4.8. Summary

This chapter covered most of the major points concerning communications monitoring, IDS, wireless technologies, and instant messaging. Your network infrastructure is vulnerable, but the situation isn't hopeless. Tools exist to help you do your job.

Many different protocols may exist in your network. Each protocol has its own strengths and weaknesses. You must know what they are and how to deal with them. Network product vendors have become forthcoming about their products' vulnerabilities; make sure you consult them to determine what problems exist. Protocols such as NetBEUI and NetBIOS aren't routable protocols, but they can be encapsulated in TCP/IP traffic and shipped to other networks using VPN technology.

The primary tools used to detect attacks are network monitors and intrusion detection systems. Network monitors involve manual monitoring and can be difficult to use. IDSs identify and respond to attacks using defined rules or logic. These systems can track either anomalies in network traffic or misuses of protocols. IDSs can also be established to monitor an entire network or used to monitor a host. These systems are referred to as either NIDSs or HIDSs. NIDSs can make active or passive responses, whereas HIDSs are usually only capable of passive responses.

A honeypot is a system designed to entice or entrap an attacker. Enticement means inviting or luring an attacker to the system. Entrapment is the process of encouraging an attacker to perform an act, even if they don't want to do it. Entrapment is a valid legal defense in criminal proceedings.

An incident is an attack or theft of data in your network. The steps in incident response include identifying, investigating, repairing, and documenting the incident, and afterward adjusting procedures to help in future incidents.

Wireless systems are becoming increasingly popular and standardized. The most common protocol implemented in wireless systems is WAP. The security layer for WAP is WTLS. WAP is equivalent to TCP/IP for wireless systems.

The standards for wireless systems are developed by the IEEE. The most common standards are 802.11, 802.11a, 802.11b, and 802.11g. These standards use the 2.4GHz or 5GHz frequency spectrum. Several communications technologies are available to send messages between wireless devices.

Wireless networks are vulnerable to site surveys. Site surveys can be accomplished using a PC and an 802.11x card. The term site survey is also used in reference to detecting interference in a given area that might prevent 802.11x from working.

Instant messaging is a growing application on the Internet. IM uses synchronized servers to provide instantaneous communications, such as chatting, between users on a global basis. IM is vulnerable to malicious code and packet sniffing. Information that is sensitive should be encrypted before being sent, or other methods should be found to send it.

The process of gathering information about a computer network uses methodologies called signal analysis and signal intelligence. These methods have been used by governmental agencies for many years. As a security expert, your job is to act as a counterintelligence agent to prevent sensitive information from falling into the wrong hands. The methods used to gain information about your environment include footprinting and scanning.