2 cissp ® Official Study Guide Eighth Edition

448
Chapter 11 
■
Secure Network Architecture and Securing Network Components
Internetwork Packet Exchange (IPX)
is part of the IPX/Sequenced Packet Exchange (SPX) 
protocol suite commonly used (although not strictly required) on Novell NetWare net-
works in the 1990s. 
AppleTalk
is a suite of protocols developed by Apple for networking 
of Macintosh systems, originally released in 1984. Support for AppleTalk was removed 
from the Apple operating system as of the release of Mac OS X v10.6 in 2009. Both IPX 
and AppleTalk can be used as IP alternatives in a dead-zone network implementation using 
IP-to-alternate-protocol gateways (a 
dead zone
is a network segment using an alterna-
tive Network layer protocol instead of IP). 
NetBIOS Extended User Interface (NetBEUI
, aka 
NetBIOS Frame protocol, or NBF) is most widely known as a Microsoft protocol developed 
in 1985 to support file and printer sharing. Microsoft has enabled support of NetBEUI on 
modern networks by devising NetBIOS over TCP/IP (NBT). This in turn supports the Win-
dows sharing protocol of 
Server Message Block (SMB)
, which is also known as 
Common 
Internet File System (CIFS)
. NetBEUI is no longer supported as a lower-layer protocol; only 
its SMB and CIFS variants are still in use.
A potential security risk exists when non-IP protocols are in use in a private network. 
Because non-IP protocols are rare, most firewalls are unable to perform packet header, 
address, or payload content filtering on those protocols. Thus, when it comes to non-IP 
protocols, a firewall typically must either block all or allow. If your organization is depen-
dent on a service that operates over only a non-IP protocol, then you may have to live 
with the risk of passing all non-IP protocols through your firewall. This is mostly a concern 
within a private network when non-IP protocols traverse between network segments. How-
ever, non-IP protocols can be encapsulated in IP to be communicated across the internet. In 
an encapsulation situation, IP firewalls are rarely able to perform content filtering on such 
encapsulation and thus security has to be set to an allow-all or deny-all configuration.
Routers and bridge routers (brouters) are among the network hardware devices that 
function at layer 3. Routers determine the best logical path for the transmission of packets 
based on speed, hops, preference, and so on. Routers use the destination IP address to guide 
the transmission of packets. A brouter, working primarily in layer 3 but in layer 2 when 
necessary, is a device that attempts to route first, but if that fails, it defaults to bridging.
routing Protocols
There are two broad categories of routing protocols: distance vector and link state. 
Dis-
tance vector
routing protocols maintain a list of destination networks along with metrics 
of direction and distance as measured in hops (in other words, the number of routers to 
cross to reach the destination). 
Link state
routing protocols maintain a topography map 
of all connected networks and use this map to determine the shortest path to the desti-
nation. Common examples of distance vector routing protocols are Routing Information 
Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), while common examples 
of link state routing protocols are Open Shortest Path First (OSPF) and Interior Gateway 
Routing Protocol (IGRP).

OSI Model 

Download 19,3 Mb.

Do'stlaringiz bilan baham: