To Download the FREE PDF of MindMaps
Your information will remain 100% private. Unsubscribe with 1 click.
Hey, I’m Rob Witcher, and I’m here to help YOU pass the CISSP exam. We are going to go through a review of the major topics related to the networking in Domain 4, to understand how they interrelate, and to guide your studies.
This is the second of four videos for domain 4. I have included links to the other MindMap videos in the description below.
And we’ll start with Wide Area Networks – networks that are spread over a large geographical area, an entire country, continent or world. There are a few protocols that have been created over the years to enable wide area networks that you should know about:
X.25 was one of the first protocol suites for packet-switched networks across a WAN. X.25 was first published back in 1976, meaning it came out before IPv4 and the OSI Model.
Frame Relay mostly replaced X.25
ATM - Asynchronous Transfer Mode – then mostly replaced Frame Relay
And MPLS - Multiprotocol Label Switching – which can encapsulate various protocols including Frame Relay & ATM, has become the dominant wide area network protocol today.
Now on to wireless. We are relentlessly marching towards our wireless future.
Can you even remember the last time you used a phone that was plugged into your wall and used landline to call someone?
Remember when our computers used to have this plethora of ports on them? Look at all the stuff you could plug in!
Now you get this. And you should count yourself as lucky there is still a headphone jack there.
Nowadays, It’s either go wireless with everything…
Or welcome to dongle hell.
One of the biggest challenges with wireless is that signals are much more easily intercepted.
Instead of having to physically break into a building to connect to the corporate network you can now just sit in the parking lot in your van and hack the planet.
Encrypting wireless traffic is, therefore, extremely important.
So, let’s talk about some of the various wireless technologies that we use every day and the security challenges associated with them.
We’ll start with Wi-Fi – a technology which we pervasively use to create local area networks without any wires. Well, you still need to plug your Wi-Fi access point into a physical network, but let’s not get pedantic here.
IEEE - the Institute of Electrical and Electronics Engineers – 802.11 is the protocol we use for wireless local area networks. There have been many generations of 802.11 ratified over the last 20+ years.
802.11a, b, g, n, ac
You should recognize the following 802.11 standards: 802.11a, 802.11b, g, n, ac & ax. These different versions of 802.11 represent the evolution of the standard towards ever greater bandwidth and capabilities.
As I mentioned it is critically important to encrypt wireless traffic as it is so much easier to eavesdrop on a wireless network.
One of the first wireless encryption protocols created was WEP – Wired Equivalent Privacy. WEP absolutely does not live up to its name. Very significant flaws have been found in the WEP algorithm related to how it implements the RC4 encryption algorithm to encrypt wireless traffic. Specifically, the Initialization Vectors used are far too short meaning that WEP encryption can be easily broken. As such WEP should never be used. This was a huge problem when it was first discovered, and a band-aid solution needed to be quickly found to prop-up WEP until new wireless encryption protocols could be created and ratified.
The Band-Aid that was created for WEP was TKIP - Temporal Key Integrity Protocol. TKIP has subsequently been found to also have significant flaws and should therefore not be used.
WPA / WPA2
WPA - Wi-Fi Protected Access – was also meant as an interim protocol to help deal with the WEP fiasco until the next much better protocol, WPA2, could be ratified. WPA used TKIP for encryption by default.
WPA2 uses the AES encryption algorithm be default and AES is much better than TKIP.
Wi-FI is used for creating Local Area Networks with a range of about 100 meters. WiMax - Wireless Inter-operability for Microwave Access – is a protocol for creating wireless Metropolitan Area Networks - Wireless networks with ranges of up to 90 kilometers
The IEEE standard behind WiMax is 802.16
GSM / CDMA
Now let’s talk about a couple protocols used for mobile phones. GSM - Global System for Mobiles – and CDMA - Code Division Multiple Access – are wireless radio protocols used by cellular companies to provide 2G & 3G voice and data services.
GSM has a couple of significant security issues that are worth noting: it is vulnerable to man-in-the-middle attacks. An attacker can create a rogue cell tower which phones will connect to allowing the attacker to intercept communications. It is also possible to clone SIM (Subscriber Identity Module) cards by extracting a user’s IMSI (International Mobile Subscriber Identity) allowing an attacker to make calls and receive calls and also receive a user’s SMS messages. This SMS cloning attack can be done over the air.
GSM & CDMA have largely been replaced by 4G / LTE and now of course we are even venturing in to 5G.
Microwaves are not just for unevenly heating your hot pockets
Microwaves are also a good way of cost effectively creating data links between buildings that are a few miles apart.
Internet Protocol (IP) Addresses
Now let’s talk about the major way that we ensure data sent across a network gets to the intended destination. IP - Internet Protocol - addresses. As I mentioned in the previous video, it is useful to think of IP addresses as being similar to a post address for a house. If you want to send someone a letter through the mail, you need their address, and that address needs to be unique to them. IP Addresses serve the same function on a network.
IPv4 vs. IPv6
The pervasively used version of IP currently is v4. It’s worked great for decades, but there are some big limitations.
Next layer up is Layer 3, the network layer and it is responsible for logical addressing, routing and delivery of datagrams
IPv4 Network Classes
The IPv4 addressing system is divided into five classes of IP addresses. You don’t need to be able to calculate subnet masks but you should be able to recognize these 5 classes and the number of addresses in each class.
Class A network provide 2 to the power of 24 addresses: 16 million 777 thousand, and 214 useable addresses
Class B provides 2 to the power of 16 addresses: 65 thousand, 534 useable addresses
And Class C provides 2 to the power of 8 addresses: 254 useable addresses
Private IPv4 Addresses
The final piece you should remember related to IPv4 addresses is that 3 ranges of addresses have been reserved for use in private networks (home networks, corporate networks, etc.).
The 10. range
The 172.16 to 172.31 range
And the 192.168 range
Any of the private IP addresses in the 3 ranges above are NOT routable on the internet.
All sorts of specialty networks have been developed over the years, the plain old telephone system, surveillance camera networks, storage area networks, etc. Many of these specialty networks have required proprietary protocols and specialized dedicated networks. The idea behind convergence is this: rather than having a completely separate network for all our security cameras, why not just plug them into our existing IP data network, or hey, rather than keeping this old dedicated phone network around, let’s just plug the phones in the IP data network. Converged protocols is taking these speciality or proprietary protocols and running the traffic across a standard TCP/IP network – thus eliminating the need for separate networks that can be expensive to maintain.
VoIP – Voice over Internet Protocol is a perfect example of a converged protocol. You’re taking telephone voice data and sending it across TCP/IP local area networks and the internet.
A couple of other converged protocols that you should be aware of are both related to storing and retrieving data across an IP network: iSCSI - Internet Small Computer Systems Interface and FCoE – Fibre Channel over Ethernet.
Something we need to do all the time on networks is authentication, for example authenticating a client to a server. Many authentication protocols have been created over the years, let’s go through a few key ones you should know for the exam:
Password Authentication Protocol – is one of the oldest authentication protocols and its absolutely useless from a security perspective as both the username and password are sent in clear text / in plaintext. I need to find some good stock footage of a dumpster fire for when I talk about protocols like this.
The Challenge Handshake Authentication Protocol – CHAP - sends the authentication data in plaintext but does so in a much cleverer way, and in fact it’s where the Challenge part comes from in the name of this protocol. The server generates a random string, a challenge, and sends it to the client. The client then feeds their password and the challenge into the MD5 hashing algorithm and sends the hash result to the server. The server can then confirm the user knows their password without the user sending their password across the network in plaintext. The hash value that the client generates can be sent in plaintext because as we discussed in domain 3, hashing is a one-way mathematical function and therefore a man-in-the-middle cannot determine the user’s password by intercepting the hash value. Like is said: Clever.
The Extensible Authentication Protocol was originally developed as an authentication protocol for the Point-to-Point Protocol (PPP), but EAP is widely used for authentication on wired LANs, wireless LANs, and even WiMAX. It so widely used because it is extremely flexible and essentially provides a framework upon which all sorts of different authentication methods – EAP methods - can be used. A couple of EAP-Methods you should be familiar with:
- EAP-MD5 uses the MD5 hashing algorithm and is pretty limited. For example, it only allows server authentication
- EAP-TLS on the other hand is way more secure and enables dual authentication of both the server and the client through the use of certificates
And the final authentication protocol we’ll talk about isn’t actually a standalone authentication protocol, it’s just a wrapper for EAP. PEAP – Protected EAP – encapsulates EAP within an encrypted TLS – Transport Layer Security tunnel – thus encrypting any EAP traffic that is being sent across a network.
Let’s now shift gears and talk about some common types of network attacks and generally how network attacks are perpetrated
There are 4 major phases to a network attack that you should be familiar with
The defining characteristic of Reconnaissance is that it is a passive activity, the organization that is being attacked has no way of detecting the attack at this phase because only publicly available information is being gathered from sources like job postings, LinkedIn profiles, and DNS records.
Enumeration is where a network attack can begin to be detected because enumerations is an ACTIVE activity. The attacker is enumerating, systematically scanning through IP address ranges and ports to look for live systems that are offering services. The attacker is scanning for potential targets of attack.
Vulnerability analysis is where the attacker tries to determine the exact version of a system and identify potential vulnerabilities that could be exploited.
And in the final step, exploitation, the attacker will attempt to exploit any vulnerabilities identified.
Now on to some of the common types of network attacks. As I mentioned in the previous domain 4 video, the prevailing network topology is bus, which means an attacker connected to the bus (connected to a wired or wireless network) can usually quite easily passively listen in and eavesdrop on network traffic. This is eavesdropping, passively listening to network traffic.
SYN Flooding is a form of denial-of-service attack in which an attacker sends a succession of SYN packets to a target systems in an attempt to consume enough resources such that the target system is unresponsive to legitimate traffic
IP Spoofing is where an attacker changes the source IP address of a packet to either hide the attacker’s identity or to match another IP address on the network, thus allowing the attacker to pretend (to spoof) to be another system.
DoS / DDoS
Denial of Service is any attack that negatively impacts the availability of the victim system such that authorized users cannot access the victim system for business purposes. And a Distributed Denial of Service attack is simply a DoS attack that originates from multiple attacking systems, possibly thousands, hundreds of thousands, or even millions of attacking systems focusing on making one target unavailable.
Man-in-the-middle attacks are where an attacker places themselves in the middle of computers which are communicating with each other such that the attacker can intercept or even modify the communications between the systems
And finally Address Resolution Protocol Poisoning is where an attacker modifies an Address Resolution Protocol (ARP) table, often their own ARP table, such that the router reads the update and begins re-directing traffic to a new destination. For example, an ARP poisoning attack could cause traffic destined for the victim to actually be sent to the attacker instead – this is a way of establishing a man-in-the-middle attack.
Next up let’s talk about how we can use virtualization to logically segment our networks, and with SDN – achieve some really cool security benefits
VLANs – Virtual Local Area Networks – allows you to logically segment a network. Put another away you can segment a network through software instead of having to physically segment a network by buying and configuring new network hardware. A VLAN can comprise a subset of the ports on a single switch or subsets of ports on multiple switches thus allowing systems to be logically separated / segmented into groups. Network segmentation has a lot of security benefits and VLANs can be a good way of achieving segmentation efficiently and economically.
Software Defined Networks are a massive leap forward in virtualization beyond just simple VLANs. An SDN allows you to create a completely virtualized, software-controlled network, on top of a physical network. SDNs provide far greater flexibility to reconfigure a network rapidly by centralizing all the control of the virtualized network. SDNs are used pervasively in the cloud.
Okay, final section in this MindMap, a very brief overview of some of the most common network tools we use to manage and maintain networks:
Ipconfig displays current TCP/IP network configuration on an endpoint – for example a computer - providing the IP & MAC addresses of any Network Interface Cards in the system plus the gateway, DHCP and DNS IP addresses
Ping is used to determine the reachability of a host on an IP network. Ping is commonly used to see if a system is online and responding
Traceroute is used for displaying the route and transit delays of packets across an IP network. You can see all the routers, gateways, firewalls, etc. that a packet is passing through to get to its destination and how many milliseconds the packet is delayed at each hop
Ping is used to determine the reachability of a host on an IP network. Ping is commonly used to see if a system is online and responding
Whois is used to query databases that store the registered users of an internet resource like a domain name. You can use whois is to find out who is the owner of a domain name.
And dig is used to query DNS – domain name systems – to get all the details on a domain name such as the name servers the domain name uses, the mail server, etc.
And there you have it an overview of networking within Domain 4, covering the most critical concepts to know for the exam.
If you found this video helpful you can hit the thumbs up button and if you want to be notified when we release additional videos in this MindMap series, then please subscribe and hit the bell icon to get notifications.
I will provide links to the other MindMap videos in the description below.
Thanks very much for watching! And all the best in your studies!