The Windows NT Network Environment
In this selection from Eugene Schultz's book, the author provides an introduction to networking, paying particular attention to principles applying to the environments in which Windows NT is typically deployed.
Network security is a major consideration in securing any computing system; Windows NT is by no means an exception to this principle. Before delving too deeply into the topic of security in the Windows NT network environment, however, let's first set the stage by providing an introduction to networking itself paying particular attention to principles applying to the environments in which Windows NT is typically deployed.
You need to understand the fundamentals of networking before you can comprehend many Windows NT security-related vulnerabilities. Unfortunately, Windows NT networking is anything but simple. Many of its many protocols and services are legacies from an earlier era of local area network (LAN) technology; others are part of the NT environment because of the need for interoperability between platforms; and still others are used in providing user services such as World Wide Web (WWW) and mail services. Securing these protocols and services is truly a challenging task.
This chapter covers the essentials of networking, including types of networks and network components, network topologies, the Open Systems Interconnect (OSI) model and its relationship to Windows NT network protocols and services, fundamental network services and protocols commonly found in Windows NT network environments, and other basic information about how networks operate. The chapter then concludes with a lengthy discussion of how Network Basic Input Output System (NetBIOS)- and Server Message Block (SMB)-based networking mechanisms work in the Windows NT environment. If you are very proficient with networking in general and Windows NT networking in particular, you might want to skip ahead to the final section.
Types of Network Implementations
Although there are many different definitions of networks, for purposes of this book network is defined as a collection of hosts, applications, protocols, and peripheral devices (such as printers)—all of which can communicate with each other through some combination of hardware, software, and protocols. One of the most notable changes in computing over the past decade has in fact been the proliferation of networking. The percentage of network hosts has grown steadily through the 1990s to the point that by the late 1990s, the percentage of non-network-capable ("standalone") hosts has diminished to a very small proportion.
Networks can be implemented in a number of different ways. One possible network implementation is a LAN. A LAN consists of hosts and peripheral devices that are relatively near to each other in terms of physical distance. In a wide area network (WAN), the hosts and peripheral devices are more physically disparate from one another.
Another consideration is the relationship of the computers within a given network to each other. In a peer-to-peer network, every network application has basically the same relationship (or at least the same potential relationship) to every other as all others do; no application is specialized in terms of its role in the network. Client/server networking, however, entails specialized functions—server and client. Servers provide network services (for example, the domainwide services that Windows NT domain controllers provide, the Domain Name Service (DNS), print services, File Transfer Protocol (FTP) services, and many others) and access to data stored in a database, for example. Clients provide users and applications with access to the servers through software, such as user interface routines, that translate user input and then send it to applications which reside on the server. The typical outcome is increased efficiency in resource utilization; At a minimum, each client needs enough processing power to remotely communicate with applications residing on servers. In a peer-to-peer network, in contrast, all computers are in many respects both clients and servers. They are clients because they provide an interface to applications and are servers to the degree that they run applications and provide data and services to clients.
Although peer-to-peer networks are advantageous when the need for a LAN with relatively few (perhaps fewer than a dozen) machines exists, client/server-based implementations tend to pose less security risk. In peer-to-peer networking, the security-related configuration of individual systems within the network are not generally built in. Client/server networks, on the other hand, provide support for servers used to centrally set configurations and parameters that affect the type and quantity of access to potentially every computer within the network. Exceptions to this generalization exist (for example, when client/server networks are poorly configured); but all things considered, client/server networking is more conducive to security than are peer-to-peer implementations.