The following are a few of the topics that are covered in this domain:
- Protocol stack models: OSI, TCP/IP stack models, their abstraction layers, associated protocols and their relationship to each other
- Core technologies:: Network topologies, LAN, MAN and WAN, cabling and data transmission types, network and telecommunications devices and services, and Web-based intranet and extranet Web technologies
- Network components and services: Network devices and services, telecommunications, devices and resource management
- Extension technologies: Remote access methods and technologies, and wireless technologies
Protocol stack models
As computers evolved, it became apparent that standards were required to guide the development of diverse systems so they would be able to communicate with one another. As a result, two abstraction models evolved representing standard sets of protocols commercial developers use to ensure interoperability with other vendor products. Both the Open Systems Interconnect Model (OSI) and the TCP/IP stack model provide the rules necessary to ensure a gateway will be able to transfer information to different types of network segments, that network cards successfully encode bits such that they will be transformed into electrical signals for wire transport, and that two machines running different operating systems and software can successfully set up a communications session to trade information securely. Understanding the layers that make up these models assists in architecting communications systems that will interoperate and in troubleshooting security problems.
A CISSP® candidate must understand what protocols are used at each of the seven layers of the OSI model, (for instance ARP, RARP, PPP and SLIP at the Data Link layer as opposed to ICMP and RIP at the network layer) and what each of these protocols does to help move a message down the layer chain for transport to another system. The TCP/IP stack model focuses on a set of protocols built around the TCP and IP protocols, which form the basis of how data travels from one device to another. In each case, the transformation of messages by these protocols is traced as they are prepared for transport for ultimate delivery to their destinations.
Security professionals must understand how and where protocols work because there are many types of vulnerabilities and attacks that can be carried out at each layer of a protocol stack. For example, Teardrop, Loki and Smurf attacks take place at layer three, and ARP attacks take place at layer two. A security professional needs to understand how these attacks take place and the necessary countermeasures for each one.
Fundamentally, electronic communication takes place over carrier signals (analog transmission), or radio frequencies (wireless). Data can also be encoded into discrete units (digital). Over the years, new technologies have extended the capabilities of older copper wire transport infrastructures by means of compression and modulation methods and digitizing data over pervious analog connections. At the same time, fiber optic technology — though more costly and difficult to use--has provided the means to deliver data in different formats, such as voice, music and streaming video in real time over SONET rings and more. A brief history of telecommunications evolution is covered in this domain, including discussion of T-Carriers, S/WAN (a security solution), CSU/DSU, SMDS, FDDI, ISDN, circuit switching, packet switching, frame relay, X.25, DSL, cable modems, VoIP, and ATM technologies, among others. A CISSP candidate needs to understand these technologies, their differences and potential security issues.
How topologies are applied to Local Area Networks (LAN), Metropolitan Area Networks (MAN) and Wide Area Networks (WAN) is covered in this domain, with special emphasis on common technologies applied in these environments such as Ethernet, Token Ring, FDDI and cabling types (i.e. coaxial, twisted pair, fiber optics), their physical characteristics, individual capabilities and weaknesses from the standpoint of physical integrity and security. Methods for distributing messages within LAN media technologies is covered, including token passing, polling and the use of collision management protocols such as CSMA/CD and CSMA/CA. Intranets and extranets are contrasted, and a general discussion of address naming conventions is also addressed.
Network components and services
Networking devices such as repeaters, bridges, gateways, routers, switches and PBXs are covered in detail in this domain. Firewalls — a kind of filtering gateway -- are covered in depth, as they represent a critical protection device on the enterprise network. Security protection methods such as the use of packet filtering, stateful packet inspection, dynamic packet filtering, kernel firewalls and architecture (ie. DMZs, bastion and screened hosts, and screened subnets), are critical components. Application, circuit level and kernel proxies are covered at length in this domain, including the strategies best employed to provide optimal security. Diversionary tactics, such as honeypots are useful to protect production systems, as are segregating and isolating parts of the network to increase security control.
Network operations systems and services are designed to control network resource access and provide the necessary services to enable a computer to interact with the surrounding systems and devices. Resource monitoring and management is essential to any security strategy as resource hijacking is a potential objective of hackers attempting to paralyze a network by usurping available resources, as in a denial-of-service attack. Understanding the inner working of networking services and protocols such as NAT, DNS, SMNP, DNSSEC, L2TP and IPSec is necessary.
A security professional must also understand tunneling, dial-up and VPN protocols along with the following authentication technologies:
- Password Authentication Protocol (PAP)
- Challenge Handshake Authentication Protocol (CHAP)
- Extensible Authentication Protocol (EAP)
VPN technologies IPSec, PPTP and L2TP should also be understood, along with their differences, security issues and where they are best used.
Wireless technologies are becoming abundant in the industry and are riddled with security issues. A security professional must understand the following components of wireless, their surrounding security issues and necessary countermeasures:
- IEEE standards: 802.11, 802.11a, 802.11b, 802.11i, 802.16, 802.15, 802.11g, etc.
- Spread spectrum technologies: FHSS, DSSS, OFDM
- Access points and wireless devices
- Device authentication, authorization and association: SKA, OSA, SSID
- Wireless protocol stack: WAP
- Security issues: WEP, TKIP, "gap in the wap," rogue APs, war driving
This domain goes into the many different players within different types of networks, including how they work together to provide an environment for users to communicate, share resources and be productive. Each piece of networking is important to security, because almost any piece can introduce unwanted vulnerabilities and weaknesses in the infrastructure. It is important that the security professional understand how the various devices, protocols, authentication mechanisms and services work individually, and how they interface and interact with other entities. This can be an overwhelming task because of all the possible technologies involved. However, knowledge and hard work will keep security professionals up to speed and hopefully in front of the hackers and attackers.
- Now that you've been introduced to the key concepts of Domain 5, watch the Domain 5: Telecommunications and Networking video
- Return to the CISSP Essentials Security School main page
- See all SearchSecurity.com's resources on CISSP certification training
CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as ISC(2).
This was first published in September 2008