3.8. Understanding Network Protocols

Your network may have network protocols running in addition to TCP/IP, and each of these protocols may be vulnerable to outside attack. Some protocols (such as NetBEUI, DLC, and other more primitive protocols) aren't routable and, therefore, aren't subject to attack. Of course, there is a great big "unless": If your router or firewall is configured to pass them, some of these protocols can be imbedded in TCP/IP and may be passed to other systems.

The major protocols used by TCP/IP for maintenance and other activities include those discussed in the following list:


Simple Network Management Protocol

TCP/IP uses Simple Network Management Protocol (SNMP) to manage and monitor devices in a network. Many copiers, fax machines, and other smart office machines use SNMP for maintenance functions. This protocol travels through routers quite well and can be vulnerable to attack. Although such an attack might not be dangerous, think about what could happen if your printer suddenly went online and started spewing paper all over the floor.

SNMP was upgraded as a standard to SNMPv2, which provides security and improved remote monitoring. SNMP is currently undergoing a revision; although a new standard (SNMPv3) is out, although most systems still use SNMPv2.


Internet Control Message Protocol

TCP/IP uses Internet Control Message Protocol (ICMP) to report errors and reply to requests from programs such as Ping and Traceroute. ICMP is one of the favorite protocols used for DoS attacks. Many businesses have disabled ICMP through the router to prevent these types of situations from occurring.

Using ICMP to Deal with Smurf Attacks

Your organization has been repeatedly hit by smurf attacks. These attacks have caused a great deal of disruption, and they must be stopped. What could you suggest to minimize these attacks?

You should recommend disabling ICMP traffic at the point where your network connects to the Internet. You can do this by disabling the protocol on your router and blocking this traffic in firewall systems. Doing so won't completely eliminate the problem, but it will greatly reduce the likelihood of a successful attack occurring using ICMP. This step will also prevent people from gaining information about your network because any programs (such as Ping) that request information from your network systems will no longer function.



Internet Group Management Protocol

TCP/IP uses Internet Group Management Protocol (IGMP) to manage group or multicasting sessions. It can be used to address multiple recipients of a data packet: The sender initiates broadcast traffic, and any client who has broadcasting enabled receives it. (Broadcasts are messages sent from a single system to the entire network—the systems could be inside your network or throughout the world.) This process, called multicasting, can consume huge amounts of bandwidth in a network and possibly create a DoS situation. Most network administrators disable the reception of broadcast and multicast traffic from outside their local network.

A unicast is IGMP traffic that is oriented at a single system. TCP/IP primarily uses a unicast method of communication: A message is sent from a single system to another single system.

NOTE

Every one of these major protocols used by TCP/IP presents a potential problem for security administrators. Make sure you use what you need and disable what you don't.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.122.195