cissp review course domain 2b n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
CISSP Review Course Domain 2b: PowerPoint Presentation
Download Presentation
CISSP Review Course Domain 2b:

Loading in 2 Seconds...

play fullscreen
1 / 56

CISSP Review Course Domain 2b: - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

CISSP Review Course Domain 2b:. Telecommunications and Network Security. This presentation includes a compendium of slides, both original and gathered from various public information sources and is not intended for use by any for-profit individuals or organizations.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CISSP Review Course Domain 2b:' - tana-gilliam


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
cissp review course domain 2b

CISSP Review CourseDomain 2b:

Telecommunications and Network Security

This presentation includes a compendium of slides, both original and gathered from various public information sources and is not intended for use by any for-profit individuals or organizations

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain objective telecommunications and network security
Domain Objective:Telecommunications and Network Security

The objective of this domain is to understand:

  • data communications in terms of physical and logical networks, including local area, metropolitan area, wide area, remote access, Internet, intranet, extranet, their related technologies of firewalls, bridges, routers, and the TCP/IP and OSI models
  • communications and network security as it relates to voice, data, multimedia, and facsimile
  • communications security management techniques that prevent, detect, and correct errors

We will cover most, but not all of these areas in this review

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain summary telecommunications and network security
Domain Summary:Telecommunications and Network Security

The telecommunications and network security domain is a very significant part of the CBK. The information for this domain typically represents 15% of the CISSP exam content and includes the structures, transmission methods, transport formats, and security measures used to provide and ensure the integrity, availability, authentication, and confidentiality of transmissions over private and public communications networks.

CISSP Prep, University of Buffalo

Domain 2b - 2004

last session network structure
Last Session:Network Structure
  • OSI Model
  • Internet Protocols
  • Network Devices
  • Network Topologies
  • Internet Protocol
  • LAN Topologies
  • Access Technologies

CISSP Prep, University of Buffalo

Domain 2b - 2004

this session
This Session:
  • Internet, intranet, extranet, & remote access, their related technologies of firewalls, Proxy servers, and controls
  • communications security management techniques that prevent, detect, and correct errors

CISSP Prep, University of Buffalo

Domain 2b - 2004

internet intranet extranet
Internet/Intranet/Extranet
  • Internet
    • global network of public networks and service providers
    • uses TCP/IP protocol
  • Intranet internal network of WAN
    • used for connecting to private web pages, internal web sites, internal web applications
  • Extranet
    • segment of WAN physically or logically isolated from the other WAN segments
    • activities on segment are considered untrusted

CISSP Prep, University of Buffalo

Domain 2b - 2004

firewall terms
Firewall Terms
  • Network address translation (NAT)
    • Internal addresses unreachable from external network
  • DMZ - De-Militarized Zone
    • Hosts that are directly reachable from untrusted networks
  • ACL - Access Control List
    • can be router or firewall term

CISSP Prep, University of Buffalo

Domain 2b - 2004

firewall terms1
Firewall Terms
  • Choke, Choke router
    • A router with packet filtering rules (ACLs) enabled
  • Gate, Bastion host, Dual Homed Host
    • A server that provides packet filtering and/or proxy services
  • proxy server
    • A server that provides application proxies

CISSP Prep, University of Buffalo

Domain 2b - 2004

firewall types
Firewall Types
  • Packet-filtering router
    • Most common
    • Uses Access Control Lists (ACL)
      • Port
      • Source/destination address
  • Screened host
    • Packet-filtering and Bastion host
    • Application layer proxies
  • Screened subnet (DMZ)
    • 2 packet filtering routers and bastion host(s)
    • Most secure

CISSP Prep, University of Buffalo

Domain 2b - 2004

firewall types1
Firewall Types
  • boundary routers
    • provide entry to and from network perimeters
    • permit or deny predefined network traffic
    • forward permitted traffic from a secure device
  • secure gateways
    • enforce network security policy between two or more networks
    • usually a firewall type device
    • used for central network administration
    • circuit level – application level using TCP without additional processing
    • application level – proxy service

CISSP Prep, University of Buffalo

Domain 2b - 2004

firewall mechanisms
Firewall Mechanisms
  • Stateful Inspection
    • State and context analyzed on every packet in connection
  • Proxy servers
    • Intermediary
    • Think of bank teller

CISSP Prep, University of Buffalo

Domain 2b - 2004

proxies
Proxies
  • Defined: A server acts on behalf of your or your PC to increase security or accelerate data flow.
  • Types of Proxies
    • Forward Proxy - many internal clients to one external server.
    • Reverse Proxy - many external clients to one internal server.

CISSP Prep, University of Buffalo

Domain 2b - 2004

proxies1
Proxies
  • Brands of Proxies
      • Cisco
      • SUN / Netscape I-Planet
      • CacheFlow - Blue Jacket
  • Examples of Proxies:
      • FTP Telnet HTTP SSH
      • Network Appliance
      • Microsoft ISA

CISSP Prep, University of Buffalo

Domain 2b - 2004

intrusion detection ids
Intrusion Detection (IDS)
  • Host or network based
  • Context and content monitoring
  • Positioned at network boundaries
  • Basically a sniffer with the capability to detect traffic patterns known as attack signatures

CISSP Prep, University of Buffalo

Domain 2b - 2004

web security
Web Security
  • Secure sockets Layer (SSL)
    • Transport layer security (TCP based)
    • Widely used for web based applications
    • by convention, https:\\
  • Secure Hypertext Transfer Protocol (S-HTTP)
    • Less popular than SSL
    • Used for individual messages rather than sessions

CISSP Prep, University of Buffalo

Domain 2b - 2004

web security1
Web Security
  • Secure Electronic Transactions (SET)
    • PKI
    • Financial data
    • Supported by VISA, MasterCard, Microsoft, Netscape

CISSP Prep, University of Buffalo

Domain 2b - 2004

ipsec
IPSEC
  • IP Security
    • Set of protocols developed by IETF
    • Standard used to implement VPNs
    • Two modes
    • Transport Mode
      • encrypted payload (data), clear text header
    • Tunnel Mode
      • encrypted payload and header
    • IPSEC requires shared secret key & security association

CISSP Prep, University of Buffalo

Domain 2b - 2004

common attacks
Common Attacks
  • This section covers common hacker attacks
  • No need to understand them completely, need to be able to recognize the name and basic premise

CISSP Prep, University of Buffalo

Domain 2b - 2004

spoofing
Spoofing
  • TCP Sequence number prediction
  • UDP - trivial to spoof (CL)
  • DNS - spoof/manipulate IP/hostname pairings
  • Source Routing

CISSP Prep, University of Buffalo

Domain 2b - 2004

denial of service dos
Denial of Service (DoS)
  • Attempts to "flood" a network, thereby preventing legitimate network traffic
  • Attempts to disrupt connections between two machines, thereby preventing access to a service
  • Attempts to prevent a particular individual from accessing a service
  • Attempts to disrupt service to a specific system or person
  • Distributed Denial of Service (DDoS); multiple systems controlled to conduct the attack

CISSP Prep, University of Buffalo

Domain 2b - 2004

sniffing
Sniffing
  • Passive attack
  • Monitor the “wire” for all traffic - most effective in shared media networks
  • Sniffers used to be “hardware”, now are a standard software tool

CISSP Prep, University of Buffalo

Domain 2b - 2004

session hijacking
Session Hijacking
  • Uses sniffer to detect sessions, get pertinent session info (sequence numbers, IP addresses)
  • Actively injects packets, spoofing the client side of the connection, taking over session with server
  • Bypasses I&A controls
  • Encryption is a countermeasure, stateful inspection can be a countermeasure

CISSP Prep, University of Buffalo

Domain 2b - 2004

ip fragmentation
IP Fragmentation
  • Use fragmentation options in the IP header to force data in the packet to be overwritten upon reassembly
  • Used to circumvent packet filters

CISSP Prep, University of Buffalo

Domain 2b - 2004

ids attacks
IDS Attacks
  • Insertion Attacks
    • Insert information to confuse pattern matching
  • Evasion Attacks
    • Trick the IDS into not detecting traffic
    • Example - Send a TCP RST with a TTL setting such that the packet expires prior to reaching its destination

CISSP Prep, University of Buffalo

Domain 2b - 2004

syn floods
Syn Floods
  • Remember the TCP handshake?
    • Syn, Syn-Ack, Ack
  • Send a lot of Syns
  • Don’t send Acks
  • Victim has a lot of open connections, can’t accept any more incoming connections
  • Denial of Service

CISSP Prep, University of Buffalo

Domain 2b - 2004

telecom remote access security
Telecom/Remote Access Security
  • Dial up lines are favorite hacker target
    • War dialing
    • social engineering
  • PBX is a favorite phreaker target
    • blue box, gold box, etc.
    • Voice mail

CISSP Prep, University of Buffalo

Domain 2b - 2004

telecommunications security
Telecommunications Security
  • Facsimile Security
  • Technical controls - FAX encryptor and bulk data link encryption
    • Management controls - activity and exception reports
    • Physical Access Controls
  • Voice Mail Security
    • exposure to toll fraud if compromised
    • PINs should be generated randomly
    • unassigned or unused mailboxes removed
    • block access to transfer to local or long distance lines

CISSP Prep, University of Buffalo

Domain 2b - 2004

telecommunications security1
Telecommunications Security
  • Private Branch Exchange (PBX) Security
    • PBX - a switching system that controls and manages a companies physical phones and connections to the local telephone company
    • security goal is to prevent unauthorized use, manipulation, or access of the switch, operating software, or system configuration
    • security measures
      • detail call recording
      • control remote maintenance access
      • install strong passwords for system management
      • block all unassigned access codes

CISSP Prep, University of Buffalo

Domain 2b - 2004

remote access security
Remote Access Security
  • SLIP - Serial Line Internet Protocol
  • PPP - Point to Point Protocol
    • SLIP/PPP about the same, PPP adds error checking, SLIP obsolete
  • PAP - Password authentication protocol
    • clear text password
  • CHAP - Challenge Handshake Auth. Prot.
    • Encrypted password

CISSP Prep, University of Buffalo

Domain 2b - 2004

remote access security1
Remote Access Security
  • TACACS, TACACS+
    • Terminal Access Controller Access Control System
    • Network devices query TACACS server to verify passwords
    • “+” adds ability for two-factor (dynamic) passwords
  • Radius
    • Remote Auth. Dial-In User Service

CISSP Prep, University of Buffalo

Domain 2b - 2004

virtual private networks
Virtual Private Networks
  • PPTP - Point to Point Tunneling Protocol
    • Microsoft standard
    • creates VPN for dial-up users to access intranet
  • IPSEC client
    • Cisco Secure Client
    • Nortel VPN Client

CISSP Prep, University of Buffalo

Domain 2b - 2004

transport layer protocols
Transport Layer Protocols
  • SSH - Secure Shell
    • allows encrypted sessions, file transfers
    • can be used as a VPN
  • SSL – Secure Sockets Layer
    • Enables client/server applications to communicate, minimizing the risk of eavesdropping, tampering or message forgery
    • Provides data confidentiality, integrity control, server authentication and client authorization

CISSP Prep, University of Buffalo

Domain 2b - 2004

tranport layer protocols
Tranport Layer Protocols
  • Wireless Transport Layer Security (WTLS)
    • Security in the Wireless Application Protocol v1.2 users WTLS instead of standard SSL
    • Wireless gateway must user WTLS to secure the channel to the wireless device and SSL to secure the channel from the destination web server.
    • A security issue is that the information on the gateway is unencrypted.

CISSP Prep, University of Buffalo

Domain 2b - 2004

application layer security protocols
Application Layer Security Protocols
  • Secure Hypertext Transfer Protocol (S-HTTP)
    • Supports fine grained application security, such as:
      • Key distribution using shared secrets or PKI
      • Web-page specific encryption controls for highly granular access control
    • Overshadowed by transport layer security protocols such as Secure Socket Layer (SSL)
    • It is not the same as HTTPS, which is SSL running under HTTP

CISSP Prep, University of Buffalo

Domain 2b - 2004

application layer security protocols1
Application Layer Security Protocols
  • Electronic Payment schemes
    • Examples are Ecash, Netcash, Mondex, Cybercash
  • Secure Electronic Transaction (SET)
    • SET provides payment protection but not link encryption
    • Goal to provide worldwide payment card protocol
    • Authentication and non-repudiation of purchaser and merchant

CISSP Prep, University of Buffalo

Domain 2b - 2004

communications
Communications
  • Security techniques to prevent detect, and correct errors for Confidentiality Integrity & Availability (CIA).
    • Tunneling
    • VPN
    • IDS
    • Protocol & Packet Analyzers (Sniffers)

CISSP Prep, University of Buffalo

Domain 2b - 2004

communications1
Communications
  • NAT
  • PAT
  • Hash
  • CRC
  • Transmission Logging, error correction, retransmission

CISSP Prep, University of Buffalo

Domain 2b - 2004

email security
Email Security
  • Privacy
  • Ownership
  • Legal Liability
  • Financial communications
  • Personal email security versus business email security

CISSP Prep, University of Buffalo

Domain 2b - 2004

email security encryption personal email
Email SecurityEncryption - Personal Email
  • Email has less security than a letter or postcard sent in the U.S. Mail.
  • A postcard has nonrepudiation; a signature on the card identifies who sent the card.
  • A letter has confidentiality; no one should be able to see inside the envelope
  • A letter has integrity; tampering with the envelope should be noticed.

CISSP Prep, University of Buffalo

Domain 2b - 2004

encryption personal email
Encryption - Personal Email
  • Why would you want to encrypt or digitally sign your personal email?
    • Personal Privacy
    • Professional Association / Law Enforcement / Information Security Company requires secure communications
    • Identification
    • Credibility
    • Use latest technology

CISSP Prep, University of Buffalo

Domain 2b - 2004

slide41
Domain 2 Questions

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions
Domain 2 Practice Questions

Spoofing can be defined as:

  • Eavesdropping on communications between persons or processes
  • Person or process emulating another person or process
  • A hostile or unexpected entity concealed within another entity
  • The testing of all possibilities to obtain information

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions1
Domain 2 Practice Questions

The purpose of Nessus is to?

  • Close network security holes
  • Establish network audit trails
  • Identify vulnerabilities in networks
  • Exploit system-related vulnerabilities

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions2
Domain 2 Practice Questions

Which of the following is an attack specificallly against mail systems?

A) Smurf

B) SYN/Ack

C) Spam

D) Teardrop

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions3
Domain 2 Practice Questions

What role does biometrics have in logical access control?

  • Certification
  • Authorization
  • Authentication
  • Confidentiality

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions4
Domain 2 Practice Questions

How many types of intrusion detection engines are there?

  • One
  • Two
  • Three
  • Four
  • Seven

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions5
Domain 2 Practice Questions

Which protocol is commonly used to verify dial-up connections between hosts?

  • Unix-to-Unix Communication Protocol (UUCP)
  • Challenge Handshake Authentication Protocol (CHAP)
  • C) Point-to-Point Tunneling Protocol (PPTP)
  • D) Simple Key Management for Internet Protocol (SKIP)

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions6
Domain 2 Practice Questions

The UDP protocol is a connectionless and reliable service for applications?

  • True
  • False

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions7
Domain 2 Practice Questions
  • Firewall Types can be which of those listed below? (Choose all that apply)
  • Packet Filtering
  • Stateful Inspection
  • Application level Proxy
  • Personal
  • Circuit level Proxy

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions8
Domain 2 Practice Questions

Which form of firewall performs the highest level of control?

  • Packet Filtering
  • Stateful Inspection
  • Application level Proxy
  • Personal
  • Circuit level Proxy

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions9
Domain 2 Practice Questions

All implementations of IPSEC must support a Security Authentication?

  • True
  • False

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions10
Domain 2 Practice Questions

Telnet is the much preferred over SSH for it’s secure connection attributes.

  • True
  • False

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions11
Domain 2 Practice Questions

Wireless Security and Access control has which of the following as a noted security issue? (Choose all that apply)

  • Access Point Mapping
  • SSID Broadcasting
  • Compatibility between devices
  • Authentication
  • Encryption
  • Default Settings

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions12
Domain 2 Practice Questions

Network Disaster Prevention might include which of the following practices?

  • Redundant LAN routes
  • On demand WAN connections
  • Creation of a single point of failure for added redundancy
  • Use of Frame Relay
  • Leased line or T1 connections

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions13
Domain 2 Practice Questions

Use of Trivial File Transfer Protocol (TFTP) is a recommended practice for securing device configuration data?

  • True
  • False

CISSP Prep, University of Buffalo

Domain 2b - 2004

domain 2 practice questions14
Domain 2 Practice Questions

Which of the following RAID levels provide for server fault-tolerance?

  • RAID 1
  • BlackFlag Technique
  • RAID 5
  • RAID 0
  • RAID 10

CISSP Prep, University of Buffalo

Domain 2b - 2004