4. Communications and Network Security

Marisol Segade
Mind Map by Marisol Segade, updated more than 1 year ago
Marisol Segade
Created by Marisol Segade about 6 years ago


5 Mind Maps (CISSP CBK) Mind Map on 4. Communications and Network Security, created by Marisol Segade on 08/23/2015.

Resource summary

4. Communications and Network Security
  1. 4.1 Reviewing OSI and TCP/IP Models
    1. OSI Model
      1. All People Seem To Need Data Processing
      2. Network models
        1. TCP/IP model
          1. Network Interface, Internet, Host-to-Host and Application Layer
          2. TCP/IP protocol suite
            1. IPV6 protocol enhancements
              1. Ports and port assignments
                1. DNS and DNSSEC
                  1. CISSP Exam Tips
                    1. The OSI model is becoming outdated and there are newer technologies that don't fit the model
                      1. IPv6 has extensions that support authentication, data integrity and encryption
                        1. All responses from DNSSEC protected zones are digitally signed
                      2. 4.2 Understanding IP Convergence and Extensibility
                        1. IP Convergence
                          1. IP Extensibility
                            1. Intro to VoIP
                              1. MPLS
                                1. Distributed Network Protocol (DNP3)
                                  1. Fibre Channel over Ethernet FCoE
                                    1. CISSP Exam Tips
                                      1. Extensibility is a new or a modification of existing functionality without significantly altering the original structure
                                        1. Open standard is a standard that is publicly available and can be freely adopted and extended
                                          1. MPLS interoperates with IP networkds
                                        2. 4.3 Securing Wireless Networks
                                          1. Wireless network technologies
                                            1. Bluetooth (802.15)
                                              1. Cellular networks
                                                1. 802.11 access modes
                                                  1. Wireless threats and vulnerabilities
                                                    1. Wireless attack vectors
                                                      1. Wi-Fi protection
                                                        1. The Wi-Fi Alliance
                                                          1. CISSP Exam Tips
                                                            1. Bluetooth uses short -wavelength, low-power signals with a maximum range of aprox. 50 feet
                                                              1. GSM and CMDA are multiple access technologies, which allow voice and data on the same radio channel
                                                                1. Wi-Fi is widely adopted , rapidly developing set of technologies
                                                              2. 4.4 Using Cryptography to Maintain Communication Security
                                                                1. Internet communications vulnerabilities
                                                                  1. SSL/TLS
                                                                    1. Secure Shell (SSH)
                                                                      1. S/MIME
                                                                        1. IPSec
                                                                          1. CISSP Exam Tips
                                                                            1. SSH requires and SSH server and an SSH client
                                                                              1. Secure Shell is a replacement for cleartext telnet, rlogin, rsh and rsync
                                                                                1. SSL server may be optionally configured to require client side authentication
                                                                              2. 4.5 Securing Network Access
                                                                                1. Network segmenting
                                                                                  1. Perimeter devices
                                                                                    1. NAT
                                                                                      1. Ingress and egress filtering
                                                                                        1. Proxy services
                                                                                          1. Intrusion detection and intrusion prevention services
                                                                                            1. Honeypots and Honeynets
                                                                                              1. CISSP Exam Tips
                                                                                                1. The internet is always considered an untrusted network
                                                                                                  1. Proxy firewalls are bastion hosts (hardened device with connection to the untrusted and trusted network)
                                                                                                    1. Honey pots work by fooling attackers into believing it is a legitimate system
                                                                                                  2. 4.6 Securing Data Transmissions
                                                                                                    1. Network data transmission
                                                                                                      1. Layer 1,2,3 connectivity devices
                                                                                                        1. Transmission media
                                                                                                          1. Dedicated & non-dedicated connections
                                                                                                            1. Network cabling
                                                                                                              1. Emanations security
                                                                                                                1. CISSP Exam Tips
                                                                                                                  1. Wireless access points are bridges for wireless and wired IP traffic
                                                                                                                    1. Shielded twisted pair (STP) reduces EMI vulnerability and crosstalk
                                                                                                                      1. Fiber optic has no electromagnetic emanations
                                                                                                                    2. 4.7 Securing Multimedia Collaboration
                                                                                                                      1. VoIP
                                                                                                                        1. Remote meeting technology
                                                                                                                          1. Instant messaging and chat
                                                                                                                            1. Content distribution networks (CDN)
                                                                                                                              1. CISSP Exam Tips
                                                                                                                                1. VoIP can be a malicious network entry point
                                                                                                                                  1. Remote meeting technology can be a malicious network entry point
                                                                                                                                    1. CDN can be a malicious network entry point
                                                                                                                                  2. 4.8 Securing Virtual Private Networks
                                                                                                                                    1. VPN Technologies
                                                                                                                                      1. PPTP
                                                                                                                                        1. L2TP
                                                                                                                                          1. IPSec in-depth
                                                                                                                                            1. High assurance internet protocol encryptor (HAIPE)
                                                                                                                                              1. SSL VPN
                                                                                                                                                1. CISSP Exam Tips
                                                                                                                                                  1. VPNs are cost-effective alternative to point-to-point connections
                                                                                                                                                    1. SSL VPN use a local browser
                                                                                                                                                      1. HAIPE is an extension of IPsec used in high security networks
                                                                                                                                                    2. 4.9 Securing Endpoints
                                                                                                                                                      1. Network access controls (NAC)
                                                                                                                                                        1. Endpoint firewalls
                                                                                                                                                          1. Endpoint IDS/IPS (HIDS)
                                                                                                                                                            1. Proxy servers
                                                                                                                                                              1. Malware protection and detection
                                                                                                                                                                1. Remote location and telecommuting
                                                                                                                                                                  1. Mobile device managment
                                                                                                                                                                    1. CISSP Exam Tips
                                                                                                                                                                      1. NAC is an emerging approach to networks security that attempts to unify endpoint security and enforcement
                                                                                                                                                                        1. Malware defense requires a balance of deterrent , preventative, detection and corrective controls
                                                                                                                                                                          1. Mobile device management solutions are owner-agnostic
                                                                                                                                                                        2. 4.10 Preventing and Mitigating Network Attacks
                                                                                                                                                                          1. CISSP Exam Tips
                                                                                                                                                                            1. Attack anatomy = aquisition, analysis, access and appropiation,
                                                                                                                                                                              1. Attacks can violate confidenciality, integrity and availability
                                                                                                                                                                                1. Security demands a unified approach and defense-in-depth architecture
                                                                                                                                                                              Show full summary Hide full summary


                                                                                                                                                                              Creating Mind Maps with GoConqr
                                                                                                                                                                              Sarah Egan
                                                                                                                                                                              Creating Mind Maps with GoConqr
                                                                                                                                                                              Andrea Leyden
                                                                                                                                                                              Mind Maps with GoConqr
                                                                                                                                                                              Manikandan Achan
                                                                                                                                                                              Mind Maps with GoConqr
                                                                                                                                                                              Elysa Din
                                                                                                                                                                              Mind Maps with GoConqr
                                                                                                                                                                              GoConqr Getting Started Guide
                                                                                                                                                                              Norman McBrien
                                                                                                                                                                              Creating Mind Maps with GoConqr
                                                                                                                                                                              Cristhian Arámbula
                                                                                                                                                                              Creating Mind Maps with GoConqr
                                                                                                                                                                              Daniel Yon
                                                                                                                                                                              Mind Maps with GoConqr
                                                                                                                                                                              ernesto blcano
                                                                                                                                                                              Creating Mind GoConqr
                                                                                                                                                                              Fin Blight
                                                                                                                                                                              Writing as a Christian
                                                                                                                                                                              Amiya winslow