CISSP CBK 2 – Telecommunications & Network Security

Open System Interconnect Model

Protocol – Standard set of rules that determine how systems will communicate across networks.

OSI Model             TCP/IP  
Application            Application
Transport             Host-to-host
Network               Internet
Data Link             Network Access

Each layer adds its own information to the data packet.

7. Application layer: Processes and properly formats the data and passes it down to the next layer. Protocols used – SMTP, HTTP, LPD, FTP, WWW, Telnet, TFTP.

6. Presentation layer: Provides a common means of representing data in a structure that can be properly processed by the end system. Formats Graphic into TIFF, GIF or JPEG. Handles data compression and encryption.

5. Session layer: Establishing a connection between the two computers, maintaining it during the transferring of data and controlling the release of this connection. Protocols used – SSL, NFS, SQL, RPC

4. Transport layer: Provides end-to-end data transport services and establishes the logical connection between two communicating computers. Protocols used – TCP, UDP, SPX. Information is passed down from different entities at higher layers to the transport layer, which must assemble the information into a stream.

3. Network layer: Insert information into the packet’s header so that it can be properly routed. Protocols used – IP, ICMP, RIP, OSPF, BGP, IGMP. Protocols that work at this layer do not ensure the delivery of the packets.

2. Data Link layer: The operating system format the data frame to properly transmit over networks (Token Ring, Ethernet, ATM or FDDI). Protocols used – SLIP, PPP, RARP, L2F, L2TP, FDDI, ISDN. Each network technology has defined electronic signalling and bit patterns.

1. Physical layer: Converts bits into voltage for transmission. Standard interfaces – HSSI, X.21, EIA/TIA-232, EIA/TIA-449. The session layer enables communication between two computers to happen in three different

– Simplex: Communication takes place in one direction.

– Half-duplex: Communication takes place in both directions, but only one system can send
information at a time.

– Full-duplex: Communication takes place in both direction and both systems can send
information at the time.

TCP/IP – Transmission control protocol/Internet protocol

IP: The main task is to support internetwork addressing and packet forwarding and routing. Is a connectionless protocol that envelops data passed to it from the transport layer.

TCP: Is a reliable and connection-oriented protocol, that ensures that packets are delivered to the destination computer. If a packet is lost during transmission, TCP has the capability to resend it. Provides reliability and ensures that the packets are delivered. There is more overhead in TCP packet. Data -> Stream-> Segment -> Datagram -> Frame

UDP: Is a best-effort and connectionless oriented protocol. Does not have packet sequencing, flow and congestion control and the destination does not acknowledge every packet it receives. There is less overhead in UDP packet. Data – Message -> Packet -> Datagram -> Frame

TCP Handshake:

1. Host sends a SYN packet

2. Receiver answers with a SYN/ACK packet

3. Host sends an ACK packet

IPv4 – Uses 32 bits for its address

IPv6 – Uses 128 bits for its address

LAN media access technologies

Ethernet: Characteristics: Share media / Uses broadcast and collision domains / Uses carrier sense multiple access with collision detection (CSMA/CD) access method / Supports full-duplex on twisted-pair implementations / Can use coaxial or twisted-pair media / Defined by standard 802.3

10base2 implementation: ThinNet, uses coaxial cable, maxlength 185 meters, provides 10 Mbps.

10base5 implementation: Thicknet, uses coaxial cable, maxlength 500 meters, provides 10 Mbps.

10base-T implementation: Uses twisted-pair wiring, provides 10 Mbps, usually implemented in star topology.

Fast Ethernet implementation: Uses twisted-pair wiring, provides 100 Mbps.

Token ring: Uses a token-passing technology with a star configured topology. Each computer is connected to a central hub, MAU – Multistation Access Unit. Transmits data at 16 Mbps. Active monitor – Removes frames that are continuously circulating on the network. Beaconing – If a computer detects a problem with the network, it sends a beacon frame. It generates a failure domain where computers and devices will attempt to reconfigure certain settings to try and work around the detected fault.

FDDI—Fiber Distributed Data Interface:
Is a high speed token-passing media access topology.
Transmits data at 100 Mbps
Provides fault tolerance by providing a second counterrotating fiber ring.
Enables several tokens to be present on the ring at the same time.


Coaxial Cable: Is more resistant to EMI electromagnetic interference, provides a higher bandwidth and longer cable lengths compared to twisted pair. Can transmit using a baseband method, where the cable carries only one channel. Can transmit using a broadband method, where the cable carries several channels.

Twisted pair: Is cheaper and easier to work with than coaxial cable. STP Shielded twisted pair – Has an outer foil shielding which is added protection from radio frequency interference. UTP Unshielded twisted pair – Different categories of cabling that have different characteristics.

Fiber-optic cabling: Because of the use of glass, it has higher transmission speeds that can travel over longer distances and is not affected by attenuation and EMI when compared to cabling that uses copper. It does not radiate signals like UTP cabling and is very hard to tap into. Is expensive.

Cabling problems: Noise – The receiving end will not receive the data in the form that was originally transmitted. Can be caused by motors, computers, copy machines, florescent lightning and microwave ovens. Attenuation – The loss of signal strength as it travels or caused by cable breaks and cable malfunctions. Crosstalk – When electrical signals of one wire spill over to another wire. UTP is much more vulnerable to this than STP or coaxial. Plenum space – Network cabling that is placed in an area to meet specific fire rating to ensure that it will not produce and release harmful chemicals in case of a fire. Pressurized conduits – Encapsulation of wires so if there is an attempt to access a wire, the pressure of the conduit will change and sound an alarm or send a message to the administrator.

Types of transmission

Analog transmission signals – Modulation of signals, electromagnetic waves.

Digital transmission signals – Represents binary digits as electrical pulses.

Asynchronous communication – Two devices are not synchronized in any way. The sender can send data at anytime and the receiving end must always be ready. Can be a terminal and a terminal server or modem.

Synchronous communication – Takes place between two devices that are synchronized, usually via a clocking mechanism. Transfers data as a stream of bits.

Baseband – Uses the full cable for its transmission

Broadband – Usually divides the cable into channels so that different types of data can be transmitted at a time.

Unicast method – A packet needs to go to one particular system

Multicast method – A packet need to go to a specific group of systems

Broadcast method – A packet goes to all computers on its subnet

Network Topology

Ring Topology: Has a series of devices connected by unindirectional transmission links, that forms a ring. Each node is dependent upon the preceding nodes and if one system failed, all other systems could fail.

Bus Topology: A single cable runs the entire length of the network. Each node decides to accept, process or ignore the packet. The cable where all nodes are attached is a potential single point of failure. Linear bus – Has a single cable with nodes attached to it. Tree topology – Has branches from the single cable and each branch can contain many nodes.

Star Topology: All nodes connect to a central hub or switch. Each node has a dedicated link to the central hub.

Mesh Topology: All systems and resources are connected to each other in a way that does not follow the uniformity of the previous topologies.

LAN Media Access Technologies

MTU – Is a parameter that indicates how much data a frame can carry on a specific network.

Token passing: Is a 24-bit control frame used to control which computers communicate at what intervals. The token grants a computer the right to communicate. Do not cause collisions because only one computer can communicate at a time.

CSMA Carrier sense multiple access: CSMA/CD (collision detection) – Monitor the transmission activity or carrier activity on the wire so that they can determine when would be the best time to transmit data. Computers listen for the absence of a carrier ton on the cable, which indicates that no one else is transmitting date at the same time.

Contention – The nodes have to compete for the same shared medium

Collision – Happens when two or more frames collide.

Back-off algorithm – All stations will execute a random collision timer to force a delay before they attempt to transmit data. CSMA/CA (collision avoidance) – Is an access method where each computer signals its intent to transmit data before it actually does so.

Collision Domains: Is a group of computers that are contending or competing for the same shared communication medium.

Polling: Some systems are configured to be primary stations and others are secondary stations. At predefined intervals, the primary station will ask the secondary station if it has anything to transmit.


ARP – Knows the IP address and broadcasts to find the matching hardware address, the MAC address.

RARP – Knows the hardware address and broadcasts to find the IP address. Masquerading attack – An attacker alter a system’s ARP table so that it contains incorrect information (ARP table poisoning).

DHCP – A computer depends upon a server to assign it the right IP address.

BOOTP -Can receive a diskless computers IP address from a server

ICMP – Delivers messages, reports errors, replies to certain requests, reports routing information and is used to test connectivity and troubleshoot problems on IP networks.

Networking devices

Device                        OSI Layer                                Functionality
Repeater                      Physical                                    Amplifies signals and extends networks.
Bridge                          Data link                                   Forwards packets and filters based on
_                                                                                MAC adresses; forwards broadcast traffic,
_                                                                                but not collision traffic.
Router                         Network                                   Seperates and connnects LANs creating
_                                                                               internetworks; routers filter based on IP addresses.
Brouter                        Data link and Network               A hybrid device that combines the
_                                                                               functionality of a bride and a router. A
_                                                                               brouter can bridge multiple protocols and
_                                                                               can route packets on some of those protocols.
Switch                         Data link(More intelligent           Provides a private virtual link between
_                                 switches work at the network layer)   communicating devices, allows for
_                                                                                        VLANs, reduces traffic and impedes
_                                                                                         network sniffing.
Gateway                      Application(although different     Connects different types of networks,
_                                types of gateways can work at    performs protocol and format translations.
_                                otherLayers)

Comments on bridges:

Three types of bridges:
– Local bridge: Connects two or more LAN segments within a local area.
– Remote bridge: Can connect two or more LAN segment over a wide area network by using telecommunications.
– Translation bridge: If two LANs being connected are different types and use different standards and protocols.

Broadcast storm – Because bridges forward all traffic, the forward all broadcast packets.

STA Spanning Tree Algorithm – Ensures that frames do not circle networks forever, provides redundant paths in case a bridge goes down, assigns unique identifiers to each bridge, assigns priority values to these different bridges and calculates path costs.

Source routing – The packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths.

VLAN Virtual LANs: Enable administrators to logically separate and group users based on resource requirements, security or business needs instead of the standard physical location of the users.

PBX Private Branch Exchange: Is a telephone switch that is located on a company’s property.


Restrict access from one network to another, internally or externally.

DMZ – Demilitarized Zone: A Network segment that is located between the protected and the unprotected networks.

Packet filtering: A method controlling what data can flow into and from a network. Take place by using ACL’s, which are developed and applied to a device. Is based on network layer information, which means that the device cannot look too far into the packet itself. Is not application dependent. Do not keep track of the state of a connection. Provides high performance. Used in first-generation firewalls.

Stateful Packet Filtering: It remembers and keeps track of what packets went where until that particular connection is closed. This requires the firewall to maintain a state table, which is like a score sheet of who said what to whom. Make decisions on what packets to allow or disallow. Works at the network layer.

Proxy firewalls: Stands between a trusted and untrusted network and actually makes the connection, each way, on behalf of the source. Makes a copy of each accepted packet before transmitting it and repackages the packet to hide the packet’s true origin. Works at the application layer.

Dual-homed firewall: Has two interfaces; one facing the external network and the other facing the internal network. Has two NICs and has packet forwarding turned off. Are often used when a company uses proxy firewalls.

Application-level proxies: Inspect the entire packet and make access decisions based on the actual content of the packet. Understand different services and protocols and the commands that are used within them There must be one application-level proxy per service. Works at the application level.

Circuit-level proxy: Creates a circuit between the client computer and the server It knows the source and destination addresses and makes access decisions based on this information. Can handle a wide variety of protocols and services. Works at the network layer.

SOCKS: Is an example of a circuit-level proxy gateway that provides a secure channel between two TCP/IP computers. Does not provide detailed protocol-specific control.

Firewall architecture

Bastion Host: It is the machine that will be accessed by any and all entities trying to access or leave the network. Can support packet filtering, proxy and hybrid firewall applications.

Screened Host: Is a bastion host firewall that communicates directly with a border router and the internal

Screened Subnet: The bastion host, housing the firewall, is sandwiched between two routers. The external applies packet filtering and the internal also filters the traffic.

Shoulds of Firewalls: The default action of any firewall should be to implicitly deny any packets not explicitly

Masquerading / spoofing: The attacker modifies a packet header to have the source address of a host inside the network that she wants to attack.

Honeypot: Is a computer that sits in the DMZ in hopes to lure attackers to it instead of actual production computers.

Networking Services

NOS – Networking operations system: Is designed to control network resource access and provide the necessary services to enable a computer to interact with the surrounding network.

DNS – Domain Name service: Is a method of resolving hostnames. Networks are split up into zones The DNS server that holds the files for one of these zones is said to be the authoritative name server for that particular zone. It is recommended that there be a primary and secondary DNS server for each zone.

Directory Services: Has a hierarchical database of users, computers, printers, resources and attributes of each.

Intranets and Extranets

Intranets: When a company uses Internet– or Web-based technologies inside their networks.

Extranets: Enable two or more companies to share common information and resources.

NAT Network Address Translation: Is a gateway between a network and the Internet, or another network, that performs transparent routing and address translation.

MAN – Metropolitan Area Network: Usually a backbone that connects businesses to WANs, the Internet and other businesses. A majority are SONET / Synchronous Optical Network or FDDI rings.

WAN – Wide Area Network: Are used when communication needs to travel over a larger geographical area.

Dedicated links: Also called leased line or point-to-point link.

T-carriers: Dedicated lines that can carry voice and data information over trunk lines.

S/WAN – Secure WAN: Based on VPNs that are created with IPSec.

WAN Technologies

CSU/DSU – Channel Service Unit / Data Service Unit: Is required when digital equipment will be used to connect a LAN network to a WAN network. DSU converts digital signals to be transmitted over the telephone company’s digital lines. CSU is the unit that connects the network directly to the telephone company’s line. Provides a digital interface for DTE – Data Terminal Equipment. Provides an interface to the DCE – Data Circuit-Terminating Equipment device.

Switching: Circuit switching – Sets up a virtual connection that acts like a dedicated link between two systems. Packet switching – Packets can travel along many different routes to arrive to the same destination.
Frame relay: Is a WAN protocol that operates at the data link layer. Uses packet-switching technology. CIR /committed information rate – Companies that pay more to ensure that a higher level of bandwidth will always be available to them.

Two main types of equipment used:
– DET / Data Terminal Equipment – Customer owned.
– DCE / Data Cricuit-Terminating Equipment – Service provider’s or phone company’s

Virtual Circuits:

PVC / Permanent virtual circuit – Works like a private line for a customer with an agreed – upon bandwidth availability.

SVC / switched virtual circuits – Require steps similar to a dial-up and connection procedure.

X.25: Is an older WAN protocol that defines how devices and networks establish and maintain connections. Is a switching technology. Data is divided into 128 bytes and encapsulated in High-level Data Link Control (HDLC) frames. The frames are then addressed, and forwarded across the carrier switches.

ATM – Asynchronous Transfer Mode: Is a switching technology. Uses a cell-switching technology. This means that data is segmented into fixed size cells, 53 bytes, instead of variable-size packets. Is a high-speed networking technology used for LAN, WAN and service provider connections Sets up virtual circuits, which act like dedicated paths between the source and destination. These virtual circuits can guarantee bandwidth and QoS.

SMDS – Switched Mulitmegabit Data Service: Is a high-speed packet-switched technology used to enable customers to extend their LANs across MANs and WANs. Is connectionless and can provide bandwidth on demand.

SDLC – Synchronous Data Link Control: Is based on networks that use dedicated, leased lines with permanent physical connections. Provides the polling media access technology, which is a mechanism that enables secondary stations to communicate on the network.

HDLC – High-level Data Link Control: Is a bit-oriented link layer protocol used for transmission over synchronous lines. Works with primary stations that contact secondary stations to establish data transmission.

HSSI – High-Speed Serial Interface: Is used to connect multiplexers and routers to high-speed communication services like ATM and frame relay.

Multiservice Access: Combine different types of communication categories over one transmission line. Jittering – When someone using VoIP for phone call experiences lags in the conversation.

H.323: Is a part of ITU-T recommendations that cover a wide variety of multimedia communication services.

Remote Access

Dial-up and RAS: RAS / Remote Access Service server – Performs authentication by comparing the provided
credentials with the database of credentials it maintains.

Wardialing – Is a process used by many attackers to identify remote access modems.

ISDN – Integrated Services Digital Network: Breakes the telephone line into different channels and transmits data in a digital form versus the old analog method.

Three methods:
– BRI / Basic Rate Interface – 2 B channels and 1 D channel.
– PRI / Primary Rate Interface – 23 B channels and 1 D channel.
– BISDN / Broadband – Handle different types of services at the same time.
The D channel provides for a quicker call setup and process of making a connection.

DSL – Digital Subscriber Line: is a broadband technology. The services can be symmetric -> Speed upstream <> downstream. Connected all the time.

Cable modems: Provide high speed access. Connected all the time.

VPN – Virtual Private Network: Is a secure private connection through a public network.

PPTP – Point-to-point tunnelling protocol: Is an encapsulation protocol based on PPP. Works at the data link layer and it enables a single point-to-point connection. Encrypts and encapsulates PPP packets. When negotiating takes place, PPTP cannot encrypt this information because encryption is in the process of being invoked. Can only work on top of IP networks.

L2TP – Layer 2 Tunnelling Protocol: Can run on top and tunnel through networks that use other protocol. Is not an encryption protocol. Supports TACACS+ and RADIUS.

L2F – Layer 2 Forwarding: Provides mutual authentication. No encryption.

IPSec: Handles multiple connections at the same time. Provides secure authentication and encryption. Supports only IP networks. Focuses on LAN-to-LAN communication rather than a dial-up protocol. Works at the network layer and provides security on top of IP. Can work in tunnel mode, meaning the payload and header is encrypted or transport mode, meaning that only the payload is encrypted.

PPP – Point-to-Point: Is used to encapsulate messages and transmit them through an IP network.

PAP – Password Authentication Protocol: Provides identification and authentication of the user attempting to access a network from the remote system.

CHAP – Challenge Handshake Authentication Protocol: Is an authentication protocol that uses challenge/response mechanism to authenticate instead of sending a username and password.

EAP – Extensible Authentication Protocol: Provides a framework to enable many types of authentication techniques to be used during PPP connections.

Network and resource availability

Single point of failure: If one device goes down, a segment or the entire network is negatively affected.

RAID – Redundant Array of Inexpensive Disks: A technology used for redundancy and performance improvement that combines several physical disks and aggregates them into logical arrays.

Clustering: A group of servers that are viewed logically as one server to users and are managed as a single system.