Exam Essentials: Chapter 12

Posted byChrisPosted inUncategorized

Chapter 12: Secure Communications & Network Attacks

Understand the issues around remote access security management

  • Remote access security management requires that security system designers address the hardware & software components of an implementation along with issues relating to policy, work tasks & encryption.

Be familiar with the various protocols and mechanisms that may be used on LANs and WANs for data communications [TODO]

  • These are:
    • SKIP
    • SWIPE
    • SET
    • PPP
    • SLIP
    • CHAP
    • PAP
    • EAP
    • S-RPC
    • VPN
    • TLS/SSL
    • VLAN

Know what tunnelling is

  • Tunnelling is the encapsulation of a protocol-deliverable message within a second protocol. The second protocol often performs encryption to protect the message contents.
  • VPNs are based on encrypted tunnelling.
    • They can offer authentication & data protection as a point-to-point solution.
    • Common VPN protocols are PPTP, L2F, L2TP and IPSec.

Be able to explain NAT

  • NAT protects the addressing scheme of a private network, allows the use of private IP addresses, and enables multiple internal clients to obtain internet access through a few public IP addresses.
  • NAT is supported by many security border devices, such as firewalls, routers, gateways & proxies.

Understand the difference between packet switching & circuit switching

  • In circuit switching, a dedicated physical pathway is created between the two communicating parties.
  • Packet switching occurs when the message or communication is broken up into small segments and sent across the intermediary networks to the destination.
    • Within packet switching systems are two types of communication paths (or virtual circuits): permanent virtual circuits (PVCs) and switched virtual circuits (SVCs)

Understand the difference between dedicated and non-dedicated lines

  • A dedicated line is always on and is reserved for a specific customer. Examples of dedicated lines include T1, T3, E1, E3 and cable modems.
  • A non-dedicated line requires a connection to be established before data transmission can occur. It can be used to connect with any remote system that uses the same type of non-dedicated lines. Standard modems, DSL and ISDN are examples of non-dedicated lines.

Know various issues related to remote access security

  • Be familiar with:
    • remote access
    • dial-up connections
    • screen scrapers
    • virtual applications/desktops
    • general telecommuting security concerns.

Know the various types of WAN technologies

  • Know that most WAN technologies require a channel service unit/data service unit (CSU/DSU), sometimes called a WAN switch.
  • There are many types of carrier networks & WAN connection technologies, such as:
    • X.25
    • Frame Relay
    • ATM
    • SMDS
    • SDH
    • SONET
  • Some WAN connection technologies require additional protocols to support various types of specialised systems or devices.

Understand the differences between PPP & SLIP

  • The Point-to-Point Protocol (PPP) is an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links.
  • PPP includes a wide range of communication services, including:
    • assignment & management of IP addresses
    • management of synchronous communications
    • standardised encapsulation
    • multiplexing
    • link configuration
    • link quality testing
    • error detection
    • feature/option negotiation (e.g. compression)
  • PPP was originally designed to support CHAP & PAP for authentication. Recent versions also support MS-CHAP, EAP and SPAP.
  • PPP replaced SLIP (Serial Line Internet Protocol). SLIP offered no authentication, supported only half-duplex comms, had no error detection capabilities, and required manual link establishment & teardown.

Understand common characteristics of security controls

  • Security controls should be transparent to users.
  • Hash totals & CRC checks can be used to verify message integrity.
  • Record sequences are used to ensure sequence integrity of a transmission.
  • Transmission logging helps detect communication abuses.

Understand how email security works

  • Internet email is based on SMTP, POP3 and IMAP. It is inherently insecure.
  • It can be secured, but the methods used must be addressed in a security policy.
  • Email security solutions include using S/MIME, MOSS, PEM or PGP.

Know how fax security works

  • Fax security is primarily based on using encrypted transmissions or encrypted communication lines to protect the faxed materials.
  • The primary goal is to prevent interception. Activity logs and exception reports can be used to detect anomalies in fax activity that could be symptoms of attack.

Know the threats associated with PBX systems and the countermeasures to PBX fraud

  • Countermeasures to PBX fraud & abuse include many of the same precautions you would employ to protect a typical computer network:
    • logical or technical controls
    • administrative controls
    • physical controls.

Understand the security issues related to VoIP

  • VOIP is at risk for:
    • Caller ID spoofing
    • Vishing
    • SPIT
    • Call manager software/firmware attacks
    • Phone hardware attacks
    • DoS
    • MitM
    • Spoofing
    • Switch hopping

Recognise what a phreaker is

  • Phreaking is a specific type of attack in which various types of technology are used to circumvent the telephone system to make free long-disstance calls, alter the function of telephone service, steal specialised services, or even cause service disruptions.
  • Common tools of phreakers include black, red, blue and white boxes.

Understand voice communications security

  • Voice communications are vulnerable to many attacks, especially as voice communications become an important part of network services.
  • You can obtain confidentiality by using encrypted communications.
  • Countermeasures must be deployed to protect against interception, eavesdropping, tapping and other types of exploitation.
  • Be familiar with voice comms topics, such as POTS/PSTN, PBX & VoIP.

Be able to explain what social engineering is

  • Social engineering is a means by which an unknown person gains the trust of someone inside your organisation by convincing employees that they are, for example, associated with upper management, technical support or the helpdesk.
  • The victim is often encouraged to make a change on the system, such as reset their password, so the attacker can use it to gain access to the network.
  • The primary countermeasure for this sort of attack is user training.

Explain the concept of security boundaries

  • A security boundary can be the division between one secured area and another secured area.
  • It can also be the division between a secured area and an unsecured area.
  • Both must be addressed in a security policy.

Understand the various network attacks & countermeasures associated with communications security [TODO]

  • Communication systems are vulnerable to many attacks, including:
    • DDoS
    • eavesdropping
    • impersonation
    • replay
    • modification
    • spoofing
    • ARP & DNS attacks
  • Be able to supply effective countermeasures for each.

Leave a comment

Design a site like this with WordPress.com
Get started