september 18, 2002raisf & rit cissp prep domain 2 - 20021 cissp review course domain 2:...

September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002 1

CISSP Review Course

Domain 2:

Telecommunications and

Network Security

This presentation includes a compendium of slides, both original and gathered from various public information sources and is not intended for use by any for-profit individuals or organizations


Domain Objective:Telecommunications and Network Security

The objective of this domain is to understand:• data communications in terms of physical and logical

networks, including local area, metropolitan area, wide area, remote access, Internet, intranet, extranet, their related technologies of firewalls, bridges, routers, and the TCP/IP and OSI models

• communications and network security as it relates to voice, data, multimedia, and facsimile

• communications security management techniques that prevent, detect, and correct errors

We will cover most, but not all of these areas in this review


Domain Summary:Telecommunications and Network Security

The telecommunications and network security domain is a very significant part of the CBK. The information for this domain typically represents 15% of the CISSP exam content and includes the structures, transmission methods, transport formats, and security measures used to provide and ensure the integrity, availability, authentication, and confidentiality of transmissions over private and public communications networks.


Network and Data Link Structures: OSI Standards Development

• ISO – International Standards Organization• ECMA – European Computer Manufacturers Association• CCITT – International Telegraph and Telephone Consultative

Committee• IEEE – Institute of Electrical and Electronics Engineers• ANSI – American National Standards Institute • MAP/TOP – Manufacturing Automation Protocol/Technical

Office Protocol• NIST – U.S. National Institute for Standards and Technology• NSA – U.S. National Security Agency

September 18, 2002 RAISF & RIT CISSP Prep Domain 2 - 2002

OSI Reference Model

Open Systems Interconnection Reference Model

Standard model for network communicationsAllows dissimilar networks to communicateDefines 7 protocol layers (a.k.a. protocol stack)Each layer on one workstation communicates with

its respective layer on another workstation using protocols (i.e. agreed-upon communication formats)

“Mapping” each protocol to the model is useful for comparing protocols.


Network and Data Link Structures: OSI’s Seven Layers of Network Architecture

OSI Model (Mnemonic: All People Seem To Need Data

Processing)

Provides data representation between systemsProvides data representation between systems

Establishes, maintains, manages sessions Establishes, maintains, manages sessions example - synchronization of data flowexample - synchronization of data flow

Provides end-to-end data transmission integrityProvides end-to-end data transmission integrity

Switches and routes information unitsSwitches and routes information units

Provides transfer of units of information to other Provides transfer of units of information to other end of physical linkend of physical link

Transmits bit stream on physical mediumTransmits bit stream on physical medium

66

55

44

33

22

11

Provides specific services for applications such as Provides specific services for applications such as file transferfile transfer

77 ApplicationApplication

PresentationPresentation

SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical


OSI Reference Model Data Flow

66

55

44

33

22

11

77 ApplicatioApplicationnPresentationPresentation

SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical

CLIENT SERVERData travels dow

n the stack

Through the network

The

n up

the

rece

ivin

g st

ack

66

55

44

33

22

11

77 ApplicatioApplicationnPresentationPresentation

SessioSessionnTransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical

As the data passes through each layer on the client information about that layer is added to the data.. This information is stripped off by the corresponding layer on the server.


Network and Data Link Structures: OSI v TCP/IP - Implementation

RAISF & RIT CISSP Prep Domain 2 - 2002 9

Application Layer

Presentation Layer

Session Layer

Transport Layer

Network Layer

Data Link Layer

Physical Layer

7

6

5

4

3

2

1

OSI

Network

IP

TCP

Application

UDP

TCP/IP• The Open System Interconnection [OSI]

is a seven layer structure for the use in

every type of network.

• Defined by the ITU-T (Geneva) and

modelled after the IBM System Network

Architecture [SNA].

• A very complex model; difficult to

implement and hard to use.

• Not fully compliant with the TCP/IP

protocol, which is more simple

• TCP – Transmission Control Protocol

• IP- Internet Protocol

• UDP – User Datagram Protocol.

Network and Data Link Structures: OSI vs.TCP/IP - Mapping




Processing)







66

55

44

33

22

11




SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical


Network and Data Link Structures: ISO/OSI Layers & Characteristics

• Application Layer (layer 7)- protocols and services are used by applications to

communicate information to lower layers- layer where all information originates and applications run- best layer for encryption and access control services

FTP (File Transfer Protocol) HTTP (HyperText Transfer Protocol) SMTP (Simple Mail Transfer Protocol)




Processing)







66

55

44

33

22

11




SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical



• Presentation layer (layer 6)- negotiates information exchange with applications and

destination, functions include data transfer and structure- information syntax negotiation and transformation - adapts information for different representation when

communicating to another system

• For example, translates between differing text and data character representations such as EBCDIC and ASCII

• Also includes data encryption• Layer 6 standards include JPEG, GIF, MPEG, MIDI




Processing)







66

55

44

33

22

11




SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical



• Session layer (layer 5) – Establishes, manages and terminates

sessions between applications– coordinates service requests and responses

that occur when applications communicate between different hosts

- most login functions are in this layer (ID and authentication)

– Examples include: NFS, RPC, X Window System, AppleTalk Session Protocol, SPX




Processing)







66

55

44

33

22

11




SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical



• Transport layer (layer 4)- end-to-end transfer, flow control, error recovery, congestion

control - provides transparent data transfers between session

processes, optimizes network services, uses protocol to regulate data transfer

• TCP• UDP

– Gateways operate at layer 4 to layer 7


Internet Protocols and Security:Internet Protocols - layer 4

• User Datagram Protocol (UDP) - layer 4 transport– connectionless- Same level of service used by IP - It is easier to spoof UDP packets

• Transport control protocol (TCP) - layer 4 transport- Provides reliable virtual circuits to user packets- Damaged packets are retransmitted- Incoming packets are sequenced- Congestion Control




Processing)







66

55

44

33

22

11




SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical



• Which path should traffic take through networks?

• How do the packets know where to go?• What are protocols?• What is the difference between routed

and routing protocols?


Network Layer• Only two devices which are directly connected

by the same “wire” can exchange data directly• Devices not on the same network must

communicate via intermediate system• Router is an intermediate system• The network layer determines the best way to

transfer data. It manages device addressing and tracks the location of devices.

• Routers operate at this layer.



• Network layer (layer 3) - provides message routing and relaying independent of transport

protocol - can determine routing for performance

– Provides routing and relaying• Routing: determining the path between two end systems• Relaying: moving data along that path

– Addressing mechanism is required– Flow control may be required– Must handle specific features of subnetwork

• Mapping between data link layer and network layer addresses



• IP packets - Bundles of data with a specific format- Foundation for TCP/IP protocol- 32-bit length- Few hundred bytes longs- Uses unreliable datagram service – no guarantees- Can be fragmented when packet is too long



• Address resolution protocol (ARP) - layer 3 mapping- IP packets sent over Ethernet- Maps 32 bit IP address to 48 bit MAC address-

• Internet Control Message Protocol (ICMP) - layer 3- Mechanism used to influence behavior of TCP & UDP- Provides best route information to network devices- Reports trouble with routing to network devices- Terminates problem connections- Supports PING program


Internet Protocols and Security:Internet Protocol Security - layer 3

• Internet Protocol Security (IPSEC) - suite of authentication and encryption protocols for IP – Proposed IETF interoperable security standard– Standard to be implemented on all network devices– Used to authenticate TCP/IP connections– Adds confidentiality and integrity to TCP/IP packets– Transparent to application and network infrastructure– Supports VPN




Processing)







66

55

44

33

22

11




SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical



• Data link layer (layer 2)- manages communication between adjacent or broadcast networks,

independent of network access method

- data link connection and flow control link

- divides large volumes of data into smaller packets

• Media Access Control (MAC)– refers downward to lower layer hardware functions

• Logical Link Control (LLC)– refers upward to higher layer software functions


Network and Data Link Structures: Ethernet Frame Format

Notes:

- The pad field is used to extend small packets to the minimum 64 byte length

- Ethernet types can be found at http://www.standards.ieee.org/regauth/ethertype/type-pub.html

Preamble(7-Bytes)

Start Frame

Delimiter(7-Bytes)

Dest.MAC

Address(6-Bytes)

Source.MAC

Address(6-Bytes)

Length/Type

(2-Bytes)

MAC Client Data

(0 – n Bytes)<=1500 for standard

=>1536 for other types

Pad(0 – p Bytes)

Frame Check

Sequence(4 Bytes)


Network and Data Link Structures: Ethernet Frame Type and Access Method

Access Method - CSMA/CD (Carrier Sense, Multiple Access with Collision Detect)With the exception of the full-duplex variations of ethernet, all versions compete for access to the network using this protocol. Essentially, each node monitors the media for an active signal (carrier) and attempts to ‘talk’ only when the line is ‘quiet’, but monitors the line for collisions during the transmission. If a collision is detected, the protocol specifies how long the device must wait before attempting to transmit again. This differs from token protocols (such as token ring), which ‘pass’ a virtual token from node to node to control access to the media.

IEEE 802.2 SNAP/LLC

Logical Link Control LLC

SubNetwork Attachment PointSNAP

Note: The SNAP/LLC are inserted in the first part of the data field

AA AA 03 00 00 00 08 00

3 Octet OUIOrganizationally Unique Number

2 Octet TYPE


Network and Data Link Structures: Ethernet Frame Informational Fields

IP Header - Protocol Type Identifiers (used in SNAP frame)• ICMP (1) – Internet Control Message Protocol

• IGMP (2) – Internet Group Management Protocol

• TCP (6) – Terminal Control Protocol

• UDP (17) – User Datagram Protocol

TCP/UDP Port Identifiers• FTP (20/21)- File Transfer Protocol, which is used for transferring files across the network.

• Telnet (23) - An application for remotely logging into a server across the network.

• SMTP (25) - Simple Mail Transfer Protocol, used for transferring email across the Internet.

• TFTP (69) - Trivial File Transfer Protocol, which is a low overhead fast transfer FTP protocol.

• HTTP (80) - HyperText Transport Protocol, which is used for transferring web pages.

• NNTP (119) - Network News Transfer Protocol, which is used for transferring news

• SNMP (161/162) -Simple Network Management Protocol, used for managing network devices.

• SSL (443) – Secure Socket Layer, used to provide security to web site communications




Processing)







66

55

44

33

22

11




SessionSession

TransportTransport

NetworkNetwork

Data LinkData Link

PhysicalPhysical



• Physical layer (layer 1)- provides physical connection for transmission between data link

processes

- bitstream transmission over physical media

• Specifies the electrical, mechanical, procedural, and functional requirements for activating, maintaining, and deactivating the physical link between end systems

• Examples of physical link characteristics include voltage levels, data rates, maximum transmission distances, and physical connectors


Network Devices and Communications: Glossary - Data Network Devices

• Hub/Repeater/Concentrator – provides physical interconnection of multiple nodes to a network; very common for UTP LANs

• Bridge – a device that connects segments of the same LAN; operates in network layer 2

• Brouter - a router that can bridge, merging both capabilities into a single box. Routes selected protocols and bridges all other traffic.

• Router – a device that are similar to bridges but contain network management protocols that enhance network functionality. A router operates in the network layer 3.

• Gateway - used to connect LANs to other LANs or hosts; can act as a translator between networks using incompatible protocols. A gateway operates in any layer from 4 to 7.

• Backbone - is the major transmission part of the network that connects all the data network devices but does not connect directly to the user


Network Devices and Communications: Glossary - Data Transmission Methods

• Leased line networks – dedicated private facilities• Dedicated line – a private or leased line• Common carriers – a common carrier voice line• Digital communications – passes data encoded in on-off pulses• Analog communications – a continuous signal varied by

modulation• Synchronous communications – high speed, data synchronized

by electronic clock signals• Asynchronous communications – transfer data by sending bits

sequentially


System and Security Management:Local Area Network

• Primarily a data communications network• Devices are within a limited area - 4 to 100 MBS• Supports a specific user group and topology• Usually not connected through a public switched

network• Typical network services - file, mail, print,

communications, terminal services• Typical connection of LANs

- Campus Area Network (CAN)- Metropolitan Area Network (MAN)


LAN Topologies

• Star

• Bus

• Tree

• Ring


Star Topology

• Telephone wiring is one common example– Center of star is the wire closet

• Star Topology easily maintainable


Bus Topology

• Basically a cable that attaches many devices

• Can be a “daisy chain” configuration• Computer I/O bus is example


Tree Topology

• Can be extension of bus and star topologies

• Tree has no closed loops


Ring Topology

• Continuous closed path between devices

• A logical ring is usually a physical star• Don’t confuse logical and physical

topology

MAU


System and Security Management:LAN Topologies

• Ring - interconnects systems to each other to form a ring – All data packets pass through each workstation on ring– If a workstation fails all communications fails

• Star - uses a central hub connecting workstations and servers– Optimal for a large number of devices– Short cable runs for devices; helps with troubleshooting

• Bus - uses a single cable through entire network with workstations and servers as drop-off points– Easy to expand number of devices due to one cable run– More susceptible to problems; cable is single point of failure


LAN Access Methods

• Carrier Sense Multiple Access with Collision Detection (CSMA/CD)– Talk when no one else is talking

• Token– Talk when you have the token

• Slotted– Similar to token, talk in free “slots”


LAN Signaling Types

• Baseband– Digital signal, serial bit stream

• Broadband– Analog signal– Cable TV technology


LAN Types

• Ethernet• Token Ring• FDDI• Wireless


Ethernet• Bus topology - distance limitations• 10 - 100 - 1000 MBS• CSMA/CD• Baseband• Most common network type • IEEE 802.3• Broadcast technology - transmission

stops at terminators


Token Ring

• IEEE 802.5• Flow is unidirectional• Each node regenerates signal (acts as

repeater)• Control passed from interface to

interface by “token”• Only one node at a time can have token• 4 or 16 Mbps


Fiber Distributed Data Interface(FDDI)

• Dual counter rotating rings– Devices can attach to one or both rings– Single attachment station (SAS), dual (DAS)

• Uses token passing• Logically and physically a ring• ANSI governed


Wireless Networks

• IEEE 802.11b• Rapidly Emerging• Security Vulnerabilities

– Eavesdropping, snooping– Theft of Services


System and Security Management:LAN Physical Media Characteristics

• Twisted pair (UTP) – phone wire, cheapest to install, limited in distance and bandwidth, used within a building. Comes in unshielded (UTP) and shielded (STP)twisted pair versions

• Coaxial cable – solid copper wire core with insulation, expensive to install, resistant to interference

• Fiber optic – glass fibers surrounded by insulation, higher transmission speed, longest distance for signal strength, most expensive, difficult to tap

• Infrared and radio frequency (RF) - uses over-the-air signals, susceptible to interference, becoming widely used since 802.11b

• Attenuation – loss of signal strength when cable length exceeds maximum range


System and Security Management:Local Area Networks

• Virtual Local Area Network (VLAN)– Keeps users grouped according to a common task– Uses a high speed backbone and asynchronous transfer– Not physically connected to a server but logically connected

• Metropolitan Area Network (MAN)– Connects LANs over a large geographical area

(i.e. several blocks away to citywide)– Interconnects two or more LANs– Can be owned by a private or public vendor



• Virtual Private Network (VPN)- Establish a secure network link between two specific

network nodes using encryption- VPN agent at remote client and server authenticate- Technique uses secure handshake and key exchange- Establishes a dynamic encrypted link- Works only with IP- Operates at OSI layer 3 (network)



• Wide Area Network (WAN)– Connects LANs over a large geographical area

(i.e. across cities to distant continents)– Network can consist of LANs, MANs, and host computers– Supports multiple communication protocols and network

services– Dedicated public or virtual circuits used for service

• Value-Added Network (VAN) - carriers that lease lines from common carriers and then provide additional services


Network switching

Circuit-switched Transparent path between devices Dedicated circuit

Phone call

Packet-switched Data is segmented, buffered, & recombined


Internet Protocols and Security:WAN Data Transmission Protocols

• X.25 - defines interface between a computing device and a packet switched network

• Frame Relay - standardized packet switching service that improves X.25 with better error recovery

• ISDN - Integrated Services Digital Network– Basic Rate Interface (BRI)– Primary Rate Interface (PRI)

• High speed Serial - T1, E1, T3, E3, Fractional• ATM - Asynchronous Transfer Mode

RAISF & RIT CISSP Prep Domain 2 - 2002 55

• Today• Analog or ISDN phone line with Point-to-Point Protocol

[PPP]• Mobile phones• Digital Subscriber Line [DSL]• Asynchronous DSL [ADSL] • Cable TV

• Tomorrow• High-Speed Mobile phones• Wireless Local Loop [WLL]• Power lines• Broadband Satellite

Internet Security:Access Technologies


Internet Protocols and Security:Internet Protocol (IP)

• IP does not guarantee delivery of data– Connectionless

• Allows the protocol to service a request without requesting a verified session and without guaranteeing delivery of data

• Addressing– Current IPv4 addressing is 32 bits– Proposed IPv6 is 128 bits– More ranges to allocate to eliminate duplicate ranges– Complexity of transition increases network control devices– New addressing scheme has embedded security


IPv4 & IPv6 Header Comparison

Version IHL Type of Service Total Length

Identification Flags Fragment Offset

Time to Live Protocol Header Checksum

Source Address

Destination Address

Options Padding

Version Traffic Class Flow Label

Payload Length Next Header Hop Limit

Source Address

Destination Address

IPv4 Header

IPv6 Header


IPv4 & IPv6 Functionality Comparison

IP Service IPv4 Solution IPv6 Solution

Addressing Range32-bit, Network Address

Translation128-bit, Multiple Scopes

Autoconfiguration DHCPServerless Configuration, Reconfiguration, DHCP

Security IPSecIPSec Mandated, works End-to-End

Mobility Mobile IPMobile IP with Direct

Routing

Quality-of-ServiceDifferentiated Service,

Integrated ServiceDifferentiated Service,

Integrated Service

IP Multicast IGMP/PIM/Multicast BGPMLD/PIM/Multicast BGP,

Scope Identifier


Domain Objectives Re-visited:Telecommunications and Network Security

The objective of this domain is to understand:• data communications in terms of physical and logical

networks, including local area, metropolitan area, wide area, and the TCP/IP and OSI models

Next Week• Remote access, Internet, intranet, extranet, their

related technologies of firewalls, Proxy servers, and controls

• communications and network security as it relates to voice, data, multimedia, and facsimile

• communications security management techniques that prevent, detect, and correct errors


1. This protocol matches an Internet Protocol (IP) address to an Ethernet

address.

a. Address Resolution Protocol (ARP). b. Reverse Address Resolution Protocol (RARP). c. Internet Control Message protocol (ICMP). d. User Datagram Protocol (UDP). 2. Which of the following is a LAN transmission protocol?

a. Ethernet b. Ring topology c. Unicast d. Polling

Domain 2 Practice Questions


3. The basic language of modems and dial-up remote access systems is

a. Asynchronous Communication. b. Synchronous Communication. c. Asynchronous Interaction. d. Synchronous Interaction. 4. What is an IP routing table?

a. A list of IP addresses and corresponding MAC addresses. b. A list of station and network addresses with corresponding gateway IP

address. c. A list of host names and corresponding IP addresses. d. A list of current network interfaces on which IP routing is enabled.



5. Which of the following IEEE standards defines the token ring media access method?

a. 802.3 b. 802.11 c. 802.5 d. 802.2 6. Which device is used to connect two networks at the highest level of the ISO/OSI framework?

a. Bridge b. Brouter c. Router

d. Gateway



7. Which OSI/ISO layer defines how to address the physical devices on the network?

a. Session layer b. Presentation layer c. Application layer d. Transport layer 8. Which of the following networking devices allows the interconnection of two or more homogeneous LANs in a simple way?

a. Gateways b. Routers c. Bridges

d. Firewalls



9. Network cabling comes in three flavors, they are:

a. twisted pair, coaxial, and fiber optic. b. tagged pair, coaxial, and fiber optic. c. trusted pair, coaxial, and fiber optic. d. twisted pair, control, and fiber optic. 10. How many bits compose an IPv6 address?

a. 32 bits b. 64 bits c. 96 bits

d. 128 bits



11. Which of the following type of packets can be denied with a stateful packet filter?

a. ICMP b. TCP c. UDP d. IP 12. Which of the following is a device that is used to amplify the received

signals?

a. Bridge b. Router c. Repeater

d. Brouter



13. Which of the following statements pertaining to packet switching is incorrect?

a. Most data sent today uses digital signals over network employing packet switching.

b. Messages are divided into packets. c. All packets from a message travel through the same route. d. Each network node or point examines each packet for routing. 14. What is a limitation of TCP Wrappers?

a. It cannot control access to running UDP servers. b. It stops packets before they reach the application layer, thus confusing some

proxy servers. c. The hosts.* access control system requires a complicated directory tree.

d. They are too expensive.



15. Which of the following characteristics does not apply to RIP? a. Distance vector routing b. Maximum of 15 hops c. Exterior Gateway Protocol d. Not the most efficient routing protocol 16. Cable length is the most common failure issue with

a. twisted pair cabling. b. Coaxial cabling. c. Fiber Optic cabling.

d. inter joined pair cabling.



17. Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model?

a. User datagram protocol (UDP) b. Internet protocol (IP) c. Address resolution protocol (ARP) d. Internet control message protocol (ICMP) 18. Which of the following, used to extend a network, has a storage capacity to store frames and act as a store-and-forward device?

a. Bridge b. Router c. Repeater

d. Gateway



19. Coaxial cable is called "coaxial" because

a. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis.

b. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis

c. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channel, both running along the same axis.

d. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis



20. Wide Area Network that was originally funded by the Department of Defense,

which uses TCP/IP for data interchange is

a. the Internet. b. the Intranet. c. the extranet. d. the Ethernet.


september 18, 2002raisf & rit cissp prep domain 2 - 20021 cissp review course domain 2:...

Documents

network security domain

raisf rit cissp prep

network communications

data communications

domain objective

domain summary

cissp review course

data flow