ISC(2) CISSP Revision Notes – Telecommunications and Network Security
Networks and security are a large part of the syllabus for the CISSP.
[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam. These notes lack things completely that could be included on your exam. I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning. For further information see my CISSP Study and Exam Tips.[/alert]
ISC(2) CISSP Revision Notes – Study and Exam Tips
ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP
ISC(2) CISSP Revision Notes – Access Control
ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning
ISC(2) CISSP Revision Notes – Cryptography
ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management
ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance
ISC(2) CISSP Revision Notes – Operations Security
ISC(2) CISSP Revision Notes – Security Architectural Design
ISC(2) CISSP Revision Notes – Software Development Security
ISC(2) CISSP Revision Notes – Telecommunications and Network Security (You are here)
Networking
| OSI Model | TCP/IP (DOD) | Like What? | |
| 7 | Application | Application | SMTP, HTTP |
| 6 | Presentation | Application | JPEG, MPEG |
| 5 | Session | Application | RPC, NetBIOS |
| 4 | Transmission | Transport | TCP |
| 3 | Network | Internet | Routers, IP, ICMP |
| 2 | Data-Link (LLC & MAC) | Network | Switches, Ethernet, ARP |
| 1 | Physical | Network | Cables, hubs, topology |
1) Physical
- Star, Mesh, Ring, Bus
- Cable Types:
- Coaxial – Durable and resistant to EMI, quite slow and expensive
- Twinaxial – 2 X coaxial, faster and short distance
- Twisted Pair – eg Cat3, Cat5, Cat5e, Cat6, etc. UTP vs STP. Cheap
- Fiber-optic – No EFI or RFI, fast and very expensive
2) Data-Link Layer
- Ensures delivery to proper device
- LLC – Managed Frames
- MAC – Error Control (CRC), contention, token passing, polling
- L2TP, PPTP, SLIP
- Circuit Switched Networks
- “Think old leased lines”, always on, examples include DSL, DOCSIS, ISDN
- Packet Switched Networks
- ATM, Frame Relay, MPLS, X.25
3) Network Layer
- Routers & routing protocols
- RIP
- Split horizon (don’t push routes back down the same way)
- Route poising (unreachable routes)
- Hold down (how long until link is dead)
- OSPF uses Autonomous System (AS)
- BCP in use by ISPs
- IP, IPX, ICMP
- Class A 1 – 126 0.0.0.0
- Class B 128 – 191 255.0.0.0
- Class C 192 – 223 255.255.0.0
- Class D 224 – 239 255.255.255.0
- Class E 240 – 254
4) Transport Layer
- Flow Control, Multiplexing, Virtual Circuits & Error Checking
- “Reliable end to end control”
- TCP – Full duplex & connection orientated
- UDP – Connectionless, best efforts but fast
- SSL & TLS
5) Session Layer
- Establishes, co-ordinates and terminates communication sessions
- SSH, NetBIOS, NFS, RPS, SIP
6) Presentation Layer
- Coding and conversion function
- ASCII, JPG, GIF, MPEG, etc
7) Application Layer
- Identify and establish
- FTP, HTTP, IMAP, POP3, etc
Firewall Types
- Packet Filtering / Screening Router
- Basic and inexpensive
- Uses on TCP, UDP, ICMP and IP headers (source, destination, service) with ACLs
- Circuit Level Gateway / Stateful Inspection Firewall
- Maintains state information of stream
- Tunnel/virtual circuit created
- Layer 5
- Fast
- Application Level Gateway
- Think proxy server
- Slows down the channel
Firewall Architectures
Screening Router
- Placed Between trusted and untrusted networks
- ACL based but otherwise basic
Dual Homed Gateways / Bastion Host
- Think proxies, gateways, etc
- Usually a hardened system
Screened Host Gateways
- Uses screening router to an internal bastion host (think DMZ on home routers)
- Screened Subnet
- Think DMZ, uses screening router – bastion host – screening router
IPS, IDP & IDPS
- Active: IPS (Automatically stops bad traffic)
- Passive: IDS (Monitors and analyses)
- Knowledge Based: Signature, low false alarm rates, signatures need to be up to date
- Behavior Based: Baselines, high false alarm rates, traffic may change over time
Remote Access
RAS (PAP, CHAP, EAP), RADIUS, Diameter, TACAS
VPNs
- Client to Firewall, Firewall to Firewall, Router to Router
- PPTP: Layer 2 (Microsoft)
- L2F: Layer 2 (Cisco)
- L2TP: Combination of PPTP and L2F
- IPSec VPN
- Modes
- Transport: only data is encrypted
- Tunnel: Entire packet is encrypted
- Modes
- Protocols & Terms
- Security Association (SA): Details individual tunnel (each AH and ESP requires one 2:n SAs)
- Authentication Header (AH): Integrity, Authentication and Non-repudiation
- Encapsulation Security Payload (ESP): Confidentiality
- SPI: 32 bit string identifying SA
- Destination IP
- Security Protocol ID: Either AH or ESP
- IKE (Internet Key Exchange)
WLAN
- Modes: Root, Repeater, Bridge, (ad-hoc)
- WEP
- RC4 Ciher, 40 or 104 bit key (+IV (24bit) = 64 or 128bit), CRC-32, NOT SECURE
- WPA
- 802.11x TKIP, key plus counter
- WPA2
- AES, counter mode and Cipher Block Chaining (CBC)
Email Security
RBLs, scanning, reputation, third party, in-house, etc
Web Security
Script injections, buffer overflow, DoS
Attacks
Bluejacking and Bluesnarfing: Bluetooth
Fraggle: UDP Echo
ICMP Flood: Large number of pings
Session Hijacking: Poor generation of session numbers
Smurf: ICMP echo request broadcast to susceptible network segment which then saturate the target
Syn Flood: Half opened TCP connections flood the target and left half open, consumes resources
Teardrop: Fragments of length of packets confuse the target
UDP Flood: UDP consumes bandwidth
[alert style=”red”]In NO way should these notes be used as your sole source of study for the CISSP exam. These notes lack things completely that could be included on your exam. I in no way provide any guarantee or assurance that these notes are correct or satisfactory for your learning. For further information see my CISSP Study and Exam Tips.[/alert]
3 Comments
[…] ISC(2) CISSP Revision Notes – Study and Exam Tips ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP ISC(2) CISSP Revision Notes – Access Control ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning ISC(2) CISSP Revision Notes – Cryptography ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance ISC(2) CISSP Revision Notes – Operations Security ISC(2) CISSP Revision Notes – Security Architectural Design ISC(2) CISSP Revision Notes – Software Development Security (You are here) ISC(2) CISSP Revision Notes – Telecommunications and Network Security […]
[…] ISC(2) CISSP Revision Notes – Study and Exam Tips ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP ISC(2) CISSP Revision Notes – Access Control (You are here) ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning ISC(2) CISSP Revision Notes – Cryptography ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance ISC(2) CISSP Revision Notes – Operations Security ISC(2) CISSP Revision Notes – Security Architectural Design ISC(2) CISSP Revision Notes – Software Development Security ISC(2) CISSP Revision Notes – Telecommunications and Network Security […]
[…] ISC(2) CISSP Revision Notes – Study and Exam Tips (You are here) ISC(2) CISSP Revision Notes – Overarching Themes for the CISSP ISC(2) CISSP Revision Notes – Access Control ISC(2) CISSP Revision Notes – Business Continuity and Disaster Planning ISC(2) CISSP Revision Notes – Cryptography ISC(2) CISSP Revision Notes – Information Security Governance and Risk Management ISC(2) CISSP Revision Notes – Legal, Regulatory, Investigations and Compliance ISC(2) CISSP Revision Notes – Operations Security ISC(2) CISSP Revision Notes – Security Architectural Design ISC(2) CISSP Revision Notes – Software Development Security ISC(2) CISSP Revision Notes – Telecommunications and Network Security […]