TABLE OF CONTENTS This chapter examines attacks against the Presentation layer (layer 6) and addresses methods to protect against such attacks.
The Presentation layer deals primarily with data presentation. For instance, if one host uses Extended Binary-coded Decimal Interchange Code (EBCDIC) for character sets and its communication partner uses American Standard Code for Information Interchange (ASCII), the Presentation layer converts the data according to each hosts needs.This is especially helpful when you have a heterogeneous network, because different hosts might represent data in diverse manners. Such functionality alleviates the need for application programmers to embed such code into their work. Other functionality within the Presentation layer includes data compression, data encryption, manipulating Extensible Markup Language (XML) objects, and other data handling deemed necessary.The Presentation layer provides insulation between the various forms of data representation encountered in multivendor environments, much like the ASN.1 notation employed in the Simple Network Management Protocol (SNMP).
To begin this chapter, we examine two protocols Network Basic Input/Output System (NetBIOS) and Server Message Block (SMB). Next, we review some of the vulnerabilities within NetBIOS. We then examine Kerberos and its weaknesses, session hijacking, and how to capture passwords and break weak encryption schemes.
NetBIOS is not a protocol per se.There is no one protocol uniquely identifiable as NetBIOS. Nevertheless, NetBIOS is an application programming interface (API) that provides the essential network functions that a system needs (e.g., identify self, form connections with other hosts, exchange datagrams, and so forth).
In the 1980s, a...
