2
64.81.45.2
64.81.111.2
64.81.127.2
64.81.79.2
64.81.159.2
66.92.64.2
66.92.224.2
66.92.159.2
64.81.79.2
64.81.159.2
64.81.127.2
64.81.45.2
216.27.175.2
66.92.159.2
66.93.87.2
Sprintlink (Overland Park, KS, US)
199.2.252.10
204.97.212.10
204.117.214.10
Cisco (San Jose, CA, US)
64.102.255.44
128.107.241.185
OpenNIC
202.83.95.227 (au)
119.31.230.42(au)
178.63.26.173 (de)
217.79.186.148 (de)
27.110.120.30(nz)
89.16.173.11 (uk)
69.164.208.50 (us)
216.87.84.211(us)
2001:470:8388:10:0:100:53:20 (us)
2001:470:1f10:c6::2 (us)
ClearCloud
Preferred DNS server: 74.118.212.1
Alternate DNS server: 74.118.212.2
Full list of available OpenNIC servers is here.

How to Change DNS Server Settings on Microsoft Windows

The DNS settings on a computer running the Microsoft Windows operating system (OS) are configured in the TCP/IP properties window for the computer. The following example to change DNS server settings is based on the steps required to change the settings on Microsoft Windows 7 OS. They may differ slightly based on the specific version of Windows installed on the computer.
Step 1 – Select the “Start” menu button and click the “Control Panel” icon.
Step 2 – Select the “Network and Internet,” “Network and Sharing Center,” and “Change Adapter” menu options.
Step 3 – Choose the network connection to configure to use the public DNS server. For an Ethernet connection you would right click the “Local Area Connection” menu button and then choose the “Properties” menu option. For a wireless connection, right click the “Wireless Network Connection” and choose the “Properties menu choice. Then, enter a password if prompted or confirm that you want to modify the setting.
Step 4 – Choose the “Networking” menu tab. Then select the “Internet Protocol Version 4 (TCP/IPv4) or Internet Protocol Version 6 (TCP/IPv6) menu option followed by clicking the “Properties” menu button.
Step 5 – Select the “Advanced’ menu option and then click the “DNS” menu tab. Note any DNS server IP addresses listed on this screen for future reference and clear from the window. Click the “Ok” menu button.
Step 6 – Chose the “Use the Following DNS Server Addresses” menu options. If you see any addresses listed here write them down. Then, enter the public DNS server addresses in the appropriate window. If you intend on using the Google Public DNS server your entries would be:
IPv4: 8.8.8.8 and/or 8.8.4.4.
IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844
Step 7 – Restart the network connection selected earlier for configuration. Then, repeat the steps for any additional network connections that require reconfiguration.

How to Change DNS Server Settings on Mac OS X

On Mac OS X the DNS server settings and set and changed in the “Network” window of the operating system. This example uses the specific instructions required for Mac OS X 10.5 and may slightly vary based on the specific version of the OS installed on your computer.
Step 1 – Select “System Preferences” followed by the “Network” menu options from the “Apple” menu.
Step 2 – If there is a lock icon located in the lower corner of the window preventing step 1 from being completed, then click the icon and enter the administrator password for the computer.
Step 3 – Choose the network connection to configure to use a public DNS server. For an Ethernet connection, choose the “Built-in-Ethernet” menu option followed by the “Advanced” menu choice. For a wireless connection, choose the “Airport” followed by clicking “Advanced.”
Step 4 – Choose the “DNS” menu tab. Then, select the “+” symbol to replace any of the listed addresses. Ensure legacy DNS servers are written down or otherwise recorded in the event you need to use them in the future. To change the DNS server settings to the Google servers enter the following addresses:
For IPv4: 8.8.8.8 and/or 8.8.4.4.
For IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844
Step 5 – Choose the “Apply” and “Ok” menu buttons to finish configuring the DNS server setup for your Mac computer. Repeat the instructions for an additional network connection on the same computer.

How to Change DNS Server Settings on Linux

In the majority of Linux distributions, the DNS settings are configured or set by using the Network Manager. This example uses settings required on Ubuntu and the steps may be different based on the Linux build or version that you have installed on your computer.
Step 1 – From the computer’s “System” menu, choose the “Preferences” and “Network Connections” menu options.
Step 2 – Choose the network connection that you want to change to use a public DNS server. For an Ethernet connection, you would select the “Wired” menu tab and then choose the network interface from the resulting list which is normally called “eh0.” For a wireless connection, choose the “Wireless” menu tab and select the appropriate wireless network.
Step 3 – Choose the “Edit” menu button and then choose the “IPv4” or “IPv6” settings menu tab. If you see that the current method being used is “Automatic (DHCP),” then open the dropdown and choose the “Automatic (DHCP) addresses only” menu option. If set to another option, do not change the selection.
Step 4 – In the DNS servers field, enter the desired public DNS server IP addresses separated by a space. To configure the computer to use the Google public DNS servers enter:
IPv4: 8.8.8.8 and/or 8.8.4.4.
IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844
Step 5 – Choose the “Apply” menu button to save the changes. Some builds of Linux will then as you to enter a password to confirm the changes. Repeat the same procedure for any additional connections that you want to change.

How to Change DNS Server Settings on Mobile Devices

On a mobile device, the DNS server configuration will normally be saved under the advanced wireless or WiFi settings. The following procedure is generic in nature and will likely require slightly different steps based on the brand of the device being changed.
Step 1 – Open the WiFi settings screen or menu. Locate the menu option or screen where DNS settings are listed.
Step 2 – Note any IP addresses listed for the primary and secondary DNS servers in the event you need to change the settings in the future to the original ones.
Step 3 – Change the DNS server addresses with the desired public servers. To change to use the public Google DNS servers, enter the following addresses:
IPv4: 8.8.8.8 and/or 8.8.4.4.
IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844
Sep 4 – Choose the “Save” and “Exit” menu options to complete changing the DNS server settings on your mobile device.

How Do You Test Public DNS Server Changes?

Step 1 – Launch the web browser on the computer or mobile device that has public DNS servers entered.
Step 2 – Enter a well-known website such as www.tech-faq.com or www.google.com.
Step 3 – If the page loads properly, bookmark it in your browser.
Step 4 – Access the page from the bookmark. If the well-known site loads from each test, then the changes to the public DNS server have worked appropriately.
Step 5 – If the webpage fails to load from either test enter a fixed IP address. A well-known one that can be used is: http://18.62.0.96/ which should resolve to MIT. If this works, bookmark the page and try again. If the IP address entry fails, you likely entered the DNS changes incorrectly and need to try again.
Step 6 – If neither of the IP address tests works, then enter the old DNS servers and run the tests again. If they fail, then there is a problem with the computer’s network connection that may require ISP or network administrator assistance. If the computer works normally after reverting to the old DNS settings, then there is likely an issue with the public DNS server that you have tried to use.

How Do You Troubleshoot DNS Server Errors?

In the event you are encountering errors or issues after changing to a public DNS server there are some troubleshooting steps that you can take to verify if the error is with the DNS server. Once you run each of the commands, save the results in a text document so that you can send them to the appropriate help desk or message board that supports the server (if there is one).
Step 1 – Confirm that your computer can establish communications with the public DNS server. On a Windows computer, open the DOS command prompt by selecting the “Start” menu button and entering “CMD” in the search text field.
Step 2 – enter “tracert –d serveraddress” followed by pressing the enter key. ON a MAC OS X computer, open the terminal and enter “/usr/sbin/traceroute –n –w 2 –q 2 –m 30 serveraddress . On Linux, sudo traceroute –n –w 2 –q 2 –m 30 serveraddress.

If you do not see the DNS server IP address as the final hop on the return trace or there are a lot of timeouts, then there may be a network connectivity issue preventing contact with the public DNS server.

Step 3 – Confirm that the public DNS server can resolve the hostname. On Windows, enter the following command at the command prompt:
Nslookup –debug hostname DNSserverAddress
Mac OS X and Linux:
Dig @DNSserverAddress hostname
If you see a section with an A record listed for the hostname on the output, then the DNS server can resolved the name and you should confirm the DNS settings on your computer again. If you do not see an answer for the hostname, then proceed to the next step.
Step 4 – Confirm that another public DNS server can resolve the hostname that you have selected. Enter the following commands at the command prompt on Windows. There servers used are from Level 3 and Open DNS (Last 2).
nslookup hostname 4.2.2.1
nslookup hostname 4.2.2.2
nslookup hostname 208.67.222.222
nslookup hostname 208.67.220.220
If you get a successful result, then there is likely an issue with the first public DNS servers that you tested. If you do not get a successful result, then there is probably an issue with the servers being tested and should be tried again after waiting for a bit.
Step 5 – Change your computer’s DNS settings to the original servers that were being used if you have no success in changing the settings to a public DNS server. Based on your operating system, you may need to manually enter these addresses again and restart the computer or device.

How to Delete a Virtual Machine Created with Windows Virtual PC

1. If you have the virtual machine that you want to delete running, then you must close or shut down the virtual machine first.

2. Open the Windows 7 Start Menu, and click on All Programs, expand Windows Virtual PC folder, and double click on the Virtual Machines shortcut. (See screenshot below)
NOTE: You can also open the Virtual Machines folder at C:\Users\(User Name)\Virtual Machines.
Windows Virtual PC - Delete a Virtual Machine-start_menu.jpg
3. Right click on the virtual machine that you want to delete, then click on Settings. (See screenshot below)
Windows Virtual PC - Delete a Virtual Machine-settings.jpg
4. In the left pane, click on the Hard Disk (ex: Hard Disk 1) that has a .VHD file (ex: Vista SP2.vhd) listed under "Current Value" to select it. (See screenshot below)
Windows Virtual PC - Delete a Virtual Machine-stepc.jpg
5. In the right pane, click on the Browse button. (See screenshot above)
NOTE: You could also just navigate to that location for the .vhd file in Windows Explorer.

6. Right click on the .vhd file (ex: Vista SP2.vhd) for the virtual machine that you want to delete, and click on Delete. (See screenshot below)
Windows Virtual PC - Delete a Virtual Machine-vhd.jpg
7. Click on Yes to approve. (See screenshot below)
Windows Virtual PC - Delete a Virtual Machine-stepd.jpg
8. Close the window under step 6 and under step 5.

9. Right click on the .vmcx file for the virtual machine that you want to delete, then click on Delete. (See screenshot below)
Windows Virtual PC - Delete a Virtual Machine-stepa.jpg
10. Click on Yes to approve. (See screenshot below)
Windows Virtual PC - Delete a Virtual Machine-stepb.jpg
11. Close the window under step 9.

12. Empty the Recycle Bin.

How to audit file and folder access to improve Windows 2000 Pro security

While auditing file and folder access on a client's home computer or a networked office machine is probably overkill, I recommend auditing any publicly accessible computer, whether it’s networked or not. Auditing file and folder access allows you to test your security policy and determine whether any users are trying to use the machine in an unauthorized manner.

Enabling auditing
Before you can audit file and folder access, you must enable the Audit Object Access setting in the machine’s group policy. Log on to the machine with a local administrative account and open the Control Panel. Double-click the Administrative Tools icon and then the Local Security Policy icon. Doing so will display the machine’s group policy settings.

Navigate through the console tree to Security Settings | Local Policies | Audit Policy. When you select the Audit Policy container, the column to the right will display a number of different events that you can audit, as shown in Figure A.

Figure A
You can audit a number of events.


As you can imagine, it’s easy to get carried away with the idea of an ultrasecure machine by auditing absolutely everything. But this is a bad idea for several reasons. First, the audit process builds log files. Each entry in the log consumes a small amount of hard disk space. If too many audited events occur, your machine could run out of hard disk space. Second, each audit also consumes a small amount of CPU time and memory. So excessive auditing can negatively affect system performance.

Perhaps the best reason for not auditing everything is information overload. I have seen situations in which several hundred events are audited every minute. This makes it virtually impossible to locate anything useful within the logs because the useful log entries blend in with the garbage entries. My advice is to use discretion when creating an audit policy. Don’t audit anything that you don’t absolutely need to know about. The more you refine which events are audited, the more meaningful each audited event will become.

Let’s take a look at some of the available auditing options. Obviously, which audits are appropriate for your needs will vary depending on your environment. For general purpose auditing, though, I recommend auditing logon events so that you can tell when users have logged on or off. I also recommend auditing object access (i.e., files and folders). Auditing object access will allow you to see who does what to designated files and folders. Finally, I recommend auditing policy changes. This is a big one, because if someone is tampering with the machine’s security policy, you really need to know about it.

To enable these types of auditing, double-click the appropriate option within the Local Security Policy Settings console. You will then see a dialog box similar to the one shown in Figure B. As you can see in this figure, you can implement a failure audit and/or a success audit for each event.

Figure B
You can perform success and/or failure audits for each event.


So how do you know whether to perform a success or a failure audit? Well, that’s really up to you. For logins and policy changes, I recommend auditing both success and failures. For example, a success audit of login actions would create an audit log entry every time someone logged in successfully. A failure audit of the same event would write an audit log entry every time someone entered a password incorrectly. Likewise, a success audit on policy changes would let you know that someone changed a security policy, while a failure audit would tell you that someone tried to change a security policy but didn’t actually manage to make the change happen.

When it comes to auditing object access, I recommend also enabling success and failure audits. Just because success and failure audits are enabled for object access, though, it doesn’t mean that you actually have to use them. Every object that you audit access for has an entire range of audit options. Enabling success and failure audits simply make these options available to you.

Auditing object access
You must be careful which objects you audit or you will end up with the information overload problems. It's very easy to end up with information overload because if you audit a folder, the audit applies to every object within the folder and within any subfolders. The audit applies to child objects, grandchild objects, and so on. So when possible, I recommend auditing objects at the file level. For example, if you needed to know who made the most recent changes to an Excel spreadsheet, it would be better to audit the actual XLS file than the folder containing it.

I also recommend that you avoid auditing system files and folders. Doing so can also result in information overload. For example, if you were to audit the Windows folder, you would end up with countless audit log entries because the system is constantly accessing files found in this folder. If you really wanted to audit Windows, a better solution might be to audit the registry files.

To audit a file or folder, right-click it and select the Properties command from the resulting menu. You’ll see the object’s Properties sheet. Select the Properties sheet’s Security tab, and click the Advanced button to display the Access Control Settings Properties sheet for the object. Select the Auditing tab. Then, click the Add button, and you’ll be presented with a list of users and groups. Select the users or groups that you wish to audit, and click OK.

For example, years ago, I worked for a large insurance company. At the company, a woman on the administrative staff was deliberately doing things to sabotage the system. Before we confronted her with this information, we needed to build a case against her. So we created audit policies that applied only to her. This way, we could watch every move she made without being flooded with thousands of log entries pertaining to other users.

Once you have selected a user or group, you’ll see the dialog box shown in Figure C. As you can see, you can enable success and/or failure audits for many types of access to the file or folder on a user or group basis.

Figure C
You can audit a number of different access types for files and folders.


Viewing audit results
You might be curious to know how to view the audit results. Open the Control Panel and double-click the Administrative Tools icon and then the Event Viewer icon. When the Event Viewer opens, click the Security container to see the security logs, as shown in Figure D. In the figure, you’ll notice how many log entries were applied in a matter of a few seconds. This is why it’s so important to use discretion when creating an audit policy. If you want to get more information on a particular event, simply double-click it.
Browser Name:
Browser Version:
Browser Code Name:
User-Agent: