Domain 4: Communication and Network Security
Implement secure design principles in network architectures
-
Open System Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) models
Layers:
7. Application - Google chrome
6. Presentation - JPEG
5. Sessions - RPC
4. Transport - TCP/UDP
3. Network - IP Addressing
2. Data Link - MAC Address
1. Physical - Electrical/Optical CurrentPlease Do Not Through Saussage Pizza Away
Think of it like you are trying to send a package of cookies to someone else half way across the world.
-
Internet Protocol (IP) networking - DHCP on LAN. Lan connects to WAN. ISPs route traffic
-
Implications of multilayer protocols
-
Converged protocols - providing industrial controls, storage, voice, etc via Ethernet(tcp/udp)
-
Software-defined networks - seperates a router's control plane from data forwarding plane
-
Wireless networks - WEP, WPA, WPA2. 802.11 is the wireless standard Many varieties of EAP
- LEAP : Cisco-proprietry, very bad
- EAP-TLS : requires server/client certificates
- EAP-TTLS : allows passwords for client-side authentication
- PEAP : similar to EAP-TTLS, developed by cisco and microsoft
-
Firewalls - network segmentation
- Packet Filter: no decisions. set list of allow rules. One must define IN-packet and OUT-Packet.
- Stateful: slower but more secure. compare packets to previous ones, depending on allow connection "direction".
- Proxy: acts as middle man on network. does not give anything back if doesn't meet proxy rules. Connection is reestablished with SRC of proxy.
- application-layer proxy: make decissions on like HTTP, and layers 3 and 4. Connection is reestablished with SRC of proxy.
-
VoIP - voice over IP (UDP)
- RTP for streaming
- SRTP for secure communication
Secure network components
- Operation of hardware
- Transmission media - properly encrypt media
- Network Access Control (NAC) devices - 802.1X is port based network access control
- Endpoint security - deep packet inspection. email filtering.
- Content-distribution networks - series of distributed caching servers to imporve performance and lower latency. They find closest servers to you and go
Implement secure communication channels according to design
Figure out what type of security mechanisms are best for scenarios you get on the test
- Voice
- Multimedia collaboration
- Remote access
- Data communications
- Virtualized networks
Sources
https://github.com/icepaule/CISSP-Study-Guide (Thanks to SimonOwens for his great work)