Local Versus Wide Area Networking
Windows NT networking is most fundamentally based on the Internet Protocol. IP addressing is based on the previously discussed logical addresses rather than physical addresses (for example, MAC addresses). Packets can therefore reach their destinations regardless of whether they stay within a local network or are sent across network boundaries to an entirely different network. The distinction between a LAN and WAN is, in fact, more arbitrary than anything else. Traditionally, the distinction between a LAN and WAN is based on physical proximity. A network with components entirely within a single building is therefore likely to be considered a LAN. Similarly, a network that connects LANs dispersed over a wide geographical area is likely to be considered a WAN. More importantly, however, than distance over which a network spans is the protocol used. If a network runs Ethernet, it is a LAN. If it runs Asynchronous Transfer Mode (ATM) over leased lines, it is a WAN. If ATM switches are installed in a small area, the network should probably be called a LAN; in these cases, Ethernet runs on top of ATM. What is probably more important from a security perspective is the number and type of boundaries between networks. Consider the following examples:
Because an IP limited broadcast packet always has the destination address of 255.255.255.255, it stays within router boundaries. Attacks such as broadcast flooding attacks (attacks in which one or more machines on the network send a high volume of broadcast packets, bringing the network to a virtual standstill), are very likely to be confined within a portion of the network served by a particular router.
The preceding example also applies to Network Basic End User Inteface (NetBEUI), a nonroutable protocol used in Microsoft network environments. Attacks that exploit some implementation of NetBEUI are likely to be initiated from within a network for the same reason.
NetBIOS is a naming convention and an API. NetBIOS traffic is routable if NetBIOS runs over a routable protocol, such as IP. NetBIOS typically runs over both TCP and IP. Because TCP and IP are robust protocols, attacks that expolit this protocol are therefore feasible from locations quite far away from a target Windows NT host.
The term enterprise networking is another interesting one. Although often applied to networking within large corporations with computing facilities in different geographical locations, this term is more of a marketing term than anything else. It has virtually no value from a technical viewpoint. Its usefulness in terms of understanding and dealing with security-related issues is therefore also minimal.