Exam Objectives Frequently Asked Questions

Previous page
Table of content
Next page

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

My firewall logs are showing a number of network packets being processed by our external router that look as though they re originating from within my internal network. Can this be right?

the reason you re seeing this is that the packets are probably spoofed . this means that a malicious user has altered the packets so that their real source address has been removed, and in this case replaced with an address within your internal network. this is a common tactic to obscure the source of a network attack. you can put security measures in place on most modern routers that will filter this traffic, referred to as ingress filtering and egress filtering . consult your router documentation for specific configuration details.

2.  

Microsoft has just released a critical security update for one of the server products in my network. Should I skip the testing process and install the update right away to protect against the security vulnerability it is correcting?

our best advice would be a resounding no. while microsoft product services does an outstanding job testing the patches they release, they cannot account for every possible hardware and software combination in existence in the world. therefore, your best bet is to test the patch on a nonproduction server and check for any adverse effects before deploying it to your production servers. an untested patch can wreak as much havoc on a network as any security vulnerability.

3.  

I am using Network Monitor from a Windows Server 2003 machine and am attempting to monitor traffic on my network. However, I am only seeing packets that are coming to or from this specific server; I m not seeing any other traffic that s taking place. Am I doing something wrong?

no. the version of network monitor that comes with windows server 2003 will only record traffic that is coming to or from the network interface card (nic) that it s running on. to monitor all traffic on your network, you will need a version of network monitor that is running in promiscuous mode to capture all packets regardless of source or destination. the version of network monitor that comes with microsoft systems management server (sms) will perform this function for you.

4.  

I need to search the Event logs for multiple Windows Server 2003 machines for any logon attempts by an employee who was recently terminated . Is there an easier way to do this other than opening each server s log file individually?

yes. you can use the eventcombmt utility, a free utility available from the microsoft web site. this utility can perform a number of built-in searches, or you can create your own custom queries.

Answers

1.  

The reason you re seeing this is that the packets are probably spoofed . This means that a malicious user has altered the packets so that their real source address has been removed, and in this case replaced with an address within your internal network. This is a common tactic to obscure the source of a network attack. You can put security measures in place on most modern routers that will filter this traffic, referred to as ingress filtering and egress filtering . Consult your router documentation for specific configuration details.

2.  

Our best advice would be a resounding No. While Microsoft Product Services does an outstanding job testing the patches they release, they cannot account for every possible hardware and software combination in existence in the world. Therefore, your best bet is to test the patch on a nonproduction server and check for any adverse effects before deploying it to your production servers. An untested patch can wreak as much havoc on a network as any security vulnerability.

3.  

No. The version of Network Monitor that comes with Windows Server 2003 will only record traffic that is coming to or from the network interface card (NIC) that it s running on. To monitor all traffic on your network, you will need a version of Network Monitor that is running in promiscuous mode to capture all packets regardless of source or destination. The version of Network Monitor that comes with Microsoft Systems Management Server (SMS) will perform this function for you.

4.  

Yes. You can use the EventCombMT utility, a free utility available from the Microsoft Web site. This utility can perform a number of built-in searches, or you can create your own custom queries.



Previous page
Table of content
Next page
MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122
Authors: Elias Khasner, Laura E. Hunter
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Competency-Based Human Resource Management
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century: Prevention and Detection for the Twenty-First Century
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy