The Wireless Network Security is the subtopic of “Communication and Network Security” that falls into the Domain 4 ofthe CISSP exam. The important topics include WAN technologies, VoIP security issues, Voice communication security issue, and common characteristics of security controls.
What are the types of WAN Technologies?
The long-haul Internet Service Providers (ISPs), whose networks spread among cities and countries, often employ WAN Technologies. There are several types of WAN technologies available today, but only those would be discussed here that are widely used and recommended for the CISSP exam.
The CSU/DSU, Channel Service Unit/Data Service Unit, is needed when digital equipment is used to establish connectivity between a LAN and a WAN. Besides, this connectivity can occur with T1 (A dedicated 1.544 Megabit Circuit) and T3 (44.736 Megabit circuit) lines, as manifested in Figure 1.
The purpose of a DSU device is to ensure the correct voltage levels and to convert the digital signals from switches, multiplexers, and routers into the signals that are transmitted over the digital lines of the service provider. On the other hand, the CSU ensures connectivity between the line of the service provider and the network.
This WAN technology runs at the Data-Link layer of the Network. Frame Relay employs packet-switching to allow multiple networks and enterprises share the same WAN bandwidth, medium, and devices.
DCE and DTE are the primary equipment used in Frame Relay’s connections. The service provider accounts for the DCE device that ensures switching and actual transmission of data in the Frame Relay’s cloud. On the other hand, the DTE device, such as switch or router, is owned by the customer.
Figure 2 shows the two independent networks, and either of them has five sites. The first WAN network is connected via Private Network Method or Dedicated lines, whereas the second is
established through Frame Relay method. The first one is costly and needs many dedicated lines. Contrarily, the second solution is cost-effective and provides more flexibility.
Exam Tip: Although Frame Relay is obsolete technology and it has limited use, it is significant for the CISSP examination.
X.25, like Frame Relay, is based on switching technology used to connect various networks. Using X.25, many subscribers can utilize the same service at the same time. Thereafter, the service provider only charges for the bandwidth that the subscribers used collectively, unlike the dedicated links, where subscribers are charged with the flat fee.
ATM, or Asynchronous Transfer Mode, is another switching-based and high-speed WAN technology, but it uses cell-switching instead of the packet-switching method. ATM’s fixed length cells are 53-bytes long, with 48-bytes data portion, and 5-bytes header.
SDLC, or Synchronous Data Link Control, is a WAN protocol for a network that uses polling media access technology for data transmission. The IBM hosts within the System Network Architecture (SNA) use this protocol as a primary solution. The environment that uses SDLC normally has primary systems that manage the communication of secondary stations as shown in Figure 3.
HDLC, or High-level Data Link Control, is a framing WAN protocol used for device-to-device communication, for example, the communication of two routers over a WAN connection.
How does Email Security Work?
The Email Security works by using several services, protocols, and solutions that attach security to Emails without requiring a complete check on their SMTP structure. These involve PGP, MIME, S/MIME and Cryptographic applications.
Multipurpose Internet Mail Extensions (MIME)
MIME is a complex specification that indicates how Email binary attachment and multimedia content are transferred. The Internet provides Email standards that tell how Email is opened, encapsulated, formatted, and transmitted.
The Email client has to add a header (with file type) to the Emails if it contains a graphic or multimedia file. For example, the header indicates that the MIME type is audio and its subtype is mp3.
Secure MIME (S/MIME)
Secure MIME is the standard for Email encryption and Email digital signature. Besides, Secure MIME ensures secure data transmission by using hashing algorithms techniques. The standard follows by Secure/MIME is Public Key Cryptography Standard (PKCS).
Pretty Good Privacy (PGP)
PGP is the public-private key system that employs a range of encryption algorithms to encrypt Email messages and files. The PGP is recommended for those companies having a small number of Email messages to be encrypted.
MIME Object Security Services (MOSS)
MOSS provides confidentiality, integrity, authentication, and non-repudiation for an Email message. MOSS uses MD2 and MD5 hashing algorithms, RSA public key, and Data Encryption Standard (DES) to provide encryption services and authentication.
What are Security Issues related to VoIP?
Voice over Internet Protocol (VoIP) is also referred to as IP Telephony. The VoIP allow us to make voice calls with the help of broadband connections instead of analog phone lines. However, the VoIP has immense security challenges, including:
The integration of VoIP with TCP/IP protocol causes various security issues because it lets the hackers to look for security flaws in VoIP systems and its architecture. Some traditional security challenges related to networks are unauthorized access, malware attacks, and posing threats to communication protocols.
The SIP-based signaling is another VoIP issue that occurs due to the absence of encrypted call channels and control signals’ authentication. The malicious users attack the SIP server and calls of the user to discover login IDs, passwords or PINs, and even phone numbers.
The Toll Fraud is another VoIP’s significant threat. To prevent this fraud, the security practitioners must ensure that the VoIP-PSTN gateways over VoIP network are secured from intrusions.
Moreover, the hacker often impersonates a VoIP server by using commands, such CHECKSYNC, RESET, and BYE to VoIP’s clients.
What Voice Communication Security Issues Should I Know?
The vulnerability of Voice Communication has associated with IT system’s security. In the past few years, the telecommunication companies have taken proactive measures to deal with voice communication issues.
The Voice Communication channels, such as PSTN, POTS, or PBX are vulnerable to eavesdropping, interception, tapping, and various other challenges.
Occasionally, the companies are required to maintain their physical securities for controlling voice communication. The vulnerability of voice communication is an important issue for sustaining company’s security policy. Therefore, the companies deploy encrypted communication techniques to thwart incoming security challenges.
What are the Common Characteristics of Security Controls?
Before selecting the security control for your company’s network communication, you must assess the various characteristics in the light of circumstances, capabilities, and security policies. However, the most common characteristics of security controls, also recommended inthe CISSP exam, include:
Transparency ensures that the information over a network is not visible to the users. Besides, it provides computing resources and remote data to the local users without uncovering the information of an intermediate network. For example, the cloud drive apparently functions at user-end but, in fact, it is hosted on the infrastructure of a cloud provider. The data passes various networks of ISPs and NSPs before storing on the storage drive of the vendor.
The integrity of a transmission can be verified using checksum (hash total). The hash total is added at the end of the message and is referred to as message digest. When this message is reached at the destination, the hash function is performed on it to compare the results with the original hash total or checksum. Another tool used for verifying integrity is Cyclic Redundancy Check (CRC).
Transmission mechanisms are types of auditing that focus on communication. Besides, they record particulars regarding source, destination, message size, identification, codes, timestamps, and the number of packets. This information can be used to track down unauthorized communication and to troubleshoot problems.
If the transmission error occurs during message transmit, the retransmission controls fix the problem and retransmit the message again.
CISSP Boot Camp
Are you aspiring for the CISSP exam? The InfoSec Institute offers the CISSP BOOT Camp Course for the candidates who want to pass the CISSP exam with top scores. The Institute has the highest pass rates (93%) in the industry. Moreover, InfoSec has been one of the most awarded (42 industry awards) and trusted information security training vendors for 17 years.