Telecommunications and networking use various protocols, devices, software and services that are interrelated and integrated. Networking is one of the most complex topics in the world of information security, and its complexity is only increasing as technology explodes in each part of our personal and professional lives.
At one time, a technology-oriented person could have a solid understanding of most of the components that made up a network. In 2005 and earlier, the majority of networks had a limited number of protocols, each with a relatively small subset of functionality, and CPU processors had only one core, not the millions of microscopic integrated circuits that are printed on tiny silicon chips today. Operating systems were monolithic in architecture and not bloated with millions of lines of programming code. The number of operating system types and programming languages was small, and computers systems were not as interconnected with external entities around the world as they are today.
Then in the mid-2000s, life as we knew it changed, and technology has only increased in complexity in every possible spectrum at an exponential rate ever since. Complexity and security mix together about as well as water and oil do. With increased complexity, the challenge of securing each and every component properly can become close to impossible if security professionals are not truly knowledgeable. You can only secure something if you understand it, and today's networked, borderless and digital world requires security professionals to know much more than their predecessors ever did to be truly successful. Today's network administrators or engineers must know not only how to configure networking software, protocols, services and devices but also how to deal with interoperability issues, install, configure and interface with telecommunication software and devices, and troubleshoot effectively. Security professionals have an even more difficult challenge: They must understand these issues as well as the vulnerabilities associated with each item, how exploitation can take place and what countermeasures should be put into place.
In this spotlight article for the Telecommunications and Networking domain of the Certified Information Systems Security Professional (CISSP) exam, I will discuss the core topics of the domain, including:
- Network protocol models: Open Systems Interconnect (OSI) and TCP/IP models and associated protocols;
- Core technologies: LAN, MAN and WAN;
- Network components and services: Network devices and services, telecommunications, devices and resource management; and
- Extension technologies: VPNs, authentication and wireless technologies.
Network protocol models
While the basics of network technologies aren't considered the most exciting parts of information security, it is vital knowledge to possess. If you don't understand the fundamentals of networking, you will never be able to secure a networking environment. It would be like a medical doctor not knowing how internal organs work together.
Each network is made up of different layers of protocols. Each layer has its own function and reason for existence, and each layer is directly dependent upon the layers both above and below it. This is also analogous to the human body: Bodies are made up of skeletal, muscular, cardiovascular, endocrine, nervous, respiratory, lymphatic and many other systems, each with its unique function, and each would be useless without the other systems working together properly.
Understanding a network protocol stack is one of the most critical aspects of learning networking because every network uses each of the layers of this stack every second of every day for many different tasks. Each layer of a network protocol stack has a core function (e.g., routing, session management, security, addressing and so on), and each layer can be populated with a range of different protocols (such as SMTP, HTTP, IP, TCP, PPP, Ethernet). Each protocol at each layer can be compromised several different ways (e.g., session hijacking, spoofing, header manipulation, injection and so on).
While most people in the information security industry know what different protocols do (for example, that HTTP moves around Web-based data, SMTP moves around email data, IP addresses and routes packets), many do not understand protocol stacks holistically. If you don't understand protocol stacks holistically, you'll never truly understand networking, because every single device on a network uses and depends on protocol stacks.
Students studying for the CISSP exam often memorize characteristics of protocol stack models but miss the opportunity to learn networking from the ground up. Just like the doctor who couldn't do his job properly because he didn't understand all of the systems that make up a body, a security professional cannot secure a network without understanding these protocol models intimately and the protocols that make them up.
When society decided that computers needed to be connected and communicate with each other, there were only a few networking protocols to work with. The TCP/IP protocol stack was one of the first standards that outlined how data was to be formatted, routed and transmitted. The acronym stands for Transmission Control Protocol (TCP) and the Internet Protocol (IP), but the TCP/IP model represents a whole suite of protocols.
As the diversification of the types of software and systems that needed to communicate increased, the industry found that the TCP/IP model was too limited to use by itself. Other networking protocols were in use during this time (in the 1960s and 1970s), but they were vendor-specific and proprietary and did not allow for interoperable communication between different system types. This led to the creation of the OSI model, which standardized protocol functionality through the use of abstraction layers.
Both the OSI and the TCP/IP protocol models provide the rules necessary to ensure that a switch will be able to transfer data to different types of network segments, that network cards successfully encode bits such that they will be transformed into electrical signals for transport, and that two machines running different operating systems and software can successfully set up a communications session to exchange data securely.
If CISSP students don't understand how these technologies work together, networking can seem as though it happens in the background, magically. As a security professional, if you really understand these technologies, you will easily understand how a vast array of network attacks take place and how to counter them.
The CISSP exam covers what protocols are used at each of the seven layers of the OSI model, and what each of these protocols does to help move data down the layer chain for transport to another system; for example, the TCP/IP stack model focuses on a set of protocols built around the TCP and IP protocols, which form the basis of how data travels from one device to another device. Additionally, many protocols that work within the OSI model provide software-to-software communication, which is very different from device-to-device communication.
In the next section, we will cover the network protocol stack models and the protocols that work within these models.
Fundamentally, electronic communication takes place over analog or digital carrier signals. Analog transmissions are made up of signals that have various frequencies and amplitudes; digital transmissions are made up of discrete units that are better aligned with the binary nature of computer communication. The physical aspects of moving data from one place to another are interconnected with the physical mediums (e.g., copper, fiber, airwaves) used to connect communicating systems. The protocols and technologies that work at the data link layer of the OSI model encode data being transmitted into the correct format for the carrier signal and medium type being used. For example, an Ethernet driver works hand-in-hand with an Ethernet network interface card to encode data into the correct voltage values to move across a copper wire. While the CISSP exam does not get into topics like encoding data into voltage values, understanding networking concepts to this level will improve your comprehension of this domain.
Over the years, new technologies have extended the capabilities of older copper-wire transport infrastructures by means of compression and modulation methods, and by digitizing data over previous analog connections. Two examples of this include how ISDN and DSL technologies digitize data within previously analog voice-oriented connections. Data is 'packaged up' for transmission differently by LAN, MAN and WAN technologies. For example, if you send an email to someone who resides in another country, your message has most likely been formatted for Ethernet, FDDI and ATM, and has moved over copper wires, SONET fiber connections, ATM fiber connections and potentially through wireless connections. Data packets have amazing lives as they bounce around the Internet. If you truly understand these technologies, you will be able to understand how attackers commonly hijack them.
The CISSP exam covers packet versus circuit switching technologies, ISDN, DSL, FDDI, SONET, ATM and Metro Ethernet. CISSP candidates must understand these technologies, their differences and potential security issues.
Network components and services
Networking devices such as repeaters, bridges, routers and switches are covered in the Telecommunications and Networking domain. Firewalls are also covered in depth, as they represent critical protection on an enterprise network. Security protection methods such as the use of packet filtering, stateful packet inspection, dynamic packet filtering, kernel firewalls and architecture (DMZs, bastion and screened hosts, and screened subnets) are all critical components. Application, circuit level and kernel proxies are also covered in this domain, as well as the strategies best employed to provide optimal security. Diversionary tactics, such as honeypots, are useful to protect production systems, as are segregating and isolating parts of the network to increase security control.
Network operations systems and services are designed to control network resource access and provide the necessary services to enable a system to interact with the surrounding systems and devices. Resource monitoring and management is essential to any security strategy since hackers may attempt a resource hijacking -- such as usurping available resources via a denial-of-service attack -- in order to paralyze a network. Understanding the inner workings of networking services such as NAT, DNS, DNSSEC and VPN is necessary.
Security professionals must understand tunneling, dial-up and VPN protocols as well as the following authentication technologies:
- Password Authentication Protocol (PAP)
- Challenge Handshake Authentication Protocol (CHAP)
- Extensible Authentication Protocol (EAP)
- IEEE 802.1x port authentication
Wireless technologies are abundant in the industry, and earlier versions are riddled with security issues. A security professional must understand at least the following components of wireless, their surrounding security issues and necessary countermeasures:
- IEEE standards, including 802.11, 802.11a, 802.11b, 802.11i, 802.11n, 802.16, 802.15 and 802.11g;
- Spread spectrum technologies: FHSS, DSSS, OFDM;
- Access points and wireless device authentication architecture; and
- Device authentication, authorization and association: SKA, OSA, SSID.
The Telecommunications and Networking domain goes into the different components within different types of networks, including how they work together to provide an environment for users to communicate, share resources and be productive.
Each network component is important to security because almost any one of them can introduce unwanted vulnerabilities and weaknesses into the infrastructure. It is important that security professionals not only understand how various devices, protocols, authentication mechanisms and services work individually, but also how they interface and interact with other entities. This can be an overwhelming task because of all the possible technologies involved. However, knowledge and hard work will keep security professionals up to speed and, hopefully, ahead of the hackers and attackers.
CISSP® is a registered certification mark of the International Information Systems Security Certification Consortium, Inc., also known as ISC(2).
RETURN to the main page of SearchSecurity's CISSP Essentials Security School.