Exam Objectives Frequently Asked Questions

Previous page
Table of content
Next page

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts. You will also  gain access to thousands of  other  FAQs at ITFAQnet.com.

1.  

Doesn t network infrastructure refer to a lot more than just DHCP and DNS?

yes, typically it does. however, when we re dealing with a wired network, the physical security of the infrastructure is typically discussed separately from the network-based (electronic) security elements. ensuring network cabling isn t jacked into or that unauthorized computers are not on the network are certainly parts of securing the infrastructure, but these threats are typically easier to spot and easier to manage.

2.  

How do IPSec policies and group policies relate to one another?

group policies are policies that include many different elements, including user configuration, software configuration settings, event logs, startup or logon scripts, and more. ip security policies can be implemented as part of a group policy object (gpo) and applied to domains, ous, or groups.

3.  

Why don t you typically use the AH and ESP IPSec protocols together?

the ah protocol signs the packet to ensure the integrity of the data and header. it prevents someone from modifying the packet in any way, but doesn t do anything to prevent someone from reading the data in the packet. esp, however, encrypts the data, including the original ip header. typically, if you use both ah and esp, the cpu cycles it takes to perform both actions is relatively large and you ll bog down the computers at both end of the process (sending/receiving). typically, if data privacy is important, esp can be used to protect the packet. if privacy is not a concern, ah is used.

4.  

How can someone accidentally connect to a wireless network?

if someone has a wireless device, such as a windows xp-based laptop, that is configured to look for a network connection automatically, when it finds a wireless access point, it might connect to the network. this can be a problem in companies that have frequent vendor, partner, or sales visitors who rely on their laptops while away from their own companies. inadvertent connection to your corporate wireless network creates a significant security breach, even if the user doesn t intend it. it s also vulnerable to viruses, worms, and other harmful code that can spread through the unknown user s computer to the corporate network.

5.  

When is ad hoc wireless networking used?

it occurs without the use of wireless access points when computers configured for wireless networking negotiate a communication strategy and communicate among themselves in a peer-to-peer fashion. this might be an appropriate configuration for users in a meeting who do not need access to the corporate network but do need access to shared files, for instance. it might also be useful in locations that are not configured with wireless access points or where wireless access points fail (out of range).

6.  

If WEP is so flawed, why is it used at all?

wep can still be used in wireless networks where other security measures do not exist. it might surprise you to know that many wireless network installations are not configured with any security at all. therefore, in that case, using wep would be better than nothing. moreover, if configured properly, wep can still be secured if keys are not static and if keys are re-negotiated frequently. this prevents a hacker from having sufficient time and data to crack the encryption with today s tools and technologies. that will certainly change in the future, but additional security methods are emerging in both hardware and software to address the continuing security threats.

7.  

Is using PKI and RADIUS servers really a viable option for most companies?

the answer depends on two things. first, how much of a risk is there to the corporate network, how well can it be segmented and protected, and how much security is enough security for your firm? there is always a cost/benefit analysis that must be assessed to determine the cost of implementing security solutions like pki and radius/ias versus the benefits provided by the more secure solution. there is no hard-and-fast answer, but as technologies continue to emerge and improve and the cost of wiring buildings and stations increases, the balance will likely tip in favor of implementing highly secure wireless networks.

Answers

1.  

Yes, typically it does. However, when we re dealing with a wired network, the physical security of the infrastructure is typically discussed separately from the network-based (electronic) security elements. Ensuring network cabling isn t jacked into or that unauthorized computers are not on the network are certainly parts of securing the infrastructure, but these threats are typically easier to spot and easier to manage.

2.  

Group policies are policies that include many different elements, including user configuration, software configuration settings, event logs, startup or logon scripts, and more. IP Security policies can be implemented as part of a Group Policy Object (GPO) and applied to domains, OUs, or groups.

3.  

The AH protocol signs the packet to ensure the integrity of the data and header. It prevents someone from modifying the packet in any way, but doesn t do anything to prevent someone from reading the data in the packet. ESP, however, encrypts the data, including the original IP header. Typically, if you use both AH and ESP, the CPU cycles it takes to perform both actions is relatively large and you ll bog down the computers at both end of the process (sending/receiving). Typically, if data privacy is important, ESP can be used to protect the packet. If privacy is not a concern, AH is used.

4.  

If someone has a wireless device, such as a Windows XP-based laptop, that is configured to look for a network connection automatically, when it finds a wireless access point, it might connect to the network. This can be a problem in companies that have frequent vendor, partner, or sales visitors who rely on their laptops while away from their own companies. Inadvertent connection to your corporate wireless network creates a significant security breach, even if the user doesn t intend it. It s also vulnerable to viruses, worms, and other harmful code that can spread through the unknown user s computer to the corporate network.

5.  

It occurs without the use of wireless access points when computers configured for wireless networking negotiate a communication strategy and communicate among themselves in a peer-to-peer fashion. This might be an appropriate configuration for users in a meeting who do not need access to the corporate network but do need access to shared files, for instance. It might also be useful in locations that are not configured with wireless access points or where wireless access points fail (out of range).

6.  

WEP can still be used in wireless networks where other security measures do not exist. It might surprise you to know that many wireless network installations are not configured with any security at all. Therefore, in that case, using WEP would be better than nothing. Moreover, if configured properly, WEP can still be secured if keys are not static and if keys are re-negotiated frequently. This prevents a hacker from having sufficient time and data to crack the encryption with today s tools and technologies. That will certainly change in the future, but additional security methods are emerging in both hardware and software to address the continuing security threats.

7.  

The answer depends on two things. First, how much of a risk is there to the corporate network, how well can it be segmented and protected, and how much security is enough security for your firm? There is always a cost/benefit analysis that must be assessed to determine the cost of implementing security solutions like PKI and RADIUS/IAS versus the benefits provided by the more secure solution. There is no hard-and-fast answer, but as technologies continue to emerge and improve and the cost of wiring buildings and stations increases , the balance will likely tip in favor of implementing highly secure wireless networks.



Previous page
Table of content
Next page
MCSE Designing Security for a Windows Server 2003 Network. Exam 70-298
MCSE Designing Security for a Windows Server 2003 Network: Exam 70-298
ISBN: 1932266550
EAN: 2147483647
Year: 2003
Pages: 122
Authors: Elias Khasner, Laura E. Hunter
BUY ON AMAZON
Snort Cookbook
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
C++ How to Program (5th Edition)
Mastering Delphi 7
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy