CISSP

About This Presentation

Title:

CISSP

Description:

CISSP Chapter 7 Telecommunications and Network Security Chapter 7 This chapter is HUGE and honestly you are not going to understand all of it unless you ve done ... – PowerPoint PPT presentation

Number of Views:434

Avg rating:3.0/5.0

Slides: 164

Provided by: bri9162

Category:

more less

Transcript and Presenter's Notes

Title: CISSP

1
CISSP Chapter 7

Telecommunications and Network Security

2
Chapter 7

This chapter is HUGE and honestly you are not
going to understand all of it unless youve done
a lot of network or network security in your
life. Dont get too stressed, try to follow along
I will try to point out the most important things
to understand. If you have questions ASK ME,
luckily this is my area of expertise so I should
be able to help you out. Some questions may have
to be directed to after class or in between
breaks if they go to in depth.

3
Chapter 7 OSI/Internet Model 483

There is something called the OSI model that
lays out functional levels/different distinct
services that a network should provide. Its not
actually used in real life but serves as a
reference. The Internet (TCP/IP) model is used
and maps directly to the OSI model, but is
simpler.
The layered model defines that functionality a
certain layer should provide and provides
Services to the layer directly above it that
that layer can use. Each layer generally uses the
resources and functionality of the layer below it.

4
OSI model 484

7 layers
A P S T N D P All People Seem to Need Data
Processing say that 10 times
Application
Presentation
Session
Transport
Network
Data link
Physical

5
OSI model layer 1 physical 494

Layer 1 Physical simply put is concerned with
physically sending electric signals over a
medium. Is concerned with
specific cabling,
voltages and
Timings
This level actually sends data as electrical
signals that other equipment using the same
physical medium understand ex. Ethernet

6
OSI model layer 2 data link 492

Layer 2 Data Link data link goes hand in hand
with physical layer. The data link level actually
defines the format of how data Frames will be
sent over the physical medium, so that two
network cards of the same network type will
actually be able to communicate. These frames are
sent to the physical level to actually be
turned into the electronic signals that are sent
over a specific network. (layer 2 uses the
services of layer 1)
Two network cards on the same LAN communicate at
the data link layer.
Data Link and Physical layers really go together
to define how a specific network type operates,
in fact Layer 1 2 of the OSI model layer 1 of
the TCP/IP model (Network Access)
(more)

7
OSI model layer 2 - 492

Protocols that use the data link layer
ARP
RARP
PPP
SLIP
Any LAN format (Ethernet)

8
OSI model layer 3 network - 491

Layer 3 Network For the Internet this is IP
which defines how packets are sent across
different physical networks/LANs. Layer 2 is
concerned with defining unique hosts on a
network, and routing packets between distinct
networks.
Layer 3 protocols
IP
IPX/SPX
Apple Talk
(more)

9
OSI model layer 3 network - 491

For IP other protocols that work on this layer
are
ICMP IP helpers (like ping)
IGMP Internet Group Message Protocol
RIP routing protocol
OSPF routing protocol
BGP routing protocol
(more)

10
OSI Model Layer 3 - 491

OSI layer 3 Network Internet model layer 2
(Network)
Layer 3 actually uses to services of the data
link layer to move data between two computers on
the same LAN.

11
OSI model Layer 4 Transport - 490

OSI Layer 4 Transport Provides end-to-end
data transport services and establishes a logical
connection between 2 computers systems
Virtual connection between COMPUTERS
Protocols used at layer 4
TCP
UDP
In the Internet Model this is layer 3
(transport/host to host)
Layer 4 user the services of layer 3 to move data
between 2 different networks/hosts

12
OSI Model Layer 5 Session - 489

OSI Layer 5 Session responsible for
establishing a connection between two
APPLICATIONS! (either on the same computer or two
different computers)
Create connection
Transfer data
Release connection
Protocols that work at this layer
NFS
SQL
RPC
Remember Session is setting up a conversation
between two applications rather than comptuers,
however the session layer uses the services of
the layer beneth it (transport) to move data
between 2 computers
OSI lay 5 Internet model layer 3
(transport/host to host)

13
OSI model Layer 6 Presentation - 487

OSI Layer 6 present the data in a format that
all computers can understand
Concerned with encryption, compression and
formatting
Maps to layer 4 of the Internet Model

14
OSI model Layer 7 Application - 487

This defines a protocol (way of sending data)
that two different programs or protocols
understand.
HTTP
SMTP
DNS
This is the layer that most software uses to talk
with other software.
This maps to the Internet model Layer 4
(application)

15
Quick OSI review

What layer is creates a connection between 2
applications?
What layer turns the frames sent to it into the
proper voltages and timings to send across a
wire?
What layer is concerned with finding paths
between different networks?
What layer is concerned with the formatting of
the data?
What layer is concerned with communicating
between two of the? same interface types on
computers on the same LAN?
What layer creates a connection between two
computers?
What layer is concerned with the data/protocol
that the application you are using uses?

16
Some network equipment and what layers they
generally work on

We will talk about these later on.
Hub/repeater physical
Switch data link
Router network
firewall can be one of many levels above
network
Application proxy firewall application

17
TCP/IP model

Network Access OSI layers 1 2, defines LAN
communication, what do I mean by that?
Network OSI layer 3 defines addressing and
routing
Transport/Host to Host OSI layer 4, 5 defines
a communication session between two applications
on one or two hosts
Application OSI layers 6,7 the application
data that is being sent across a network

18
OSI vs. TCP/IP model
19
TCP/IP (497)

TCP/IP is a suite of protocols that define IP
communications.
IP is a network layer protocol, and handles
addressing and routing
We use IP version 4
The main components of an IP address
IP address
Netmask
What is the netmask used for?
Host part, network part, like street address and
zip code.
(more)

20
TCP/IP class networks - 504

Class A
IP ranges 0.0.0.0 127.255.255.255
Implied Netmask 255.255.255.0
Lots of hosts (about 16 million)
Class B
IP ranges 128.0.0.0 to 192.255.255.255
Implied netmask 255.255.0.0
About 65,000 hosts
(more)

21
TCP/IP class networks - 504

Class C
IP ranges 192.0.0.0 to 223.255.255.255
Implied netmask 255.255.255.0
254 hosts
Class D
IP ranges 224.0.0.0 to 239.255.255.255
Reserved for multicast, not normal IP addresses
Class E
IP ranges 240.0.0.0 to 255.255.255.255
Reserved for research

22
TCP/IP Classless networks

Classes are not really used anymore, we now use
CIDR, which is just an IP address and a netmask
or /
Ex. 172.16.1.0/24 172.16.1.0 with a netmask of
255.255.255.0

23
TCP/IP - 504

We currently use IPv4 with has 232 addresses
(about 4 billion IP addresses) however we are
running out. IPv6 has 2128 addresses (4 billion
x 4 billion (NOT 16 billion))
IPv6 also has a simplified format and additional
features such as IPSEC. (talk about IP SEC later)

24
TCP/UDP - 498

TCP/UDP handle the transport and session layers.
They setup a communications channel between two
programs talking over the network
Programs talk via ports which are numbers that
generally define what program/services you want
to talk to (talk about this in a couple slides)
More on TCP/UDP in the next slides

25
TCP - 502

Reliable connection-oriented protocol
Has a true connection
Starts with a 3-way handshake, (SYN, SYN-ACK,
ACK) talk about this

26
TCP - 499

Keeps state, and will guarantee delivery of data
to other side (or inform the application of the
inability to send) does this with sequence and
acknowledgement numbers, these numbers also
provide ordering to packets
Has some security due to the state of the
connection
Nice to program with, but slower/more overhead
because of the work done to guarantee delivery.

27
UDP - 499

Like a postcard, each packet is separate
No guarantee on delivery
Best effort
Fast, little overhead
No sequence numbers (ordering)
No acknowledgements
No connection
Security issues due to lack of a connection

28
Ports - 501

Both TCP and UDP use ports as the end points of
conversations. Ports for services that are
defined and static are called well known ports
some well know ports are
telnet TCP/23
Email (SMTP) TCP/25
Email (POP) TCP/110
Email (IMAP) TCP/143
Web (HTTP) TCP/80
Web (HTTPS) TCP/443
DNS TCP UDP 53
FTP TCP/21 20

29
Random Networking Terms - 507

Latency
Bandwidth
Synchronous synchronized via a time source
Asynchronous not timed
Baseband use the entire medium for
communication
Broadband slide the medium into multiple
channels for multiple simultaneous communications

30
Random Networking Terms

Unicast (524)
Multicast (524)
Broadcast (524)

31
Network Topologies (509)

Ring
Bus
Star
Mesh
Talk about each of these
Perhaps memorize chart at bottom of 511

32
Ethernet - 513

Most common form of LAN networking, has the
following characteristics
Shares media (only one person talks at a time (at
least without a switch)
Broadcast and collision domains
CSMA/CD
Supports full duplex with a switch
Defined by IEEE 802.3

33
Ethernet media types - 514

10Base2
Thin net, coaxial cable (like TV cable, but
different electrically)
Max length about 200 meters
10 Mbs second
Requires a BNC connector
BUS/Shared medium (security problems?)
obsolete
(more)

34
Ethernet Media Types - 514

10base5
Thick net, thicker coax
Max length about 500 meters
10Mbs
Uses vampire taps
More resistant to electrical interference
BUS/shared medium
Used to be used as backbone
Obsolete
(more)

35
Ethernet Media Types - 514

10BaseT
Length about 100 Meters
10Mbs second
Twisted pair (like phone wire) (CAT 3)
Use RJ-45 connector
Use in star topology
Susceptible to interference
Mostly obsolete
(more)

36
Ethernet Media Types - 514

100BaseTX
Length about 100 Meters
100Mbs
Twisted pair (like phone wire) (CAT 5, 6)
Use RJ-45 connector
Use in star topology
Susceptible to interference
(more)

37
Ethernet Media Types - 514

1000BaseT
Length about 100 Meters
1000Mbs
Twisted pair (like phone wire) (CAT 5e,6)
Use RJ-45 connector
Use in star topology
Susceptible to interference

38
Token Ring (516)

Briefly describe token ring
Ring topology, though using a HUB
HUB Multistation access Unit (MUA)
Token passing for control of network
Beaconing for failure detection
Pretty much not used except legacy networks

39
FDDI - 517

Similar to token ring but uses fiber.
High Speed
Used to be used as backbone networks
2 rings to create a wrap if one goes down

40
Cabling - 519

Coaxial copper core surrounded by a shielding
layer and a grounding wire.
More resistant to EMI than UTP
Note used much anymore
Can be baseband (one channel Ethernet) or
broadband (multiple channels, cable TV)

41
Twisted Pair - 520

Like phone wire, but more wires.
RJ-45 connector
Two main types UTP, and STP
STP is shielded and better if you have EMI issues
UTP is unshielded and susceptible to EMI and
crosstalk
UTP also gives off signals which could be picked
up if you have sufficient technology. (tempest
stuff)
least secure vs. coax and fiber
Chart on 521 (for your own study)

42
Fiber - 522

Glass tubes
High speed, long haul
NOT effected by EMI, doesnt lose signal either
(attenuation)
Does NOT radiate energy, better security
Expensive
Difficult to work with
Used in backbones

43
Media Access Technologies (526)

Token Passing
CSMA/CD waits for clear, then starts talking,
detect collisions
CSMA/CA signals intent to talk
Collision Domain where collisions can occur.
(i.e. two people try to talk at the same time)
(how do we make the collision domain smaller?)
What is a security impact of collision domains?
sniffing, DoS

44
LAN Protocols - 529

ARP Network Adapters have 2 addresses, and IP
address, and a MAC address. (what is each used
for? How do they relate? which layer does each
exist on?)
ARP is the glue for relating the IP and the MAC
addresses
Attacks
ARP table poisoning what is this how does it
happen, what would it do?

45
DHCP - 530

DHCP what is it what is it used for?
Precursors
RARP what did it do?
BOOTP what did it do?

46
ICMP - 531

ICMP IP helper
Echo request/reply
Destination unreachable
Source quench
Redirect
Trace route
Security problems? Anyone?
LOKI sending data in ICMP messages. (stealthy!)

47
Basic Networking Devices (536)

There are different types of networking devices
that exist we will look at
Repeaters
Hubs
Bridges
Switches
Routers

48
Repeaters - 536

Layer 1 device
No intelligence
Simply repeats and electrical signal from an
input to an output.
Used to increase range (ex. Put a repeater 200
meters down a 10Base2 run to double the length)

49
Hub

Multiport repeater
The initial way to connect computer together in a
STAR configuration, using twisted pair wiring
Layer 1 device
No intelligence
Just repeats a signal down ALL the wires

50
Bridge (537)

Layer 2 device, splits a LAN into 2 segments.
A bridge builds a table of the layer 2 (MAC)
addresses on each side of the bridge and only
forwards communication if communication is
between MAC addresses on each side of the bridge
Reduces collision domain by ½
Does not affect broadcast domain (doesnt affect
broadcast storms)
Recreates the signal
Can combine two network types into one LAN (i.e.
translate between LAN types)
Uses Spanning Tree algorithm to detect loops.

51
Switch - 541

Multi-port bridge (all the bridge attributes hold
true)
Modern form of connecting computer together on a
LAN
Allows full duplex communication (what do I mean
by this?)
Each link is a separate collision domain
Does not alter broadcast domains
Can be used to create VLANS (talk about in a few
slides)

52
VLANs - 544

Virtual Lan
What is it
Why would it be used?
Do you still have to route between VLANS?
Two different VLAN protocols
802.1Q, or Cisco ISL for trunking between
switches
see picture on next slide

53
VLAN - 544
54
Routers - 539

Work on layer 3 Network layer
Uses IP addresses to best route between networks,
is NOT used to create a LAN. You must use hubs or
switches to create a LAN, routers go between
LANS/networks to allows communications between
different LANS/networks.
Routers do NOT care about layer 2 (MAC addresses)
When would you use a router, when would you use a
switch?
Routers can perform firewall functionality.
Does not forward on broadcasts!

55
Routers vs. Switches - 540

You should understand the different between a
router and a switch. Also memorize the table at
the bottom of 540.
Now we need to talk about some routing protocols

56
Routing Protocols (532)

Routing is the dynamic updating and sharing of
routes to networks with other routers in your
company and thought the internet. You can setup
routes either
Statically
Dynamically
(discuss pros/cons of each, not too in-depth)

57
Routing Protocols (532)

Some Dynamic routing protocols use the concept of
an AS Autonomous System, which groups a bunch
of networks together for an organization, and
only advertise the networks that can be reached
in the AS, not the details of the individual
networks inside. These are generally called
Exterior Routing Protocols and are used to
connect different organizations together
Other routing protocols try to advertise and
track each individual network separately. These
are generally called Interior Routing Protocols
and are for use within an organization
A company can run IGP and EGPs at the same time,
how?

58
Dynamic Routing Protocols (533)

Distance vector
Builds a TABLE of all routes and a distance to
get to them along with the next hop router
Susceptible to route-flapping
Long convergence times
Examples
RIP
IGRP

59
Dynamic routing protocols (533)

Link State
Actually builds a graph/map of all networks and
the ways to reach them. So the router can see
the entire topography
Has quick convergence times
Can take link speeds and other factors into
consideration
Slow to build initially
Requires a lot of resources
Examples
OSPF

60
Specific Routing Protocols (534)

RIP
DV algorithm used only in small networks, sends
entire route table every 30 seconds.
Max number of hops to a networks 16
Slow convergence
Only cares about hops, not network speed or
reliability etc.
Original RIP could only use Classful routing,
v2 allows classless (CIDR) routing

61
Specific Routing Protocols (534)

IGRP DV protocol designed to solve problems
with RIP.
Examines bandwidth and delay
Converges faster than RIP
No max hop limit
New version is EIGRP (enhanced IGRP)

62
OSPF (534)

Open Shortest Path First Link State protocol
developed as a replacement for RIP.
Supports Autonomous systems
Builds a graph rather than a table
Fast convergence
Slow to start
Requires high resources to build and maintain
map.
Only sends link changes to other routers.

63
BGP (535)

BGP is an exterior routing protocol
Uses AS
Used by ISPs and large companies as their
Internet Routing protocol. (to connect to the
internet)

64
Advanced Networking Devices

These are devices that are beyond the basic
fundamental networking devices, they generally
provide some specific advanced functionality.
Let the slides begin!

65
Gateway - 545

Generic Term for something that connects two
separate things together (can be any level).
Default gateway router to get you off your
network
Application gateways work at the application
level and help translate between two different
applications. (Ex. Windows and Unix file sharing)
Email Gateway translate between different email
types. (Exchange and SMTP)

66
PBX 547

Private Branch Exchange phone system
Old systems analog
New systems digital and VoIP
Crackers that hack phone systems used to be call
phreakers
Free calls (long distance)
Masquerade as other people/hide calls
Often this goes un-noticed as companies often do
not audit their phone bills closely

67
Firewalls - 548

Enforce network policy.
Generally firewalls are put on the perimeter of a
network and allow or deny traffic based on
company or network policy.
MUST have IP forwarding turned off
Firewalls are often used to create a DMZ.
Generally are dual/multi homed (What do I mean
by this?)
5 types of firewalls (more in depth about each
next slides)
Packet filtering
Statefull
Proxy
Dynamic packet filtering
Kernel Proxy

68
Packet filter

Uses Access control lists (ACLs), which are rules
that a firewall applies to each packet it
receives.
Not statefull, just looks at the network and
transport layer packets (IP addresses, ports, and
flags)
Do not look into the application, cannot block
viri etc.
Generally do not support anything advanced or
custom

69
Statefull firewall

Like packet filtering, however the router keeps
track of a connection. It knows which
conversations are active, who is involved etc.
It allows return traffic to come back where a
packet filter would have to have a specific rule
to define returned traffic
Keeps a state table which lists the state of the
conversations.
More complex, and can launch DoS against by
trying to fill up all the entries in the state
tables/use up memory.
If rebooted can disrupt conversation that had
been occurring.

70
Dynamic packet filtering

Like a statefull firewall but more advanced. Can
actually rewrite rules dynamically.
Some protocols such as FTP have complex
communications that require multiple ports and
protocols for a specific application, packet and
statefull filter cannot handle these easily,
however dynamic packet filter can as they can
create rules on the fly as needed.

71
Proxy firewall 552

Works as a middleman
Works only with the applications it understands.
Inspects the data that is being past to look for
dangerous data (like viri) or incorrect usage of
a protocol.
Also rewrites the address so the external hosts
only see the proxy. (stops direct access between
two computers, hides the internal network
structure) why is this good?
(more)

72
Proxy firewall - 552

looks at data at all levels, (though usually
concentrates on applications layer)
can provide very specific security tailored to
specific protocols and vulnerabilities
hides internal network
Slow
Can be a bottleneck
Breaks the traditional client/server application
model which can cause issues on some
applications. Can make troubleshooting harder
(more)

73
Proxy firewalls - 552

Two types of proxies
Circuit level
Application
Talk about each of these on next slides

74
Application level proxies - 552

Proxies only specific applications (ex. HTTP,
SMTP)
these can strongly protect and be aware of
specific vulnerabilities and protocol violations,
or dangerous data
can have logging or authentication features
Only work with the protocols that they
specifically understand

75
Circuit Level proxies - 554

Works at a lower level (transport/session level)
to generically be a middle man between two
computer.
generally works with all network protocols, as
it doesnt understand the actual applications
involved
Cannot protect against, violations in the
protocol or bad data being passed around, main
purpose is to hide internal network and stop
direct communications between external machines
and internal machines.
Example SOCKS, NAT, PNAT

76
NAT (577)

Network address translation
a type of generic network proxy
Hides internal networks by rewriting internal
addresses
Allows you to use private network addresses and
still have internet connectivity
Protects internal machines from being accessed.
Requires a pool of IP addresses to use. (mapping
is 1-to-1)
(example next page)

77
NAT (577)
78
NAT (577)

Example 10.0.0.1 want to talk to 175.56.28.03
SRC 10.0.0.1
Dest 175.56.28.03
Router at 215.37.32.203 intercepts request and
changes SRC to be 175.56.28.03
SRC 215.37.32.203
DEST 175.56.28.03
Destination send response
SRC175.56.28.03
DEST 215.37.32.203
Router accepts packet rewrites
SRC 175.56.28.03
DEST 10.0.0.1
Send packet to original requestor (10.0.0.1)

79
NAT (577)

See handout for normal IP traffic and NAT traffic

80
PNAT (577)

Similar to NAT but only requires a single IP
address, rather than map IPs one to one, we
actually remap port numbers.
Much more commonly used that NAT, a bit more
secure, as only established connections can
respond back to the sender, whereas in normal NAT
once a machine is using a temporary IP, the
outside world can establish connections back to
the originating computer.
Example next 2 slides

81
PNAT (577)
82
PNAT (577)

Client computer creates packet
SRC 10.0.0.1TCP10000
DEST 130.85.1.3TCP80
Router rewrites the SRC portion to be
SRC 208.254.31.11026
Makes an entry in the PNAT table
End server accepts packet
End server creates return packet
SRC 130.85.1.3TCP80
DEST 208.254.31.11026
Router receives packet, rewrites destination to
be
DEST 10.0.0.1TCP10000
6. Client receives the return packet

83
Basic Firewall best practices (563)

Block ICMP redirects
Keep ACLS simple
Implicit deny what is this?
Disallow source routed packets explain
Only keep open necessary ports/services
Block directed IP broadcasts
Block packets where the addresses seem spoofed
(how can you tell?)
Enable logging
Drop fragments, or re-assemble fragments Anyone
know why?

84
Firewall issues

Potential bottleneck
Can restrict valid access
Often mis-configured (not the firewalls fault)
Except for certain types (application proxies)
generally dont filter out malevolent data (viri
etc)
Dont protect against inside attacks!

85
Firewall architecture - 560

Now that we understand firewalls, how do we lay
them out

86
DMZ
87
DMZ - 560

A zone between the Internet and your companies
internal network where you put your Internet
accessible servers. A DMZ usually has
A of firewall between it and the Internet that
blocks access except to Internet accessible
services.
A firewall between it and the internal company
network, usually a much more locked down
firewall that doesnt allow any access into the
company

88
Bastion Host (560)

Bastion Host a server that is highly locked
down (hardened). Usually put in a DMZ. These
machines can be directly accessed by the internet
(though usually though one layer of firewall) so
they are hardened (what do I mean by that?)

89
Dual Homed Firewall

Pretty much any firewall, dual homed means there
are two network interfaces, one on the Internet
one on the Internal network
Multi-homed just means 2 or more interfaces.
Multi-homed firewalls may be used to setup a DMZ
with a single firewall. (see next slide)
On any dual/multi-homed machine, IP forwarding
should be disabled.

90
Multi-homed firewall
91
Screened Subnet - 561

A type of DMZ, where there is a middle network
where internet services reside before the
Internal network (see next slide). In a screen
subnet, there is usually a router performing
packet filtering before the first firewall

92
Screen Subnet
93
Multiple interface firewalls - 560

You may have a firewall that protects internal
networks from each other!

94
End of firewalls
95
Other Technological security concepts (566)

Honey pot a machine left open for attackers to
try to hack.. Why?
Honey net same concept, but an entire network,
again why?
What is the difference between entrapment and
enticement?

96
NOS (568)

NOS is just a term you should understand, a
Network Operating System. All modern OSes are
NOS. This just means they manage more than just
the local computer, they usually provide or use
network services in a client server architecture.
Some features a NOS provides are on the following
slide

97
NOS (568)

NOS features
Directory services
Remote access
Clustering (sometimes)
Authentication, authorization, Access Control,
Auditing
File and printer sharing
User management
redirector services what is this?

98
DNS - 569

Network software uses IP addresses, however these
are difficult for users to remember (especially
in IPv6). So DNS is used to help map names that
we use such as www.paladingrp.com to addresses
that computers use like 63.251.179.13
(more)

99
DNS - 569

DNS uses a hierarchical model. Starting with the
. then the top level domains com, edu, org
etc. Sub domains are broken out into zones, and
organizations can be assigned authority for their
own zones and run their own DNS servers to
provide DNS lookups for their own zone.
A name server that is authoritative for a zone
is called an authoritative name server for
example. Paladingrp.com runs is authoritative for
its own DNS and has its own group of name
servers that provide DNS resolution to the rest
of the Internet for names ending in
paladingrp.com
Name server can be primary or secondary and
perform Zone transfers to each other
See next slide for example DNS hierarchy

100
DNS (also example on 571)
101
DNS

Common top level domains are
.COM
.EDU
.MIL
.GOV
.ORG
.NET
You should be aware of these above

102
DNS cache poisoning - 572

Besides authoritative name servers organizations
also have Caching name servers that simply do
DNS resolution on behalf of clients.
One common attack is DNS cache poisoning
describe how that works and the purpose of it.

103
DNS SEC

DNS sec tries to ensure integrity of DNS queries
by signing them. This will defeat cache
poisoning.
authoritative DNS servers should NOT also provide
the caching service.

104
NIS - 573

Network information System (NIS) originally
called YP Yellow Pages. Provides shared network
information (ex user accounts, hosts entries) for
many computers in a domain (NOT DNS domain or
Windows domain) using RPC
ypserv
ypbind
Files are sent clear text! Bad. Why?

105
NIS (574)

Improved upon NIS performance (hierarchal rather
than flat namespace)
Incremental updates
Improved upon NIS security concerns. (secure
RPC), provides authentication, authorization and
encryption)

106
Intranet, Extranet - 579

Intranet internal IP network, though often used
to define a set of resources made available
through a web interface for INTERNAL use
Extranet a set of network resources (usually
web based) for two companies to collaborate or
share resources, may or may not make use of VPNs

107
LAN, WAN, MAN - 581

LAN local area network
High speed
Small physical area
WAN wide area network
Used to connect LANS
Generally slow, using serial links
MAN metropolitan area network
Connect sites together within a medium range area
(like a city)

108
Types of links for WANs and MANS

Dedicated/leased/point to point a link that is
pre-established and used ONLY for communications
between 2 locations, it is DEDICATED (see next
slide) to their use
Expensive, cost per distance
Types
T1 - about 1.5Mbs
T3 - about 45 Mbs
Fractional T some fraction of a T1/T3
T1s are time division multiplexed (what does this
mean?)
T1s are annoying, because the local loop
portion often fails
T1/T3 can also be used in shared/frame relay

109
Dedicated
110
Frame Relay - 592

Data link protocol
Not a point to point connection, but a connection
into a cloud (see next slide)
CIR
Uses virtual circuits (PVC)
Uses DLCIs
Still uses T1/T3 but rather than going all the
way, they just go to the nearest carriers frame
relay cloud POP.

111
Frame relay / cloud
112
WAN terms
113
Multiplexing

Time Division
Frequency Division
Wavelength Division
CDMA speak multiple languages/mathematic
multiplexing

114
CSU/DSU - 589

Channel Service Unit / Data service Unit
effectively the modem for serial lines.

115
Circuit vs. Packet Switching - 590

Packet-based networking vs. circuit based
Packets are small, quick to send
Routes vary
Route determined after computer begins to send
the packet
Can arrive from different routes in different
order than sent.
Can introduce delays as packets traverse network,
where as with circuit switching the delays is
before data is sent (circuit/setup)
Circuit switching connection oriented/dedicated
resources and circuit
Circuit switching has fixed delays.

116
ATM - 594

A type of packet based switching used to emulate
circuit switching
Used by telcos
53 byte packets
Sets up a virtual circuit
Guarantees resources once a circuit is setup
Guarantees QoS

117
QoS - 595

What is Qos, why is it needed?

118
VoIP - 598

What is VoIP
What are some concerns with VoIP
Technical
Latency, Jitter, dropped packets QoS
Security
Eavesdropping
Caller id Spoofing and vishing
Long Distance calls
What is SIP?
What is a call processor?
Sets up calls, terminates calls.
(more)

119
VoIP

What is a voicemail server?
What is convergence
VoIP and VLANS/Priority?
What is an h.323 gateway?

120
Remote Access
121
Remote Access - 603

Home users/remote users need a way to access work
(though some high security places dont allow
offsite work)
Dial Up
ISDN
DSL
Cable Modems

122
Dial up - 603

Advantages
Reduce networking costs (use internet) as opposed
to dedicated connections
Allows work from home
Streamlines access to information
Provides a competitive advantage
(more)

123
Dial Up - 603

Disadvantages
Back door into networks (bypass firewall)
Often forgotten about
Slow
Attacks
War dialing
Defenses
Dial Back /
Caller ID restrictions
Use authentication
Answer after 4 or more rings (why/war dialing)

124
ISDN - 604

Uses same lines as phone lines, directly dial
into company
BRI
2 B Channels (64Kbits x 2)
1 D Channel (control channel) Out of Band
PRI
23 B Channels
1 D Channel
Not for personal use

125
DSL - 606

MUCH faster than IDSN (6-30 times faster)
Must live very close to the DSL equipment (a few
miles)
Symmetric and Asymmetric
Always on (security concerns)
Doesnt connect directly to company / use VPN

126
Cable Modem - 606

High speed access up to 50Mbps via cable TV
lines.
Shared bandwidth
Always on (security concerns)
Doesnt connect directly to company, require VPN

127
VPNs - 608

Securely connect to companies network/extend
company network
Private, usually encrypted connection
Usually use tunneling
Can be host to server or server to server
Can provide internal IP addresses
Can encrypt actual IP addresses
Protocols
PPTP
L2TP
IP Sec
(more)

128
Tunnels - 609

Tunnel a virtual path across a network the
encapsulates network packets within OTHER IP
packets
Can use to tunnel non-IP protocols (like IPX,
NetBEUI)
Can encrypt encapsulated packets for extra
security.

129
PPTP - 612

Microsoft
User gets connection to ISP
Setups PPTP connection to server at company
Setup a tunnel
Generally encrypt traffic
Only works over IP networks
Designed for use in software

130
L2TP - 613

Same general functionality of PPTP but works over
other type of networks (non-IP) (ex. Frame relay,
X.25, ATM)
Does not provide encryption or authentication!
Ouch, need to use IPSEC if wanting to do this
Supports TACACS, RADIUS, PPTP does not
Meant to be implemented in hardware
More of a carrier concept.

131
IPSEC (749 (chapter 8))

IPSEC a protocol providing a method for VPNs
between to sites
Designed for IPv6
Extended for use for IPv4
Not a strict protocol, allows for extensibility
with encryption and authentication algorithms
A Framework
2 main protocols AH and ESP (next slide)
2 modes Tunnel and Transport (2 slides away)

132
IPSEC

AH - authentication header
Protocol number 51
Authentication only
ESP Encapsulating security payload
Protocol number 50
Encryption

133
Transport and Tunneling

Transport does not actually tunnel IP within IP.
It only encapsulates the transport layer and
above
Tunnel actually encapsulates IP within IP an
entirely new IP packet is encapsulated within an
external IP packet
See next slide

134
Transport vs. Tunnel
135
Example of transport
136
Example of Tunneling
137
IPSEC

Each device in IPSec will have at least 1
security association for each VPN connection it
uses. A SA is a set of parameters used for
communication and includes
Authentication and encryiption keys
Algorithms choosen
IP ranges
SAs are unidirectional, so usually you have at
least 2 for each tunnel that exists (one for
sending, one for receiving)
An SPI (security parameter Index) is used to
label which SA that any packet is associated with
Use IKE/ISAKMP on port 500 UDP for key
negotiations/SA setup

138
Authentication Protocols - 614

PAP
CHAP
EAP framework not actual protocol

139
Remote Access Best Practices

Always authenticate users
Use multi-factor authentication
Audit access
Answer modems after 4 rings (modems)
Use caller id (modems)
Use callback (modems)
use VPNs

140
Wireless
141
Wireless (619)

Wireless, very common now.
No wires
Easy to use
Shared Medium (like Ethernet with Hubs whats
wrong with this? From security and performance?)
Uses CSMA/CA

142
Spread Spectrum - 619

Spreads communication across different
frequencies available for the wireless device.
Frequency Hopping Spread Spectrum
Hop between frequencies (helps if other devices
use same frequencies) (doesnt use the entire
bandwidth of frequencies)
Harder for eavesdroppers (if everybody didn't
know the sequence.. Which they actually do)
Direct Sequence Spread Spectrum
Sends data across entire bandwidth, using
chipping code along with data to appear as
noise to other devices.

143
Wireless Components - 621

Access points are like wireless hubs, they
create a infrastructure WLAN
If you use just wireless cards of computers to
communicate together that is called an Ad-Hoc
network.
Wireless devices must use the same channel
Devices are configured to use a specific SSID
(often broadcasted)

144
802.11 standard

Wireless networking
2.4, 3.6, 5 GHz
Data Link layer specifications
Access point (a type of bridge)

145
802.11 family

802.11a
54Mbps
5Ghz
8 channels
802.11b
11Mbs
2.4Ghz (same as other home devices)
802.11g
54Mbs
2.4Ghz
802.11n
100Mbs
2.4G or 5Ghz

146
Wireless security problems

Unauthorized access
sniffing
War driving
Unauthorized access points (Man in the middle)

147
Wireless Authentication types - 623

Open System Authentication
Doesnt actually require authentication
can be sniffed
Shared Key Authentication
Requires each device use the same key, and before
access is granted a challenge occurs

148
Transmission encryption - 626

There are many different types of wireless
encryption protocols
WEP
Shared passwords (why is this bad?)
64 or 128 bit
Easily crack able
Only option for 802.11b
WPA Personal
Shared password
128 bit key
TKIP (what is TKIP?)
Implements a portion of 802.11i standard (later)

149
Transmission Encryption

WPA2
more compliance with 802.11i standard
AES based algorithm
Also uses TKIP
Should use WPA2 as WPA can be cracked like WEP
WPA Enterprise
Uses 802.1X authentication to have individual
passwords for individual users
RADIUS what was radius again?
802.11i the official IEEE wireless security
spec, officially supports WPA2

150
802.1X - 627

Authenticated port based access control.
Provides distinct user authentication
Has supplicant (client), Authenticator (AP) and
Authentication Service (usually radius)

151
Bluetooth (634)

What is Bluetooth, what is the purpose?
Blue jacking
Blue snarfing
Blue bugging
(next slides)

152
Mobile device security

Blue jacking
Sending forged message to nearby Bluetooth
devices
Need to be close
Victim phone must be in discoverable mode
Blue snarfing
Copies information off of remote devices
Blue bugging
More serious
Allows full use of phone
Allows one to make calls
Can eavesdrop on calls

153
WAP (636)

Wireless Application Protocol
What is it
What is the purpose?
WML (wireless markup language)
WTLS ( wireless transport layer security)
Requires a gateway
Between WTLS and HTTPS there is an encryption
gap.
Authentication
Class 1 none
Class 2 server authenticates to wireless
Class 3 mutual authentication

154
Some attacks against software and systems
155
Root Kit

What is a root kit?

156
MAC flooding

What is it, what is the purpose?

157
Smurf

Describe Smurf
Forge source address
Ping broadcast address
Countermeasures
Disable directed broadcasts at perimeter routers
Configure routers to drop forged packets
Employ and IDS

158
Fraggle (like Fraggle rock)

Like Smurf, but uses UDP (echo and chargen)
Countermeasures
Disable directed broadcasts on perimeter
Disable address forging
Disable echo and chargen services
Block echo and chargen ports on router
Use an IDS

159
SYN flood

Describe 3 way handshake (not too in-depth)
Describe listen queue
Describe SYN flood
What does it accomplish
Countermeasures
Decrease connection-establish timeout
Increase listen queue size
Patch
Use and IDS
Use a Firewall

160
Tear Drop

Overlapping fragments, cause OS to get confused
and crash.
Countermeasures
Patch the OS
Drop fragments (problems?)
Use a firewall that does fragment re-assembly.

161
DDoS

What is it, why is it hard to defend against
What previously discussed thing is used in DDoS
attacks?
Countermeasures
Good luck.

162
Buffer Overflows

What are they? What are the attributes of a
buffer overflow?

163
From Chapter 5

Maintenance Hooks
Time of Check/ Time of Use Attacks

Write a Comment

User Comments (0)

About PowerShow.com

CISSP - PowerPoint PPT Presentation

CISSP

CISSP Chapter 7 Telecommunications and Network Security Chapter 7 This chapter is HUGE and honestly you are not going to understand all of it unless you ve done ... – PowerPoint PPT presentation