3261541
Description
Mind Map by Marisol Segade, updated more than 1 year ago
|
Created by Marisol Segade
over 8 years ago
|
|
4. Communications and Network
Security
- 4.1 Reviewing OSI and TCP/IP Models
- OSI Model
- All People Seem To Need Data Processing
- All People Seem To Need Data Processing
- Network models
- TCP/IP model
- Network Interface, Internet,
Host-to-Host and Application
Layer
- Network Interface, Internet,
Host-to-Host and Application
Layer
- TCP/IP protocol suite
- IPV6 protocol enhancements
- Ports and port assignments
- DNS and DNSSEC
- CISSP Exam Tips
- The OSI model is becoming outdated and
there are newer technologies that don't fit
the model
- IPv6 has extensions that support
authentication, data integrity and
encryption
- All responses from DNSSEC protected
zones are digitally signed
- The OSI model is becoming outdated and
there are newer technologies that don't fit
the model
- OSI Model
- 4.2 Understanding IP Convergence and Extensibility
- IP Convergence
- IP Extensibility
- Intro to VoIP
- MPLS
- Distributed Network Protocol (DNP3)
- Fibre Channel over Ethernet FCoE
- CISSP Exam Tips
- Extensibility is a new or a modification
of existing functionality without
significantly altering the original
structure
- Open standard is a standard
that is publicly available and can
be freely adopted and extended
- MPLS interoperates with IP networkds
- Extensibility is a new or a modification
of existing functionality without
significantly altering the original
structure
- IP Convergence
- 4.3 Securing Wireless Networks
- Wireless network technologies
- Bluetooth (802.15)
- Cellular networks
- 802.11 access modes
- Wireless threats and vulnerabilities
- Wireless attack vectors
- Wi-Fi protection
- The Wi-Fi Alliance
- CISSP Exam Tips
- Bluetooth uses short -wavelength, low-power
signals with a maximum range of aprox. 50
feet
- GSM and CMDA are multiple access technologies,
which allow voice and data on the same radio
channel
- Wi-Fi is widely adopted , rapidly developing set of
technologies
- Bluetooth uses short -wavelength, low-power
signals with a maximum range of aprox. 50
feet
- Wireless network technologies
- 4.4 Using Cryptography to Maintain Communication Security
- Internet communications vulnerabilities
- SSL/TLS
- Secure Shell (SSH)
- S/MIME
- IPSec
- CISSP Exam Tips
- SSH requires and SSH server and an SSH client
- Secure Shell is a replacement for cleartext telnet,
rlogin, rsh and rsync
- SSL server may be optionally configured to require client
side authentication
- SSH requires and SSH server and an SSH client
- Internet communications vulnerabilities
- 4.5 Securing Network Access
- Network segmenting
- Perimeter devices
- NAT
- Ingress and egress filtering
- Proxy services
- Intrusion detection and intrusion
prevention services
- Honeypots and Honeynets
- CISSP Exam Tips
- The internet is always considered an untrusted network
- Proxy firewalls are bastion hosts (hardened device
with connection to the untrusted and trusted network)
- Honey pots work by fooling attackers into believing it is
a legitimate system
- The internet is always considered an untrusted network
- Network segmenting
- 4.6 Securing Data Transmissions
- Network data transmission
- Layer 1,2,3 connectivity devices
- Transmission media
- Dedicated & non-dedicated connections
- Network cabling
- Emanations security
- CISSP Exam Tips
- Wireless access points are bridges
for wireless and wired IP traffic
- Shielded twisted pair (STP)
reduces EMI vulnerability and
crosstalk
- Fiber optic has no
electromagnetic emanations
- Wireless access points are bridges
for wireless and wired IP traffic
- Network data transmission
- 4.7 Securing Multimedia Collaboration
- VoIP
- Remote meeting technology
- Instant messaging and chat
- Content distribution networks (CDN)
- CISSP Exam Tips
- VoIP can be a malicious network entry point
- Remote meeting technology can be a malicious
network entry point
- CDN can be a malicious network entry point
- VoIP can be a malicious network entry point
- VoIP
- 4.8 Securing Virtual Private Networks
- VPN Technologies
- PPTP
- L2TP
- IPSec in-depth
- High assurance
internet protocol
encryptor (HAIPE)
- SSL VPN
- CISSP Exam Tips
- VPNs are cost-effective alternative to
point-to-point connections
- SSL VPN use a local browser
- HAIPE is an extension of IPsec used in
high security networks
- VPNs are cost-effective alternative to
point-to-point connections
- VPN Technologies
- 4.9 Securing Endpoints
- Network access controls (NAC)
- Endpoint firewalls
- Endpoint IDS/IPS (HIDS)
- Proxy servers
- Malware protection and detection
- Remote location and telecommuting
- Mobile device managment
- CISSP Exam Tips
- NAC is an emerging approach to networks
security that attempts to unify endpoint
security and enforcement
- Malware defense requires a balance of
deterrent , preventative, detection and
corrective controls
- Mobile device management
solutions are owner-agnostic
- NAC is an emerging approach to networks
security that attempts to unify endpoint
security and enforcement
- Network access controls (NAC)
- 4.10 Preventing and Mitigating Network Attacks
- CISSP Exam Tips
- Attack anatomy = aquisition, analysis,
access and appropiation,
- Attacks can violate confidenciality,
integrity and availability
- Security demands a unified approach and
defense-in-depth architecture
- Attack anatomy = aquisition, analysis,
access and appropiation,
- CISSP Exam Tips
Want to create your own Mind Maps for free with GoConqr? Learn more.