In this article, we look at the CISSP module “Securing Network Components”. We will learn about Hardware devices, transmission media, endpoint security and network access and control devices.
Hardware and the CISSP
Below are some of the hardware devices types/ terminologies that are important w.r.t CISSP exam.
Modem converts digital signals to analog signals and vice-versa. When connected to a computer, it converts digital signal to analog to be sent over phone line. On the receiving’s end, it converts analog signal to digital signal and send it to the connected device.
Hubs are used to implement a star topology. It re-transmits signal from each port to all other ports. However, it has below disadvantages:
All connected devices can read and potentially modify the traffic.
Operates as a single point of failure for all the components.
Concentrators multiples connected devices into one signal to be transmitted n a network. For example Fiber Distributed Data Interface (FDDI) concentrator multiplexes transmissions from connected devices to FDDI ring.
Layer 2 devices
Bridges are layer 2 devices that filter traffic segments based on MAC address. One of the limitations of layer 2 devices is that only identical layer 2 architectures can be connected with a simple bridge. Also, bridges cannot prevent an intruder form intercepting traffic on local segment.
Switches are another example of devices operating at layer 2. They establish a collusion domain per port which enabled more efficient transmission. Switches comes with many security features like port blocking, MAC filtering, port authentication, Virtual LAN’s etc.
Layer 3 devices
Routers operate at layer 3 as they read the IP address in the packet and re-route packets based on the implemented algorithm. Routers can be used to interconnect different technologies for example a Token Ring network can be connected Ethernet network. They most common usage it to connect LAN to WANs.
There are now layer 3 switches as well which can make switching decisions based on either MAC or IP address.
Firewall filter traffic based on the rule set. Rule set is a set of rules which instructs firewall to either drop or forward a packet based on conditions. These are normally placed at internet gateways but should also be present internally between different segmentations. Firewall filter traffic based on below two important conditions:
By Address: Firewall uses the IP address to determine whether a packet should be dropped on forwarded.
By service: Firewall can also filter the traffic based on the service.
Firewall provides two basic level of filtering:
Static Packet Inspection: Firewalls inspects each packet as an individual packet and not a stream which means it does not evaluate the packets based on the context but rather on hard core rule set.
Stateful Inspection: Each packet is inspected in the context of a session. This is very important o observe traffic/attack vectors which requires a session to be stateful.
CISSP Training – Resources (InfoSec)
Transmission Media and the CISSP
Below are some of the cable types used as a transmission media.
Twisted Pair: Pair of copper wires are twisted together to reduce electromagnetic interference and cross talk. Quality of cable is determined by the number of twists per inch, type of insulation and conductive material.
Unshielded Twisted Pair: Since UTP does not have a shield, it is susceptible to interference. Interception on this wire can be done by installing tap on the cable.
Shielded Twisted Pair: STP uses electronically grounded shield to protect he signal from any interception.
Coaxial Cable: A non-conducting layer is placed between 2 layers to insulate them. Also it supports greater bandwidth and linger cable lengths. It also makes hard for an intruder to intercepts the signals.
Fiber Optic: They uses light pulses to transmit information. In this at one end there is a transmitter which accepts coded electronic pulse information from copper wire. The information is then processed and translated into equivalently coded light pulses. It all works on the principle of total internal reflection. According to this principle, when the angle of incidence is greater than a defined value, then the light bounces back in and travels till the end in the same fashion. There are 3 types of fiber optic cables commonly used:
Single Mode: This mode has small diameter which decreases number of light reflections within the cable.
Multimode: This mode uses a larger distance thus light reflections subsequently increases.
Plastic Optical Fiber: It uses a plastic core and has a larger diameter. However with plastic as a core, distortion of signal increases and the signal range is reduces significantly.
Network Access and Control Devices
A proxy firewall mediates traffic between endpoints. It is used to hide the internal servers from directly communicating with end-users. These are often placed at Internet Gateways. There are different types of proxies:
Circuit-Level Proxy: This type of proxy is simple relay between client and server. It does not inspect any data contained in the payload which might miss some malicious content.
Application level proxy: These types of proxies checks the data contained the payload to look out for any malicious content because of which they add little overhead to overall processing.
Network Address Translation
Firewalls generally achieve anonymity of the traffic by performing NAT on the destined outward traffic. Under this, a non-routable address is converted to a routable address and forwarded to the internet router. NAT helps a major role to prevent exhaustion of IPV4 addresses till date.
Port Address Translation
It is an extension to NAT by translating port number in the packet to a unique value. It allows firewalls to keep track of multiple sessions that are using PAT.
Endpoint Security and the CISSP
Endpoints like workstations, laptops, mobiles etc. should be hardened with stricter policies and security solutions. Some endpoint hardening solutions include:
Upto-date antivirus and antimalware software, HIPS etc.
Patched OS and third party software’s.
Hardened OS policies like disabling unused services, ports etc.
For mobile devices, remote management capabilities like remote wipe etc.
Encryption of devices or for sensitive information.
Secure access to shares.
Content-Distribution Network and the CISSP
CDN’s are not new and have been around for almost 15 years is a large distributed system of servers deployed in multiple data centers across the internet. Main goal of CDN is to provide high availability and performance to end-users. The way data is distributed across geographies comes with a risk factor that must be analyzed from security perspective.
So, in this article we looked at Hardware, CDN, Network access control devices and endpoint security solutions.