Vista's network functions scrutinized
Symantec has presented an extensive analysis of the network functions of Vista, in which the TCP/IP stack, large parts of which have been rewritten, has been scrutinized. The security experts have also looked at a number of new protocols and have tried in their report to outline the implications of these. A first analysis on the background of the Vista beta version had already been presented by Symantec in the middle of last year.
According to Symantec, the Teredo protocol for tunneling IPv6 through IPv4 networks could be particularly vulnerable. The Teredo protocol describes a method for accessing an IPv6 network behind a NAT router that does not support IPv6. As at present there is virtually no firewall or IDS that supports Teredo, this allows security measures to be circumvented. On this particular topic see the white paper from Symantec.
In addition Vista also features protocols such as Link Layer Topology Discovery Protocol (LLTD), Web Service Discovery, Link-local Multicast Name Resolution (LLMNR), Peer Name Resolution Protocol (PNRP) and others, which have not been studied in detail and which might allow information about network topology to become known to outsiders.
Although only about 16 pages of the 116 pages of the report make up the actual analysis and evaluation, the appendix comprising 100 pages contains many items of information of use to administrators who want to know what to expect when deploying Vista in a company network.
- Windows Vista Network Attack Surface Analysis (PDF file), report by Symantec