Page 409 - StudyBook.pdf
P. 409

Infrastructure Security: Devices and Media • Chapter 6  393

                 lengths to more advanced equipment capable of diagnosing network problems.
                 Some of the better diagnostic equipment can be remotely accessed and controlled
                 via TCP/IP.Again, this is an extremely useful tool for network administrators, but
                 the data available from this tool can be very dangerous in the hands of an intruder.
                 The same security best practices apply to these devices. Strong passwords and
                 encrypted sessions should always be the default strategy when dealing with net-
                 work monitoring or diagnostic equipment that is remotely accessible.
                    The vulnerabilities associated with these devices are generally limited to the
                 ability of intruders to gather data.With the data that can be gathered from these
                 devices, an intruder can get enough information to cause unlimited damage to a
                 network or gather a great deal of confidential information.What is the single best
                 security policy for these devices? If possible, do not connect them until they are
                 needed.



                 EXAM DAY TIP
                      Remember that sniffing a network is a passive attack but can provide a
                      huge amount of information that can later be used for active attacks.





                 Workstations

                 The term workstation basically refers to any computer system that the end users of a
                 network work on, assuming that the end users do not use servers for their normal
                 day-to-day work.Workstations are typically one of the most vulnerable devices
                 attached to a network. Flaws or bugs in all workstation OSes provide ample oppor-
                 tunity for attackers to gain remote access to systems, to copy data from the work-
                 stations, or to monitor the traffic and gather passwords for access to more systems.
                 In addition, workstations are more vulnerable simply because there are typically
                 more workstations on a network than any other network device.The sheer quan-
                 tity of workstations makes it more difficult to ensure that they are all as secure as
                 possible.
                    The protocols used by workstations present another possible vulnerability. Since
                 most networks today operate using TCP/IP as the primary protocol, the TCP/IP
                 stack of the workstations is a vulnerability.There are many exploits available that
                 cause stack overflows or cause a workstation to be unable to communicate effec-
                 tively on the network.A DoS attack using malformed TCP/IP packets can cause a



                                                                              www.syngress.com
   404   405   406   407   408   409   410   411   412   413   414