• Choose a category
• All
• Classic-Fiction

Because WINS is providing a service to clients who request information from it, it’s susceptible to DoS attacks. When left unpatched, it is also available for remote code execution.

Network File System Protocol

Network File System (NFS) is the default file-sharing protocol for Unix systems. NFS allows a remote user to mount drives on a machine in the network. To be secure, NFS requires special configuration and is, in many ways, more of a Linux+ topic than Security+. NFS is equivalent to Distributed File System (DFS), which tends to exist outside of the Unix world. Figure 4.4 shows a remote system mounting a drive on a local machine using NFS.

FIGURE 4.4 An NFS device being mounted by a remote Unix system

NFS is also discussed in Chapter 5.

The Apple Protocol

Apple Computers has been a network player for many years. The Apple networking protocol, AppleTalk, is a routable protocol (although it has a lot of routing overhead), and it has been a standard on Apples and Apple printers for many years. Most manufacturers of network products support the AppleTalk protocol, which isn’t intended for secure applications. Modern Macintosh systems can also use TCP/IP for connections.

Most of AppleTalk’s vulnerabilities don’t center around the protocol itself, but instead are exploitations of programs that offer this service. For example, there are known vulnerabilities with programs that allow Linux to offer AppleTalk, but those weaknesses are with the programs themselves and not with AppleTalk per se.

Monitoring Network Systems

Several monitoring mechanisms are available to track traffic. Monitoring can occur on individual systems, on servers, or as a separate component of the network. The connection used when monitoring occurs on a network is called a tap. Figure 4.5 illustrates some of the places where a network tap can occur. Each location presents a different view of the network. For an effective security process, multiple taps are probably needed.

FIGURE 4.5 Tap locations used to monitor network traffic

Your system faces both internal and external threats. If all your monitoring activities are oriented toward external threats, discovering internal security breaches as they occur may be difficult. You must always strive to achieve a good balance between the two and be willing to increase measures in one direction or another as needed. For example, should you learn that the company is about to downsize 25 percent of the workforce, then it would be prudent to increase security measures targeted at minimizing internal breaches. Following a rash of intrusions at companies in the same business as yours, increasing external security measures should be the top priority.

Always remember that common sense is the most important tool you have in answering exam questions as well as facing real-world scenarios.

In a busy network, identifying the types of activities that are occurring is difficult because of the sheer volume of traffic. Heavy traffic makes it necessary to dedicate personnel to monitoring. Network activity is also reported in system logs and audit files. Although it’s a good practice to periodically review these files, doing so can be a daunting and extremely boring undertaking. Automated tools, which make this process more manageable, are coming to the market.

Understanding Intrusion Detection Systems

Imagine that you have just come home from vacation. While you were gone, someone entered your house without your permission. How will you know it? Will the alarm be sounding, or will you notice the front door unlocked? Will you need to spot something missing, or will a rug out of place tip you off?

Real World Scenario

Know the Resources Available in Linux

Security information is readily found at a number of Linux-related sites. The first to check, and stay abreast of, is always the distribution vendor’s site. Its pages usually provide an overview of Linux-related security issues with links to other relevant pages.