CISSP Review Course
Domain 2:
Telecommunications
and
Network Security
This presentation includes a compendium of slides, both original and gathered from various
public information sources and is not intended for use by any for-profit individuals or organizations
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
1
Domain Objective:
Telecommunications and Network Security
The objective of this domain is to understand:
• data communications in terms of physical and logical networks,
including local area, metropolitan area, wide area, remote
access, Internet, intranet, extranet, their related technologies of
firewalls, bridges, routers, and the TCP/IP and OSI models
• communications and network security as it relates to voice,
data, multimedia, and facsimile
• communications security management techniques that prevent,
detect, and correct errors
We will cover most, but not all of these areas in this review
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
2
Domain Summary:
Telecommunications and Network Security
The telecommunications and network security
domain is a very significant part of the CBK. The
information for this domain typically represents 15%
of the CISSP exam content and includes the
structures, transmission methods, transport formats,
and security measures used to provide and ensure
the integrity, availability, authentication, and
confidentiality of transmissions over private and
public communications networks.
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
3
Network and Data Link Structures:
OSI Standards Development
• ISO – International Standards Organization
• ECMA – European Computer Manufacturers Association
• CCITT – International Telegraph and Telephone Consultative
Committee
• IEEE – Institute of Electrical and Electronics Engineers
• ANSI – American National Standards Institute
• MAP/TOP – Manufacturing Automation Protocol/Technical Office
Protocol
• NIST – U.S. National Institute for Standards and Technology
• NSA – U.S. National Security Agency
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
4
OSI Reference Model

Open Systems Interconnection Reference
Model
Standard model for network communications
 Allows dissimilar networks to communicate
 Defines 7 protocol layers (a.k.a. protocol stack)
 Each layer on one workstation communicates with
its respective layer on another workstation using
protocols (i.e. agreed-upon communication
formats)
 “Mapping” each protocol to the model is useful for
comparing protocols.

September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
OSI’s Seven Layers of Network Architecture
7 Application
Provides specific services for applications such as
file transfer
6 Presentation
Provides data representation between systems
5 Session
Establishes, maintains, manages sessions
example - synchronization of data flow
4 Transport
Provides end-to-end data transmission integrity
3 Network
Switches and routes information units
2 Data Link
Provides transfer of units of information to other
end of physical link
1 Physical
Transmits bit stream on physical medium
OSI Model
(Mnemonic: All People Seem To Need Data Processing)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
OSI Reference Model
Data Flow
CLIENT
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Then up the receiving stack
6 Presentation
Data travels down the stack
7 Application
SERVER
7 Application
6 Presentation
5 Session
4 Transport
3 Network
2 Data Link
1 Physical
Through the network
As the data passes through each layer on the client information about that
layer is added to the data.. This information is stripped off by the
corresponding layer on the server.
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
OSI v TCP/IP - Implementation
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
8
Network and Data Link Structures:
OSI vs.TCP/IP - Mapping
OSI
• The Open System Interconnection [OSI]
is a seven layer structure for the use in
every type of network.
7 Application Layer
• Defined by the ITU-T (Geneva) and
modelled after the IBM System Network
Architecture [SNA].
5
• A very complex model; difficult to
implement and hard to use.
3
• Not fully compliant with the TCP/IP
protocol, which is more simple
• TCP – Transmission Control Protocol
6 Presentation Layer
TCP/IP
Application
Session Layer
4 Transport Layer
Network Layer
TCP
UDP
IP
2 Data Link Layer
Network
1
Physical Layer
• IP- Internet Protocol
• UDP – User Datagram Protocol.
RAISF & RIT CISSP Prep Domain 2 - 2002
9
Network and Data Link Structures:
OSI’s Seven Layers of Network Architecture
7 Application
Provides specific services for applications such as
file transfer
6 Presentation
Provides data representation between systems
5 Session
Establishes, maintains, manages sessions
example - synchronization of data flow
4 Transport
Provides end-to-end data transmission integrity
3 Network
Switches and routes information units
2 Data Link
Provides transfer of units of information to other
end of physical link
1 Physical
Transmits bit stream on physical medium
OSI Model
(Mnemonic: All People Seem To Need Data Processing)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
ISO/OSI Layers & Characteristics
• Application Layer (layer 7)
- protocols and services are used by applications to
communicate information to lower layers
- layer where all information originates and applications run
- best layer for encryption and access control services
 FTP (File Transfer Protocol)
 HTTP (HyperText Transfer Protocol)
 SMTP (Simple Mail Transfer Protocol)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
11
Network and Data Link Structures:
OSI’s Seven Layers of Network Architecture
7 Application
Provides specific services for applications such as
file transfer
6 Presentation
Provides data representation between systems
5 Session
Establishes, maintains, manages sessions
example - synchronization of data flow
4 Transport
Provides end-to-end data transmission integrity
3 Network
Switches and routes information units
2 Data Link
Provides transfer of units of information to other
end of physical link
1 Physical
Transmits bit stream on physical medium
OSI Model
(Mnemonic: All People Seem To Need Data Processing)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
ISO/OSI Layers & Characteristics
• Presentation layer (layer 6)
- negotiates information exchange with applications and
destination, functions include data transfer and structure
- information syntax negotiation and transformation
- adapts information for different representation when
communicating to another system
• For example, translates between differing text and data character
representations such as EBCDIC and ASCII
• Also includes data encryption
• Layer 6 standards include JPEG, GIF, MPEG, MIDI
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
13
Network and Data Link Structures:
OSI’s Seven Layers of Network Architecture
7 Application
Provides specific services for applications such as
file transfer
6 Presentation
Provides data representation between systems
5 Session
Establishes, maintains, manages sessions
example - synchronization of data flow
4 Transport
Provides end-to-end data transmission integrity
3 Network
Switches and routes information units
2 Data Link
Provides transfer of units of information to other
end of physical link
1 Physical
Transmits bit stream on physical medium
OSI Model
(Mnemonic: All People Seem To Need Data Processing)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
ISO/OSI Layers & Characteristics
• Session layer (layer 5)
– Establishes, manages and terminates sessions
between applications
– coordinates service requests and responses that
occur when applications communicate between
different hosts
- most login functions are in this layer (ID and authentication)
– Examples include: NFS, RPC, X Window System,
AppleTalk Session Protocol, SPX
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
15
Network and Data Link Structures:
OSI’s Seven Layers of Network Architecture
7 Application
Provides specific services for applications such as
file transfer
6 Presentation
Provides data representation between systems
5 Session
Establishes, maintains, manages sessions
example - synchronization of data flow
4 Transport
Provides end-to-end data transmission integrity
3 Network
Switches and routes information units
2 Data Link
Provides transfer of units of information to other
end of physical link
1 Physical
Transmits bit stream on physical medium
OSI Model
(Mnemonic: All People Seem To Need Data Processing)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
ISO/OSI Layers & Characteristics
• Transport layer (layer 4)
- end-to-end transfer, flow control, error recovery, congestion
control
- provides transparent data transfers between session
processes, optimizes network services, uses protocol to
regulate data transfer
• TCP
• UDP
– Gateways operate at layer 4 to layer 7
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
17
Internet Protocols and Security:
Internet Protocols - layer 4
• User Datagram Protocol (UDP) - layer 4 transport
– connectionless
- Same level of service used by IP
- It is easier to spoof UDP packets
• Transport control protocol (TCP) - layer 4 transport
-
Provides reliable virtual circuits to user packets
Damaged packets are retransmitted
Incoming packets are sequenced
Congestion Control
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
18
Network and Data Link Structures:
OSI’s Seven Layers of Network Architecture
7 Application
Provides specific services for applications such as
file transfer
6 Presentation
Provides data representation between systems
5 Session
Establishes, maintains, manages sessions
example - synchronization of data flow
4 Transport
Provides end-to-end data transmission integrity
3 Network
Switches and routes information units
2 Data Link
Provides transfer of units of information to other
end of physical link
1 Physical
Transmits bit stream on physical medium
OSI Model
(Mnemonic: All People Seem To Need Data Processing)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
ISO/OSI Layers & Characteristics
• Which path should traffic take through
networks?
• How do the packets know where to go?
• What are protocols?
• What is the difference between routed and
routing protocols?
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network Layer
• Only two devices which are directly connected by the
same “wire” can exchange data directly
• Devices not on the same network must communicate
via intermediate system
• Router is an intermediate system
• The network layer determines the best way to
transfer data. It manages device addressing and
tracks the location of devices.
• Routers operate at this layer.
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
ISO/OSI Layers & Characteristics
• Network layer (layer 3)
- provides message routing and relaying independent of transport
protocol
- can determine routing for performance
– Provides routing and relaying
• Routing: determining the path between two end systems
• Relaying: moving data along that path
– Addressing mechanism is required
– Flow control may be required
– Must handle specific features of subnetwork
• Mapping between data link layer and network layer addresses
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
22
Internet Protocols and Security:
Internet Protocols - layer 3
• IP packets
-
Bundles of data with a specific format
Foundation for TCP/IP protocol
32-bit length
Few hundred bytes longs
Uses unreliable datagram service – no guarantees
Can be fragmented when packet is too long
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
23
Internet Protocols and Security:
Internet Protocols - layer 3
• Address resolution protocol (ARP) - layer 3 mapping
- IP packets sent over Ethernet
- Maps 32 bit IP address to 48 bit MAC address
-
• Internet Control Message Protocol (ICMP) - layer 3
-
Mechanism used to influence behavior of TCP & UDP
Provides best route information to network devices
Reports trouble with routing to network devices
Terminates problem connections
Supports PING program
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
24
Internet Protocols and Security:
Internet Protocol Security - layer 3
• Internet Protocol Security (IPSEC) - suite of
authentication and encryption protocols for IP
–
–
–
–
–
–
Proposed IETF interoperable security standard
Standard to be implemented on all network devices
Used to authenticate TCP/IP connections
Adds confidentiality and integrity to TCP/IP packets
Transparent to application and network infrastructure
Supports VPN
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
25
Network and Data Link Structures:
OSI’s Seven Layers of Network Architecture
7 Application
Provides specific services for applications such as
file transfer
6 Presentation
Provides data representation between systems
5 Session
Establishes, maintains, manages sessions
example - synchronization of data flow
4 Transport
Provides end-to-end data transmission integrity
3 Network
Switches and routes information units
2 Data Link
Provides transfer of units of information to other
end of physical link
1 Physical
Transmits bit stream on physical medium
OSI Model
(Mnemonic: All People Seem To Need Data Processing)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
ISO/OSI Layers & Characteristics
• Data link layer (layer 2)
- manages communication between adjacent or broadcast networks,
independent of network access method
- data link connection and flow control link
- divides large volumes of data into smaller packets
• Media Access Control (MAC)
– refers downward to lower layer hardware functions
• Logical Link Control (LLC)
– refers upward to higher layer software functions
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
27
Network and Data Link Structures:
Ethernet Frame Format
Preamble
(7-Bytes)
Start
Frame
Delimiter
(7-Bytes)
Dest.
MAC
Address
(6-Bytes)
Source.
Length/
MAC
Type
Address
(2-Bytes)
(6-Bytes)
MAC Client
Data
(0 – n Bytes)
<=1500 for standard
=>1536 for other types
Pad
(0 – p Bytes)
Frame
Check
Sequence
(4 Bytes)
Notes:
- The pad field is used to extend small packets to the minimum 64 byte length
- Ethernet types can be found at http://www.standards.ieee.org/regauth/ethertype/type-pub.html
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
28
Network and Data Link Structures:
Ethernet Frame Type and Access Method
IEEE 802.2 SNAP/LLC
SubNetwork Attachment Point
SNAP
Logical Link Control
LLC
AA
AA
03
00
00
00
3 Octet OUI
Organizationally Unique Number
08
00
2 Octet TYPE
Note: The SNAP/LLC are inserted in the first part of the data field
Access Method - CSMA/CD (Carrier Sense, Multiple Access with Collision Detect)
With the exception of the full-duplex variations of ethernet, all versions compete for access to
the network using this protocol. Essentially, each node monitors the media for an active signal
(carrier) and attempts to ‘talk’ only when the line is ‘quiet’, but monitors the line for collisions
during the transmission. If a collision is detected, the protocol specifies how long the device
must wait before attempting to transmit again. This differs from token protocols (such as token
ring), which ‘pass’ a virtual token from node to node to control access to the media.
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
29
Network and Data Link Structures:
Ethernet Frame Informational Fields
IP Header - Protocol Type Identifiers (used in SNAP frame)
•
•
•
•
ICMP (1) – Internet Control Message Protocol
IGMP (2) – Internet Group Management Protocol
TCP (6) – Terminal Control Protocol
UDP (17) – User Datagram Protocol
TCP/UDP Port Identifiers
•
•
•
•
•
•
•
•
FTP (20/21)- File Transfer Protocol, which is used for transferring files across the network.
Telnet (23) - An application for remotely logging into a server across the network.
SMTP (25) - Simple Mail Transfer Protocol, used for transferring email across the Internet.
TFTP (69) - Trivial File Transfer Protocol, which is a low overhead fast transfer FTP protocol.
HTTP (80) - HyperText Transport Protocol, which is used for transferring web pages.
NNTP (119) - Network News Transfer Protocol, which is used for transferring news
SNMP (161/162) -Simple Network Management Protocol, used for managing network devices.
SSL (443) – Secure Socket Layer, used to provide security to web site communications
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
30
Network and Data Link Structures:
OSI’s Seven Layers of Network Architecture
7 Application
Provides specific services for applications such as
file transfer
6 Presentation
Provides data representation between systems
5 Session
Establishes, maintains, manages sessions
example - synchronization of data flow
4 Transport
Provides end-to-end data transmission integrity
3 Network
Switches and routes information units
2 Data Link
Provides transfer of units of information to other
end of physical link
1 Physical
Transmits bit stream on physical medium
OSI Model
(Mnemonic: All People Seem To Need Data Processing)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Network and Data Link Structures:
ISO/OSI Layers & Characteristics
• Physical layer (layer 1)
- provides physical connection for transmission between data link
processes
- bitstream transmission over physical media
• Specifies the electrical, mechanical, procedural, and
functional requirements for activating, maintaining, and
deactivating the physical link between end systems
• Examples of physical link characteristics include voltage
levels, data rates, maximum transmission distances, and
physical connectors
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
32
Network Devices and Communications:
Glossary - Data Network Devices
• Hub/Repeater/Concentrator – provides physical interconnection
of multiple nodes to a network; very common for UTP LANs
• Bridge – a device that connects segments of the same LAN;
operates in network layer 2
• Brouter - a router that can bridge, merging both capabilities into a
•
•
•
single box. Routes selected protocols and bridges all other traffic.
Router – a device that are similar to bridges but contain network
management protocols that enhance network functionality. A router
operates in the network layer 3.
Gateway - used to connect LANs to other LANs or hosts; can act as a
translator between networks using incompatible protocols. A gateway
operates in any layer from 4 to 7.
Backbone - is the major transmission part of the network that connects
all the data network devices but does not connect directly to the user
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
33
Network Devices and Communications:
Glossary - Data Transmission Methods
•
•
•
•
•
Leased line networks – dedicated private facilities
Dedicated line – a private or leased line
Common carriers – a common carrier voice line
Digital communications – passes data encoded in on-off pulses
Analog communications – a continuous signal varied by
modulation
• Synchronous communications – high speed, data synchronized
by electronic clock signals
• Asynchronous communications – transfer data by sending bits
sequentially
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
34
System and Security Management:
Local Area Network
•
•
•
•
Primarily a data communications network
Devices are within a limited area - 4 to 100 MBS
Supports a specific user group and topology
Usually not connected through a public switched
network
• Typical network services - file, mail, print,
communications, terminal services
• Typical connection of LANs
- Campus Area Network (CAN)
- Metropolitan Area Network (MAN)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
35
LAN Topologies
• Star
• Bus
• Tree
• Ring
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Star Topology
• Telephone wiring is one common example
– Center of star is the wire closet
• Star Topology easily maintainable
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Bus Topology
• Basically a cable that attaches many devices
• Can be a “daisy chain” configuration
• Computer I/O bus is example
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Tree Topology
• Can be extension of bus and star topologies
• Tree has no closed loops
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Ring Topology
• Continuous closed path between devices
• A logical ring is usually a physical star
• Don’t confuse logical and physical topology
MAU
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
System and Security Management:
LAN Topologies
• Ring - interconnects systems to each other to form a ring
– All data packets pass through each workstation on ring
– If a workstation fails all communications fails
• Star - uses a central hub connecting workstations and servers
– Optimal for a large number of devices
– Short cable runs for devices; helps with troubleshooting
• Bus - uses a single cable through entire network with
workstations and servers as drop-off points
– Easy to expand number of devices due to one cable run
– More susceptible to problems; cable is single point of failure
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
41
LAN Access Methods
• Carrier Sense Multiple Access with Collision
Detection (CSMA/CD)
– Talk when no one else is talking
• Token
– Talk when you have the token
• Slotted
– Similar to token, talk in free “slots”
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
LAN Signaling Types
• Baseband
– Digital signal, serial bit stream
• Broadband
– Analog signal
– Cable TV technology
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
LAN Types
•
•
•
•
Ethernet
Token Ring
FDDI
Wireless
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Ethernet
•
•
•
•
•
•
•
Bus topology - distance limitations
10 - 100 - 1000 MBS
CSMA/CD
Baseband
Most common network type
IEEE 802.3
Broadcast technology - transmission stops at
terminators
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Token Ring
• IEEE 802.5
• Flow is unidirectional
• Each node regenerates signal (acts as
repeater)
• Control passed from interface to interface by
“token”
• Only one node at a time can have token
• 4 or 16 Mbps
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Fiber Distributed Data Interface
(FDDI)
• Dual counter rotating rings
– Devices can attach to one or both rings
– Single attachment station (SAS), dual (DAS)
• Uses token passing
• Logically and physically a ring
• ANSI governed
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
Wireless Networks
• IEEE 802.11b
• Rapidly Emerging
• Security Vulnerabilities
– Eavesdropping, snooping
– Theft of Services
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
System and Security Management:
LAN Physical Media Characteristics
• Twisted pair (UTP) – phone wire, cheapest to install, limited in
distance and bandwidth, used within a building. Comes in
unshielded (UTP) and shielded (STP)twisted pair versions
• Coaxial cable – solid copper wire core with insulation, expensive
to install, resistant to interference
• Fiber optic – glass fibers surrounded by insulation, higher
transmission speed, longest distance for signal strength, most
expensive, difficult to tap
• Infrared and radio frequency (RF) - uses over-the-air signals,
susceptible to interference, becoming widely used since 802.11b
• Attenuation – loss of signal strength when cable length exceeds
maximum range
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
49
System and Security Management:
Local Area Networks
• Virtual Local Area Network (VLAN)
– Keeps users grouped according to a common task
– Uses a high speed backbone and asynchronous transfer
– Not physically connected to a server but logically connected
• Metropolitan Area Network (MAN)
– Connects LANs over a large geographical area
(i.e. several blocks away to citywide)
– Interconnects two or more LANs
– Can be owned by a private or public vendor
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
50
System and Security Management:
Local Area Networks
• Virtual Private Network (VPN)
- Establish a secure network link between two specific
network nodes using encryption
- VPN agent at remote client and server authenticate
- Technique uses secure handshake and key exchange
- Establishes a dynamic encrypted link
- Works only with IP
- Operates at OSI layer 3 (network)
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
51
System and Security Management:
Local Area Networks
• Wide Area Network (WAN)
– Connects LANs over a large geographical area
(i.e. across cities to distant continents)
– Network can consist of LANs, MANs, and host computers
– Supports multiple communication protocols and network
services
– Dedicated public or virtual circuits used for service
• Value-Added Network (VAN) - carriers that lease lines
from common carriers and then provide additional services
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
52
Network switching
 Circuit-switched
 Transparent path between devices
 Dedicated circuit
 Phone call
 Packet-switched
 Data is segmented, buffered, & recombined
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
53
Internet Protocols and Security:
WAN Data Transmission Protocols
• X.25 - defines interface between a computing device
and a packet switched network
• Frame Relay - standardized packet switching service
that improves X.25 with better error recovery
• ISDN - Integrated Services Digital Network
– Basic Rate Interface (BRI)
– Primary Rate Interface (PRI)
• High speed Serial - T1, E1, T3, E3, Fractional
• ATM - Asynchronous Transfer Mode
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
54
Internet Security:
Access Technologies
• Today
•
•
•
•
•
Analog or ISDN phone line with Point-to-Point Protocol [PPP]
Mobile phones
Digital Subscriber Line [DSL]
Asynchronous DSL [ADSL]
Cable TV
• Tomorrow
•
•
•
•
High-Speed Mobile phones
Wireless Local Loop [WLL]
Power lines
Broadband Satellite
RAISF & RIT CISSP Prep Domain 2 - 2002
55
Internet Protocols and Security:
Internet Protocol (IP)
• IP does not guarantee delivery of data
– Connectionless
• Allows the protocol to service a request without requesting a
verified session and without guaranteeing delivery of data
• Addressing
–
–
–
–
–
Current IPv4 addressing is 32 bits
Proposed IPv6 is 128 bits
More ranges to allocate to eliminate duplicate ranges
Complexity of transition increases network control devices
New addressing scheme has embedded security
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
IPv4 & IPv6 Header Comparison
Version
IPv4 Header
IHL
Type of Service
Identification
Total Length
Flags
Time to Live
Protocol
Fragment Offset
Header Checksum
Source Address
Destination Address
Options
Padding
IPv6 Header
Version
Traffic Class
Payload Length
Flow Label
Next Header
Hop Limit
Source Address
Destination Address
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
57
IPv4 & IPv6 Functionality Comparison
IP Service
IPv4 Solution
IPv6 Solution
Addressing Range
32-bit, Network Address
Translation
128-bit, Multiple Scopes
Autoconfiguration
DHCP
Serverless Configuration,
Reconfiguration, DHCP
Security
IPSec
IPSec Mandated,
works End-to-End
Mobility
Mobile IP
Mobile IP with Direct Routing
Quality-of-Service
Differentiated Service,
Integrated Service
Differentiated Service,
Integrated Service
IP Multicast
IGMP/PIM/Multicast BGP
MLD/PIM/Multicast BGP, Scope
Identifier
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
58
Domain Objectives Re-visited:
Telecommunications and Network Security
The objective of this domain is to understand:
• data communications in terms of physical and logical networks,
including local area, metropolitan area, wide area, and the
TCP/IP and OSI models
Next Week
• Remote access, Internet, intranet, extranet, their related
technologies of firewalls, Proxy servers, and controls
• communications and network security as it relates to voice,
data, multimedia, and facsimile
• communications security management techniques that prevent,
detect, and correct errors
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
59
Domain 2 Practice Questions
1. This protocol matches an Internet Protocol (IP) address to an Ethernet
address.
a. Address Resolution Protocol (ARP).
b. Reverse Address Resolution Protocol (RARP).
c. Internet Control Message protocol (ICMP).
d. User Datagram Protocol (UDP).
2. Which of the following is a LAN transmission protocol?
a. Ethernet
b. Ring topology
c. Unicast
d. Polling
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
60
Domain 2 Practice Questions
3. The basic language of modems and dial-up remote access systems is
a. Asynchronous Communication.
b. Synchronous Communication.
c. Asynchronous Interaction.
d. Synchronous Interaction.
4. What is an IP routing table?
a. A list of IP addresses and corresponding MAC addresses.
b. A list of station and network addresses with corresponding gateway IP address.
c. A list of host names and corresponding IP addresses.
d. A list of current network interfaces on which IP routing is enabled.
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
61
Domain 2 Practice Questions
5. Which of the following IEEE standards defines the token ring media access
method?
a. 802.3
b. 802.11
c. 802.5
d. 802.2
6. Which device is used to connect two networks at the highest level of the
ISO/OSI framework?
a. Bridge
b. Brouter
c. Router
d. Gateway
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
62
Domain 2 Practice Questions
7. Which OSI/ISO layer defines how to address the physical devices on the
network?
a. Session layer
b. Presentation layer
c. Application layer
d. Transport layer
8. Which of the following networking devices allows the interconnection of two or
more homogeneous LANs in a simple way?
a. Gateways
b. Routers
c. Bridges
d. Firewalls
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
63
Domain 2 Practice Questions
9. Network cabling comes in three flavors, they are:
a. twisted pair, coaxial, and fiber optic.
b. tagged pair, coaxial, and fiber optic.
c. trusted pair, coaxial, and fiber optic.
d. twisted pair, control, and fiber optic.
10. How many bits compose an IPv6 address?
a. 32 bits
b. 64 bits
c. 96 bits
d. 128 bits
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
64
Domain 2 Practice Questions
11. Which of the following type of packets can be denied with a stateful packet
filter?
a. ICMP
b. TCP
c. UDP
d. IP
12. Which of the following is a device that is used to amplify the received signals?
a. Bridge
b. Router
c. Repeater
d. Brouter
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
65
Domain 2 Practice Questions
13. Which of the following statements pertaining to packet switching is incorrect?
a. Most data sent today uses digital signals over network employing packet
switching.
b. Messages are divided into packets.
c. All packets from a message travel through the same route.
d. Each network node or point examines each packet for routing.
14. What is a limitation of TCP Wrappers?
a. It cannot control access to running UDP servers.
b. It stops packets before they reach the application layer, thus confusing some
proxy servers.
c. The hosts.* access control system requires a complicated directory tree.
d. They are too expensive.
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
66
Domain 2 Practice Questions
15. Which of the following characteristics does not apply to RIP?
a. Distance vector routing
b. Maximum of 15 hops
c. Exterior Gateway Protocol
d. Not the most efficient routing protocol
16. Cable length is the most common failure issue with
a. twisted pair cabling.
b. Coaxial cabling.
c. Fiber Optic cabling.
d. inter joined pair cabling.
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
67
Domain 2 Practice Questions
17. Which of the following protocols is not implemented at the Internet layer of
the TCP/IP protocol model?
a. User datagram protocol (UDP)
b. Internet protocol (IP)
c. Address resolution protocol (ARP)
d. Internet control message protocol (ICMP)
18. Which of the following, used to extend a network, has a storage capacity to
store frames and act as a store-and-forward device?
a. Bridge
b. Router
c. Repeater
d. Gateway
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
68
Domain 2 Practice Questions
19. Coaxial cable is called "coaxial" because
a. it includes two physical channels that carries the signal surrounded (after a
layer of insulation) by another concentric physical channel, both running
along the same axis.
b. it includes one physical channel that carries the signal surrounded (after a
layer of insulation) by another concentric physical channel, both running
along the same axis
c. it includes two physical channels that carries the signal surrounded (after a
layer of insulation) by another two concentric physical channel, both running
along the same axis.
d. it includes one physical channel that carries the signal surrounded (after a
layer of insulation) by another concentric physical channel, both running
perpendicular and along the different axis
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
69
Domain 2 Practice Questions
20. Wide Area Network that was originally funded by the Department of Defense,
which uses TCP/IP for data interchange is
a. the Internet.
b. the Intranet.
c. the extranet.
d. the Ethernet.
September 18, 2002
RAISF & RIT CISSP Prep Domain 2 - 2002
70