Networking Fundamentals, 3rd Edition page 448

Copyright Goodheart-Willcox Co., Inc. 448 Networking Fundamentals ports should be monitored for activity. A third-party utility or the netstat utility can be used to check for open ports. Th e netstat utility is covered later in this chapter. Obviously, some ports need to be open or no services would be accessible. How- ever, unnecessarily open ports, along with unnecessarily running services, present security vulnerabilities. Zero Confi guration (Zeroconf) Zero Confi guration (Zeroconf) is a standard developed by IEEE that recommends how to design a device that automatically detects other devices on the same network or on a nearby network segment without the need of intervention by an administra- tor or a DHCP or DNS server. Identifi cation is based on MAC addresses, which are unique for each network device. Network devices are any devices that can be identifi ed by a MAC address this includes communication devices and electronic appliances. Zeroconf devices must have a unique IP address, subnet mask, and gateway ad- dress issued automatically. Th e Zeroconf protocol must also be able to resolve dupli- cate IP addresses automatically and translate between IP addresses and host names. Th e main reason for the development of Zeroconf protocol is to enable an easy method of networking devices without the intervention of an administrator. Micro- soft operating systems as well as Mac OS 9 and later incorporate the Zeroconf stan- dard. For example, the Microsoft wireless device protocol automatically confi gures a wireless network card when it is physically inserted into the computer. Th e downside of Zeroconf is it makes a network less secure. A person could sim- ply purchase a similar device and connect it to a network system to gain access. An example is a wireless device, such as a WAP, that uses a default SSID and automatic IP addressing. If the device is installed with the default settings and uses Zeroconf to confi gure the clients, anyone with a similar device installed can access the same network. From a security point of view, it is fortunate that Zeroconf has not become particularly popular. Denial of Service (DoS) Denial of Service (DoS) is the denial of access to a server by overloading it with false requests. It is one of the most common attacks on servers. A DoS attack over- loads the server to the point that it crashes or is not able to complete legitimate user requests Aside from specifi c attacks, there are various types of DoS used: refl ective, amplifi cation, and distributed. Refl ective attacks, as the name suggests, refl ect oth- er sources to the target. Amplifi cation attacks amplify traffi c. A Distributed Denial of Service (DDoS) attack is simply a DoS originating from multiple attacking machines. Th ere have been a number of diff erent ways of performing DoS attacks over the years. Examples include the Smurf attack and DHCP starvation. Smurf Attack Th e Smurf attack is a type of refl ective DoS that uses a combination of IP spoofi ng and ICMP to saturate a target network with traffi c. Th e attacker sends a modifi ed ping to the broadcast address of a large network. Th e modifi ed packet contains the source address of a target site. Th is causes all the machines on the target network to send replies to the target machine. If a fl ood of such packets is sent to the broadcast address of the target network, it will cause that network to fl ood the target machine and render it inaccessible. 4.4 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 448 (470 of 720)

Resources and Downloads

Help