CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [71]
Many PCs being built and delivered today come with internal modems. Unless the modems are specifically needed, they should be disabled or removed from network workstations. If this isn’t possible, they should be configured not to auto-answer incoming calls. In other words, you must eliminate as many features of the modem as possible in order to increase security.
Many preconfigured administrative systems provide modem connections for remote maintenance and diagnostics. These connections should either be password-protected or have a cut-off switch so they don’t expose your network to security breaches.
Remote Access Services
Remote Access Services (RAS) refers to any server service that offers the ability to connect remote systems. The current Microsoft product for Windows-based clients is called Routing and Remote Access Services (RRAS), but it was previously known as Remote Access Services (RAS). Because of this, you’ll encounter the term RAS used interchangeably to describe both the Microsoft product and the process of connecting to remote systems.
Figure 3.4 depicts a dial-up connection being made from a workstation to a network using a RAS server on the network. In this case, the connection is being made between a Windows-based system and a Windows server using Plain Old Telephone Service (POTS) and a modem.
FIGURE 3.4 A RAS connection between a remote workstation and a Windows server
The RAS connection is accomplished via dial-up or network technologies such as VPNs, ISDN, DSL, and cable modems. RAS connections may be secure or in the clear, depending on the protocols that are used in the connection.
A popular method of remote access is through the use of PC Anywhere and similar remote connection/virtual network programs. A major issue with Virtual Network Computing (VNC) is that you are leaving a door into the network open that anyone may stumble upon. By default, most of these programs start the server service automatically, and it is running even when it is not truly needed. It is highly recommended that you configure the service as a manual start service and launch it only when needed to access the host. At all other times, that service should be shut down.
Routers
The primary instrument used for connectivity between two or more networks is the router. Routers work by providing a path between the networks. A router has two connections that are used to join the networks. Each connection has its own address and appears as a valid address in its respective network. Figure 3.5 illustrates a router connected between two LANs.
FIGURE 3.5 Router connecting two LANs
Routers are intelligent devices, and they store information about the networks to which they’re connected. Most routers can be configured to operate as packet-filtering firewalls. Many of the newer routers also provide advanced firewall functions.
Routers, in conjunction with a Channel Service Unit/Data Service Unit (CSU/DSU), are also used to translate from LAN framing to WAN framing (for example, a router that connects a 100BaseT network to a T1 network). This is needed because the network protocols are different in LANs and WANs. Such routers are referred to as border routers. They serve as the outside connection of a LAN to a WAN, and they operate at the border of your network. Like the border patrols of many countries, border routers decide who can come in and under what conditions.
Dividing internal networks into two or more subnetworks is a common use for routers. Routers can also be connected internally to other routers, effectively creating zones that operate autonomously. Figure