CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [97]
Monitoring your network on a regular basis is important to determine what types of events are occurring. Without this information, you’re shooting in the dark. As a security professional, you should primarily deal with what is happening in your network as it occurs. You also want to establish preventive measures to reduce the fear of the unknown.
The following sections introduce you to the types of network traffic you’ll encounter on most networks. These include a wide variety of protocols, such as TCP/IP, IPX, and NetBEUI. Each one operates with its own rules and methods. In general, these protocols don’t interact with each other, and they’re oblivious to the existence of the other protocols.
With each passing day, it is harder and harder to find networking protocols in use other than TCP/IP. It has become the de facto networking protocol and is now the standard default in almost every operating system, including those from Microsoft and Novell. For the exam, however, you should know general information about all the protocols discussed in this book.
Recognizing the Different Types of Network Traffic
The following sections briefly explain the protocols and services that are common in networks. The most common protocol used in wide area networks (WANs) today is TCP/IP, which is why it is discussed first. Some networks also run protocols unique to Novell, Microsoft, Network File Systems, and AppleTalk, and these protocols are discussed as well. The following sections introduce you to these protocols and identify potential threats to your networks.
TCP/IP
As you might recall, the TCP/IP suite supports a wide variety of protocols used to transport information inside and outside the local area network (LAN). The protocols that are most susceptible to attacks are IP, TCP, UDP, ICMP, and IGMP, which were briefly mentioned in Chapter 2, “Identifying Potential Risks.” The important thing to remember is that each of these protocols may be vulnerable because of the unsecure nature of TCP/IP or a weakness in the software manufacturer’s implementation of the protocol.
It’s important to know which TCP and UDP ports are open in order to understand what services your server is allowing.
Lab 4.1 shows how to view the active TCP and UDP ports.
Novell Protocols
Novell, Inc., has long been a significant player in the network environment. Its NetWare product line was once the server network operating system (NOS) used throughout the majority of all office buildings. Novell is a longtime rival of Microsoft, and the company has a large and loyal following.
NetWare, a server-based networking environment/operating system, offers network protocols, services, and applications. NetWare is susceptible to DoS attacks, as are most TCP/IP-based environments. In addition to TCP/IP, NetWare supports two other proprietary protocols:
IPX/SPX Internetwork Packet Exchange (IPX) and Sequenced Packet Exchange (SPX) are two of the proprietary protocols unique to Novell 4.x and earlier NetWare networks. IPX and SPX are still in use, but they’re not as widespread as they once were. These protocols are fast, efficient, and well documented. They’re also susceptible to communications interception using internal monitoring.
Microsoft desktop operating systems often include the ability to communicate using IPX/SPX so that the workstations can exist on NetWare-based networks. Because IPX/SPX is proprietary to Novell, Microsoft created NWLink, an IPX-/SPX-compatible protocol that it owns.
NDS and eDirectory Novell introduced a directory management service called NetWare Directory Services (NDS) to manage all the resources in