Telecommunications and networking use various mechanisms, devices, software and protocols that are interrelated and integrated.
Networking is one of the more complex topics in the computer field, mainly because so many components are involved. A network administrator or engineer must know how to configure networking software, protocols and services, and devices; deal with interoperability issues; install, configure and interface with telecommunication software and devices; and troubleshoot effectively. A security professional must understand these issues and the vulnerabilities that can arise within the network.
In this CISSP Essentials Security School lesson, Domain 5, Telecommunications and Networking, expert CISSP exam trainer Shon Harris details the key topics students need to know to pass the CISSP exam. Before watching the special Domain 5, Telecommunications and Networking video below, it's recommended that students first read the Domain 5 spotlight article, which provides an overview of the concepts presented in the video, such as protocol and stack models, including OSI, TCP/IP, abstraction layers, associated protocols and their relationships to each other; core technologies like network topology, LAN, MAN, WAN, cabling and data transmission types, network and telecommunications devices and services, and Web-based intranet and extranet Web technologies; network components and services, devices and resource management; and extension technologies covering remote access methods and wireless technologies.
After watching the video, test your comprehension of this material with our Domain 5, Telecommunications and Networking quiz. Upon completion, return to the CISSP Essentials Security School table of contents to select your next lesson.
About Shon Harris:
Shon Harris is a CISSP, MCSE and President of Logical Security, a firm specializing in security educational and training tools. Logical Security offers curriculum, virtual labs, instructor slides and tools for lease by training companies, security companies, military organizations, government sectors and corporations.
Shon is also a security consultant, an engineer in the Air Force's Information Warfare unit, an entrepreneur and an author. She has authored two best selling CISSP books, including CISSP All-in-One Exam Guide, and was a contributing author to the book Hacker's Challenge. Shon is currently finishing her newest book, Gray Hat Hacking: The Ethical Hacker's Handbook.
CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as ISC(2).
Read the full transcript from this video below:
CISSP Essentials training: Domain 5, Telecommunications and networking
Host: Welcome to SearchSecurity CISSP Essentials: Mastering the
Common Body of Knowledge. This is the fifth in a series of ten classes explaining the fundamental
concepts, technologies and practices of information systems securities corresponding to the CISSP’s
Common Body of Knowledge.
In our last class we discussed Security Architecture and Models. Today’s class will examine topic under the fifth domain of the CBK; Telecommunications and Networking. This class focuses on the glue of network security, how networks work, how data is transmitted from one device to another, how protocols transmit information and how applications understand, interpret and translate data.
Shon Harris is a CISSP, MSCE and President of Logical Security, a firm specializing in security education and training. Logical Security provides training for corporations, individuals, government agencies and many organizations. You can visit Logical Security at www.logicalsecurity.com. Shon is also a security consultant, a former engineer in the Air Force Information Warfare Unit and an established author. She has authored two bestselling CISSP books, including CISSP All-in-One Exam Guide and was a contributing author to the book Hacker’s Challenge.
Shon is currently finishing her newest book, Gray Hat Hacking: The Ethical Hacker’s Handbook. Thank you for joining us today, Shon.
Shon: Thank you for having me.
Host: Before we get started I’d like to point out several resources that supplement today’s presentation. On your screen, the first link points to the library of our CISSP Essential classes. So you can attend previous classes and register to attend future classes as they become available.
The second link on your screen allows you test what you’ve learned with a helpful practice quiz on today’s material. And, finally you’ll find a link to the Class 5 Spotlight, which features more detailed information on this domain.
Now, we’re ready to get started. All yours, Shon.
Shon: Thank you. Thank you for joining us today. We’ll be looking at telecommunication and network domains. This is the largest domain of the CBK and it depends on your level of comfort on if you will feel if this is difficult or not. I find that a lot of people in security come from the networking background and so they have the understanding of what’s covered in this domain. It doesn’t mean that this domain is necessary simplistic then, which is usually overwhelming, even if you come from the networking world. It’s just the amount of information that’s covered.
We go through several different protocols. We look at the different types of cabling and security issues; LAN/MAN/WAN technologies, the network devices and different services, how telecommunication services and switching takes place, false tolerance and wireless technologies are covered also, along with other OSI model. So I kind of feel in the beginning of this domain really probably the first fourth is networks 101 information.
So, just like with all the other domains, each domain goes one inch deep, but it does go a mile wide. You do need to understand the difference between the UTP cabling, STP and fiber and coax. What are the differences there, what are the security issues, which ones are more affected by crosstalk and attenuation and which provides the most security?
We also look at LAN, MAN and WAN technology. This doesn’t mean just the actual how large the geographical area of the transmissions data that’s going to take place. What you’re really looking at when you’re comparing LAN, MAN and WAN technologies are protocols that work with a Data Link layer. It’s only the Data Link layer that understands the type of environment that you’re moving data over.
If you’ve got data that’s coming down your protocol stack, it’s at the Data Link layer that it’s going to be properly formatted for range for Ethernet or if it’s going over wireless or if it’s going over Frame Relay. So, when you’re talking about LAN, MAN and WAN technologies which is really what this domain covers, it’s looking mainly at the Data Link player and the protocols that work there.
After you go through the cabling, types of cabling and you understand what a DMZ is, which is the proper zone between trusted and untrusted environments you need to know what bastion hosts are and bastion hosts are just locked down systems. Any type of computer that’s in a DMZ needs to be a bastion host because they’re going to be the first line of devices that’ll be attacked.
Then you get into LAN topologies and when we’re talking about topology, we’re talking at the physical layer. This is just how devices are physically connected within an environment. So, the bus, ring, star and mesh topologies; you need know what they are, but also the downfalls of each one of them because each one has specific downfalls that you need to be aware of.
Now in our environment, even though there are certain downfalls for like a bus topology or ring topology. Our environments today, our networks today aren’t so vulnerable to only be negatively affected or to be negatively affected on what’s going on at the physical layer. We have Data Link layer technologies that have a lot of intelligence to be able to try to ensure the stability of the environment, even as we have some issues going on at the physical layer.
So at the Data Link layer we’re talking about LAN Data Link and we’re talking about LAN media access control technologies. These are technologies that have the rules of how devices are going to communicate over a shared medium. An Ethernet is contention-based technology, meaning that all of the nodes are competing for one shared medium, which is that cable. In wireless there’s also contention because all of the wireless devices are in contention or competing for a specific sector of frequencies.
So we have to have a technology that will determine how the devices communicate to the mediums. Also, how they communicate to each other and to ensure that collisions don’t take place. That’s a big issue within LANs is collisions. So, you and I put data on the line at the same time there’s a collision that negatively affects the network performance.
In LAN environments we need to understand Token-Ring and even though we’re not using much Token-Ring and Ethernet and wireless LANs and you need to know the different IEEE standards, 802.5 is Token-Ring, 802.3 is Ethernet, 802.11 is wireless LAN. And also realize that the Data Link later has two sub-layers that you need to know about, the logical link control layer and the MAC layer.
Now, wireless is becoming more and more important and more and more used within the industry thus the CISSP exam is covering wireless more and more. So you will need have a good handle of wireless technologies and the components within as the security issues and a lot of the common attacks.
We’ll quickly look at some of the IEEE standards for wireless. You also need to understand the difference of the types of spread spectrum technologies. Spread spectrum is just a way of getting data onto radio frequency signals. There’s three different types of spread spectrums; 802.11 is in use today. You’ll need to know the differences between the frequency-hopping and direct sequence and which standards are actually used.
There’s different ways that wireless devices and access points authenticate and you’ll need to know if it’s going to SKA or if it’s going to be open, which means that you’re not actually using WEP.
So let’s go ahead and look at some of these items. The one thing I don’t cover in this presentation is the WEP protocol stack. WEP protocol stack is used in wireless devices that do not have the resources to have TCP/IP stack. So, WEP is a protocol stack and I think the ones that you need to be most concerned about is WTLS. WTLS is similar to SSL or TLS that we use in a TCP/IP stack, but there’s an issue of gap in the WEP. There’s a security concern which is the gap in the WEP where translation between WTLS and SSL actually have to take place. I’m not going to cover that, but these are some of the wireless issues you will need to be aware of.
Now wireless has gone through amazing amount of generations in a very short period of time. We first came out 802.11 as an IEEE standard, works in 2.4GHz range and so does 11B and 11G, 2.4GHz referred to as the dirty spectrum and that’s just because there’s so many things that work there because it’s free. It’s a free spectrum to work in. It’s not regulated and that’s why a lot of things are working there. It can cause a lot of interference. It’s depending on what’s in your environment with your wireless LAN.
So we started off with .11, we went to .11b and we changed our spread spectrum technology and went A. A works in 5GHz range and has a higher bandwidth or data throughput. And so you’ll need to know the differences between these standards and where they’re used.
Now 802.11i is a standard that right now is in the process of being accepted. You probably have heard a lot of the security issues that surround wireless LAN and that has to do with the issues of WEP, wired equivalent privacy, and this is the protocol that you used for the encryption process for wireless LAN and for the authentication of WEP. WEP is so flawed that it really doesn’t provide any protection. There’s so many issues with WEP that even if you do enable it, if you just depend on WEP it can be cracked. The encryption can be cracked with free downloadable tools from the Internet.
So, it doesn’t mean that every wireless LAN today that’s set up is totally vulnerable, but what had happened is the standard itself, 802.11 standard is just so flawed that vendors have had to come up with their own solutions. So they’ve come up with their own Band-Aids and their own approaches to security. And that’s an issue is everybody’s doing their own thing. It’s not a standard and also it has inoperability issues.
WEP has been written a lot about. I’ve written very technical articles and given a lot of talks about the problems with WEP. We have a fix. We have a new standard that’s coming out. This is 802.11i. There’s part of it that’s backwards compatible that will provide high level protection for 802.11 wireless LANs that are currently out there and then a part of the standard that starts fresh. If you are just now looking to implement a wireless LAN and you should use that other portion which uses a totally different algorithm and everything.
Because of the problems with WEP, there’s just amazing amount of attacks that have been very successful with wireless LANs. You can usually eavesdrop, of course, on the traffic, especially if it’s not encrypted because some corporations seem to not understand that radio frequencies do not stop at your windows or at your walls or your doors. These radio frequencies go a long distance down the road and it depends on the signal strength of your access point.
So wardriving has been a very common thing where people have one or two laptops. You have an antennae and then you can eavesdrop on people’s signals and get into their system, get into their environment. That’s really the goal of carrying out attacks on wireless LANs is to gain access to the wired environment because most environments have a wired portion and a smaller wireless portion. They work in an infrastructure mode. There’s a difference between an infrastructure mode and ad-hoc mode. Ad-hoc and wireless means you have several different wireless devices that are communicating to each. They’re not communicating through an access point to a wired portion of the environment.
Most of the more common architecture’s infrastructure where you have wireless devices that have to authenticate and go through an access point to be able to communicate to the wired environment. So I said that WEP could be easily cracked and there’s ways of manipulating the data without the receiver knowing it. Rogue APs can be set up, rogue access points, because what happens when you have let’s say a wireless laptop and it’s booting up, your wireless card is sending out probes trying to find the closest access point. If you have two access points that are closer to you, it’s the signal strength that will be used in the decision process for which access point your card authenticates to. So, I can just throw up an access point that has a very strong signal. You’re wireless card will think that it’s the closest one to it and you’ll send over your credential information and I’ve captured it. That’s how rogue access points happen.
Now TCP/IP is suite of protocols. It’s not just TCP and IP, there’s a whole suite. You need to know how the services these different protocols provide security issues with them, reliable versus unreliable transporting of data, security issues of using just like telnetter FTP or TFTP, the levels of authentication they provide. SNMP is a very common method for hackers to use and gain a lot information about network devices. So you need to understand SNMP agents and managers work and what communities strings are and traps.
You also need to know which levels these different protocols work at. An ARP is an address resolution protocol that works with the Data Link layer and it’s job is that your data is going through a data encapsulation process, which means that it’s going down your protocol stack and the different protocols at these different levels of this stack are putting on their own instructions, which are in the headers or the trailers of the packet.
Now, it goes to the network layer and it gets an IP address, but your Data Link technologies do not understand IP addresses. So, it needs to have a MAC address. A MAC address is a hardware address that’s 48 bits. So ARP is responsible for finding out what the necessary MAC address that corresponds with the IP address that the computer’s trying to communicate with.
In this domain we go over different types of ARP attacks. ARP attacks can be carried out where a victim has the improper mapping between an IP address and a MAC address. So, I’m trying to send information to your IP address, but I’ve been under an ARP attack and the mappings that my ARP protocol has that when I, even though I put the right IP address on the packet, at the Data Link layer the attacker’s MAC address gets put on the packet so it goes to the attacker.
You’ll need to understand how ARP works, reverse ARP, BOOTP, DHDP, those types of protocols and ICMP. ICMP is a protocol that has been developed to just move around status and error messages. There’s a certain number of ICMP packets and it’s not been developed to move user data around, but just status information like when there’s a link that, maybe between routers, there’s a path that’s overloaded with traffic. So one router will send an ICMP message to indicate look you need to used another path because this ones too busy right now. And that could be a denial of service attack where you send ICMP messages to routers indicating that certain routes are down so that nobody sends data over a certain link.
Another common attack using ICMP as a Loki attack. There a Loki tool that you can actually put a little of information in an ICMP packet. Again, ICMP packet wasn’t developed to move user data back and forth. It just was packet information. But if I can actually put some data in and ICMP packet, then I can fool your firewall because most firewalls allow ICMP packets and don’t realize that they’re actually moving data around.
So, this domain goes over the different types of devices. You’ll need to know the basic functionality of these devices. What OSI layer they work at. In this presentation I don’t cover the OSI model, but you do need know it. An OSI model is developed to really kind of explain the different levels of functionality that takes place in a network pack and it’s provides standards for these different levels.
There’s seven different layers in the OSI model and it provides a standard and a module approach of developing a network stack so vendors can create their own protocols that work at one layer and you, as a consumer, you as a user can change out those different protocols or you can have them all in there, but they’ll be able to communicate with other vendor protocols that work at different layers because they follow standard and they standardized interfaces.
You need to know all about the OSI models, the different layers, the protocols that work the different and the functionality. We have network devices here that you’ll need to know really kind of the basic functionality of the I/O, a repeater just works at the physical layer. It’s amplifying the signal. It’s not doing any forwarding or routing. Bridge works mainly as a Data Link layer. It’s looking at MAC address for forwarding decisions. Routers work as mainly at the network layer and they can be packet filtering firewalls, which we’ll look at.
Switches mainly work at Data Link layers, although that we have much more sophisticated switches today that we can work at different layers and switches are really kind of the device of choice now in environments because of how fast they have to work compared to a bridge. A bridge works at the Data Link layer. But the actual processing is taking at the silicon level of the switch, which makes it much faster. Also switches have functionality and capabilities that are very beneficial network administrators, which is setting up VLANs and setting up logical containers for workstations and users and resources versus being tied to their physical location, which is how traditional non-VLAN-aware environments would be.
Today we have five generations of firewalls and you need to know the difference between the generations and the good and the bad about each one of them. Packets filtering is a first generation of basically a router with ACLs on them. It does not provide a high level of protection, but it doesn’t take a lot of processing. So, a lot of times those will be our border routers.
We need to know about two types of proxy firewalls. There’s circuit-level proxies, there’s application-level proxies firewalls. A proxy means that the actual connection between the sender and receiver is broken and a direct communication cannot take place. Circuit-level proxy will be making its access decision based on header information and an application-level proxy will be making it’s decisions based on the data payload of the packet along with the header information. So, you need to understand the differences between them, but also the good and the bad about them. Something that’s stateful means that it understands a protocol stack in it’s communication.
For example, a stateful firewall would understand that the first packet of a TCP connection is a SYN packet. The second packet is SYN-ACK and the third is ACK and then to close off that TCP connection is a FIN packet. Something that’s stateful can understand that and keep track of it, but also make access decisions based on the state of the communication.
So, if I try to communicate to you through a stateful firewall and I send you a SYN-ACK, the stateful firewall will know that I’m trying to do something that’s not safe. I’m trying to fool the firewall by sending a SYN-ACK. And the reason that I would do that is that I am trying to fool the firewall by saying, don’t look over here. Everything’s fine. We’ve already been communicating. See, I’m sending the sending stack of the communication with a SYN-ACK. The packet filter and some proxies may be fooled by something like that.
A kernal proxy is a newer generations and all of the processing actually takes place in the kernel and the kernel itself will create individual virtual network stacks. So, if there’s communication coming over HTTP protocol, the kernel proxy is going to create an HTTP kernel stack to properly investigate each portion of that packet before it allows it to go through.
Now a dynamic packet is different than a static packet filter. Static packet filters the first generation. A dynamic packet filter allows for ports to be dynamically opened and closed. First is static. There the ports are either open or their closed. But if you understand how ports work, that there’s zeros through 1023 are the well known ports and those are the ports that are used on the server side.
If I say that HTTP is a map to port 80, that’s on the server side. That’s not on the client’s side. So, if I’m using a web browser and I’m communicating to a web server, my client is actually going to chose a high port, a high random port. That’s beneficial when you’re using dynamic packet filters because the dynamic packet filter can open that high port that I’ve chosen just for the period of time I’m communicating the web server and then once I’m done communicating, that port is closed, which is different than a static packet filter.
Now not only do we need to know the different types of firewalls, we need to know where to place these firewalls and the architecture of our environment. There’s industry standards on firewall architecture. There’s the green host which just needs to have a screening device and then a firewall and that’s usually a screening router and then a firewall.
The Dual-Homed firewall architecture which means you have a firewall with two or more interfaces. Usually when you’re talking about a Dual-Homed firewall it means usually that you have a more than one segment hanging off of that firewall.
Then we have a screened subnet where you have two firewalls that are actually creating a full DMZ. Between subnet provides more protection because there’s two layers of protection that the attacker has to get to before they get to your internal network. So, you need to understand the different architecture models along with types of firewalls there are.
Also this domain goes over different encapsulation protocols, tunneling protocols, dial-up protocols and authentication protocols. PAP, CHAP versus EAP. Now EAP is a newer authentication protocol. It was developed to work specifically over PPP connections, but we’ve integrated EAP into other places also.
Now EAP is not a protocol that says specifically how authentication will take place. EAP is a framework really. It’s where you can actually plug in different types of authentication mechanisms. So, in traditional authentication steps, you either you PAP or you CHAP or you use MS-CHAP, but we need more flexibility. We need to have authentication that has higher security, has more flexibility.
Maybe we have remote users that are going to need to authenticate to get into our corporate environment. We don’t want to have a secondary user database of credentials. We want to use the same, the one user database we’re already using in our local environment. We already using Kerberos. So, why can’t my remote users just authenticate through Kerberos? So, and that’s the situation where you would actually use and implement EAP. It just provides more flexibility.
Now different types of tunneling protocols, and some people think that a tunneling protocol automatically provides protections, which is not true. A tunneling protocol just means that a packet is encapsulated and its transported from one environment to another. For example, if we had two locations that use IPX/SPX and Novell proprietary protocol and we needed our two locations to be able to communicate over the Internet. Well, they can’t because that protocol IPX/SPX is not understood over how the Internet has to be TCP/IP. So, we can tunnel from one location to the other if we have a tunneling protocol that could basically wrap those packets up and get them over to the destinations and unwrap them and allow them to work at the destination location.
So that’s what actually tunneling deals with and there’s different types of tunneling protocols, but in most situations we want to tunnel through networks, but we also want to provide a level of protection. We want a VPN. So a lot of times we hear tunneling protocols as to do with setting up VPNs.
Now our default protocol was PPTP. Whenever we set up VPNs we were using PPTP. So we’ve evolved. We’ve moved mainly to IP stack and IP stack works with the Data Link layers. A suite of protocols that provide a range of security services, data origins, authentication, integrity, confidentiality.
Now L2TP is a Cisco tunneling protocol that’s the combination of L2F, Layer-2 Forwarding, and PPTP. You would use L2TP if you needed to extend your VPN across a WAN link. So PPTP and IPSEC can only run over an IP environment. But L2TP can run over an IP environment, but it also can run over acts such as 5 Frame-Relay, ATM. So when you need to have your VPN extend over a WAN link, that’s when you would use L2TP. But L2TP is just a tunneling protocol. It doesn’t provide any protection. You’d have to use it in combination with IPSEC.
Now at one of the MAN technologies we understand is SONET. And SONET does not work as a Data Link layer. SONET works as the physical later and really it’s just a standard of the signaling as of how the data is actually being moved because everything’s being moved through some form of electricity. So, SONET is really just the standard of how data is going to be moved over fiber optic rings. You can think of SONET as a highway and allows different cars and buses and motorcycles and such to move over it because any type of data can move over SONET. The Data Link layers you can of as cars that move over SONET. So you can move Frame-Relay data. You can move ATM data. You can move any type of WAN technology.
And for SONET if you’re familiar with OC rings, OC dash and a number, those are SONET rings, optical carrier rings. And it’s the number after the OC-number indicates the bandwidth data throughput that can be carried over that carrier.
So, these are all the WAN technologies you need to for the exam. The characteristics of when one would be used over the other, the downfalls, the pros, the ISDN, you need to know the BRI versus PRI and then ISDN is just set of services. It’s emulated in actual telephone call. ISDN and DSL are technologies that allow for digital data to move over the last mile. The last mile is the only place within a telecommunication network that is still analog. The rest of the network is now digital.
If we want higher speeds and we want to, even over that last mile, move data in a digital format. So, ISDN or DSL is the choice. You need to know the difference between Frame-Relay, X.25 and ATM. Frame-Relay and XR 25 are packets switching technologies versus ATM as a self-switching technology. And there’s a difference between a circuit switching and a packet switching.
Circuit switching is how our telecommunication networks work for phone calls. So, if I call you what’s actually happening is our voice data is going back and forth through switches. When I dial my phone, there’s a protocol called signal 7 that will go and configure the switches between you and I. If you’re there you pick up the phone. All of our data goes back and forth through the same path until we hang up and signal 7 will tear down that virtual path.
Packet switching is different. Packet switching is basically when I send data to you over the Internet or over Frame-Relay or over XR 25. Those are packet switching technologies. And the data can take a bunch of different routes because it depends on how busy the different lengths are. So, data can come to you from me, from one source to one destination, but it can arrive out of sequence. So, the destination has to put it all back together again. That’s not really an issue when we’re moving data, but it’s more of an issue when we’re moving voice data. A voice-over-IP is becoming extremely popular in the industry and for good reasons.
I mean if we have voice-over-IP within our corporation, within our one building, let’s say, a big benefit is now you only have to maintain one network. Where before you had to maintain a phone network and you had to maintain a data network. But now they’re come together where the voice data is moving in packets just like our data does.
Also, people are using voice-over-IP for long distance phone calls and right now it’s very cheap and that’s because it’s not currently regulated. FCC has not regulated voice-over-IP, but as soon as they do the prices will definitely go up. So, again, it’s just using a moving voice data from the traditional circuit-switched environment to the packet-switched environment.
I’ve only touched on a few of the topics that are covered in this domain because it is so large. It does start off with the basic elements of telecommunication and networking, which are the cabling, the different types of signaling. You need to know synchronous versus asynchronous, digital versus analog, baseband versus broadband and then the different LAN media access technologies.
The OSI models that describes the network stack and you need to know the TCP/IP model. The TCP/IP model, also sometimes called the DOD model, is an older model. It only has four layers where the OSI model has seven. TCP model only describes TCP/IP where the OSI model is more of an open format to describe any protocol stack. So then you move into the network devices, the types of firewalls, there’s services that you need to know about.
You need to know how NAT, network address translation, works and the different types of NAT. The differences between IP version 4 and IP version 6. Then you move into the MAN technologies; SONET, FDDI and a lot of WAN technologies. The majority of this domain covers the WAN technologies and we’ve barely touched on a few of them.
Of course the security issues involved with a lot of these components along with attacks that are used against these components which mainly at different types of denial of service attacks and distributed denial of service attacks. So, this is a large domain, but if you understand it, if you understand these components, it really gives you a strong understanding from the network and ARP and how the different types of attacks take place and the different devices and component mechanisms that we use today to protect ourselves.
Host: Thank you, Shon. This concludes Class 5 of CISSP Essentials: Mastering the Common Body of Knowledge - Telecommunications and Networking. Be sure to visit www.searchsecurity.com/CISSPessentials for additional class materials based on today’s lesson and to register for our next class on Applications and System Development. Thanks again to our sponsor and thank you for joining us. Have a great rest of the day.
This was first published in September 2008