Problem solve Get help with specific problems with your technologies, process and projects.

Operating Systems and Cisco Security Applications

This chapter reviews two of today's most common end user applications, Unix and Windows NT systems. Cisco security applications are also covered.

This excerpt is from Chapter 6, Operating Systems and Cisco Security Appliances, of CCIE Security Exam Certification Guide, written by Henry Benjamin and published by Cisco Press.

Browsing and Windows Names Resolution

Network Neighborhood, Windows NT's browsing service, provides end users with a list of all devices available in their network. Before a user's PC can browse the network or Network Neighborhood, the Windows-based PC must register its name periodically by sending a broadcast to the master browser. The master browser contains a list of all devices available on the network. This service, called browsing, is supported by three methods -- NetBEUI, NWLink and NetBT. In addition to accessing the Network Neighborhood services, Windows devices require name resolution so that network names can be translated to protocol addresses, either IP or IPX. Networking administrators have four options for name resolution, which are similar to the Domain Name System (DNS) provided by TCP/IP. These four name resolution options for Windows NT network administrators are as follows:

  • Broadcasts -- This method enables end stations to broadcast their names to a designated master browser (typically a Windows NT server). The master browser collects the names of available devices and maintains a list. The list is then sent to all devices that request it. This allows communication between servers and clients.

  • LMhosts file -- This simple method enables local PCs to maintain a static list of all Windows computers available in the network. The file typically contains the name and protocol addresses of all servers available in the domain. For large networks, the file might become too large and unusable, so a service called Windows Internet Naming Services (WINS) was developed (as described in the next entry).

  • Windows Internet Naming Services (WINS) -- This was developed so Windows network administrators could avoid dealing with a large amount of broadcasts or statically defined lists. WINS allows client PCs to dynamically register and request name resolution by a specific server running the WINS services. Instead of sending broadcasts, the client sends unicasts. WINS typically runs on a Windows NT server and has an IP address. Clients are statically or dynamically configured to use the server's IP address.

  • Dynamic Host Configuration Protocol (DHCP) -- In large networks (which contain thousands of PCs), a static IP address configuration can cause scalability issues because all devices in the network would require file modification. DHCP was developed to dynamically allocate IP addresses and many other parameters, such as subnet masks, gateways and WINS server addresses. When you use DHCP, a Windows client sends out a broadcast for an IP address,and the DHCP server (a Windows NT server or compatible device) provides all the necessary TCP/IP information. The client then registers its names with the WINS server so browsing can take place. Cisco IOS routers can relay DHCP clients' requests (because Cisco IOS routers drop broadcast packets by default) with the ip helper-address remote dhcp servers ip address command.

NOTE: DHCP is an IP address assignment and management solution rather than a name resolution. The DHCP server pushes the WINS/DNS/Gateway addresses to the client making it easier for the client to resolve names.

>> Read the rest of Chapter 6, Operating Systems and Cisco Security Applications.

This was last published in June 2003

Dig Deeper on Alternative operating system security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.