ISC(2) CISSP Revision Notes – Telecommunications and Network Security

Networks and security are a large part of the syllabus for the CISSP.

[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.[/alert]

ISC(2) CISSP Revision Notes – Study and Exam Tips
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance
ISC(2) CISSP Revision Notes – Operations Security
ISC(2) CISSP Revision Notes – Security Architectural Design
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security (You are here)

Networking

1) Physical

• Star, Mesh, Ring, Bus
• Cable Types:
  • Coaxial – Durable and resistant to EMI, quite slow and expensive
  • Twinaxial – 2 X coaxial, faster and short distance
  • Twisted Pair – eg Cat3, Cat5, Cat5e, Cat6, etc.  UTP vs STP.  Cheap
  • Fiber-optic – No EFI or RFI, fast and very expensive

2) Data-Link Layer

• Ensures delivery to proper device
• LLC – Managed Frames
• MAC – Error Control (CRC), contention, token passing, polling
• L2TP, PPTP, SLIP
• Circuit Switched Networks
  • “Think old leased lines”, always on, examples include DSL, DOCSIS, ISDN
  • Packet Switched Networks
    • ATM, Frame Relay, MPLS, X.25

3) Network Layer

• Routers & routing protocols
• RIP
  • Split horizon (don’t push routes back down the same way)
  • Route poising (unreachable routes)
  • Hold down (how long until link is dead)
  • OSPF uses Autonomous System (AS)
  • BCP in use by ISPs
  • IP, IPX, ICMP
  • Class A            1 – 126           0.0.0.0
  • Class B            128 – 191      255.0.0.0
  • Class C                        192 – 223      255.255.0.0
  • Class D            224 – 239      255.255.255.0
  • Class E                        240 – 254

4) Transport Layer

• Flow Control, Multiplexing, Virtual Circuits & Error Checking
• “Reliable end to end control”
• TCP – Full duplex & connection orientated
• UDP – Connectionless, best efforts but fast
• SSL & TLS

5) Session Layer

• Establishes, co-ordinates and terminates communication sessions
• SSH, NetBIOS, NFS, RPS, SIP

6) Presentation Layer

• Coding and conversion function
• ASCII, JPG, GIF, MPEG, etc

7) Application Layer

• Identify and establish
• FTP, HTTP, IMAP, POP3, etc

Firewall Types

• Packet Filtering / Screening Router
  • Basic and inexpensive
  • Uses on TCP, UDP, ICMP and IP headers (source, destination, service) with ACLs
  • Circuit Level Gateway / Stateful Inspection Firewall
    • Maintains state information of stream
    • Tunnel/virtual circuit created
    • Layer 5
    • Fast
    • Application Level Gateway
      • Think proxy server
      • Slows down the channel

Firewall Architectures

Screening Router

• Placed Between trusted and untrusted networks
• ACL based but otherwise basic

Dual Homed Gateways / Bastion Host

• Think proxies, gateways, etc
• Usually a hardened system

Screened Host Gateways

• Uses screening router to an internal bastion host (think DMZ on home routers)
• Screened Subnet
• Think DMZ, uses screening router – bastion host – screening router

IPS, IDP & IDPS

• Active: IPS (Automatically stops bad traffic)
• Passive: IDS (Monitors and analyses)
• Knowledge Based: Signature, low false alarm rates, signatures need to be up to date
• Behavior Based: Baselines, high false alarm rates, traffic may change over time

Remote Access

RAS (PAP, CHAP, EAP), RADIUS, Diameter, TACAS

VPNs

• Client to Firewall, Firewall to Firewall, Router to Router
• PPTP: Layer 2 (Microsoft)
• L2F: Layer 2 (Cisco)
• L2TP: Combination of PPTP and L2F
• IPSec VPN
  • Modes
    • Transport: only data is encrypted
    • Tunnel: Entire packet is encrypted
• Protocols & Terms
  • Security Association (SA): Details individual tunnel (each AH and ESP requires one 2:n SAs)
  • Authentication Header (AH): Integrity, Authentication and Non-repudiation
  • Encapsulation Security Payload (ESP): Confidentiality
  • SPI: 32 bit string identifying SA
  • Destination IP
  • Security Protocol ID: Either AH or ESP
  • IKE (Internet Key Exchange)

WLAN

• Modes: Root, Repeater, Bridge, (ad-hoc)
• WEP
  • RC4 Ciher, 40 or 104 bit key (+IV (24bit) = 64 or 128bit), CRC-32, NOT SECURE
  • WPA
    • 802.11x TKIP, key plus counter
    • WPA2
      • AES, counter mode and Cipher Block Chaining (CBC)

Email Security

RBLs, scanning, reputation, third party, in-house, etc

Web Security

Script injections, buffer overflow, DoS

Attacks

Bluejacking and Bluesnarfing: Bluetooth

Fraggle: UDP Echo

ICMP Flood: Large number of pings

Session Hijacking: Poor generation of session numbers

Smurf: ICMP echo request broadcast to susceptible network segment which then saturate the target

Syn Flood: Half opened TCP connections flood the target and left half open, consumes resources

Teardrop: Fragments of length of packets confuse the target

UDP Flood: UDP consumes bandwidth

[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam.  These notes lack things completely that could be included on your exam.  I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning.  For further information see my CISSP Study and Exam Tips.[/alert]