legal contact
 

Domain 4: Communication and Network Security

Implement secure design principles in network architectures

  • Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models 
    Layers: 
    7. Application - Google chrome 
    6. Presentation - JPEG 
    5. Sessions - RPC 
    4. Transport - TCP/UDP 
    3. Network - IP Addressing 
    2. Data Link - MAC Address 
    1. Physical - Electrical/Optical Current 

    Please Do Not Through Saussage Pizza Away

    Think of it like you are trying to send a package of cookies to someone else half way across the world.

  • Internet Protocol (IP) networking - DHCP on LAN. Lan connects to WAN. ISPs route traffic

  • Implications of multilayer protocols

  • Converged protocols - providing industrial controls, storage, voice, etc via Ethernet(tcp/udp)

  • Software-defined networks - seperates a router's control plane from data forwarding plane

  • Wireless networks - WEP, WPA, WPA2. 802.11 is the wireless standard Many varieties of EAP

    • LEAP : Cisco-proprietry, very bad
    • EAP-TLS : requires server/client certificates
    • EAP-TTLS : allows passwords for client-side authentication
    • PEAP : similar to EAP-TTLS, developed by cisco and microsoft
  • Firewalls - network segmentation

    • Packet Filter: no decisions. set list of allow rules. One must define IN-packet and OUT-Packet.
    • Stateful: slower but more secure. compare packets to previous ones, depending on allow connection "direction".
    • Proxy: acts as middle man on network. does not give anything back if doesn't meet proxy rules. Connection is reestablished with SRC of proxy.
    • application-layer proxy: make decissions on like HTTP, and layers 3 and 4. Connection is reestablished with SRC of proxy.
  • VoIP - voice over IP (UDP)

    • RTP for streaming
    • SRTP for secure communication

Secure network components

  • Operation of hardware
  • Transmission media - properly encrypt media
  • Network Access Control (NAC) devices - 802.1X is port based network access control
  • Endpoint security - deep packet inspection. email filtering.
  • Content-distribution networks - series of distributed caching servers to imporve performance and lower latency. They find closest servers to you and go

Implement secure communication channels according to design

Figure out what type of security mechanisms are best for scenarios you get on the test

  • Voice
  • Multimedia collaboration
  • Remote access
  • Data communications
  • Virtualized networks


 

Sources
https://github.com/icepaule/CISSP-Study-Guide (Thanks to SimonOwens for his great work)