The dreaded OSI model, there’s no way around it, PDNTSPA or Please Do Not Throw Sausage Pizza Away, or Physical, Data Link, Network, Transport, Session, Presentation, and Application. This one you’ve just got to memorize and know what happens at each layer, and then once you get that down and you know which networking devices operate at which level, you can switch gears and go to the TCP/IP model. The TCP/IP model is NITA (Now It’s Totally Awesome). No that’s not “need a” (as in a drink) it’s NITA or Network, Internet, Transport and Application. So here’s the comparison:
|OSI MODEL||TCP/IP Model|
And remember, you need to know which networking devices operate at which layer. For example, which layer do routers work at???? Hint (3)
For TCP/IP you need to understand IPv4. Know the Private Addresses, there’re three of them. And you’ll need to know the advantages of IPv6. So the trick question is, since the address range of an octet within the IPv4 addressing scheme is 0-254; is 10.10.10.255 a valid IP address and if you say yes, then what is it used for? In IPv6 what does “::” represent. The answer=nothing. Actually it’s zeroes. But same difference.
You should understand the differences between Analog and Digital communications; between Asynchronous and Synchronous; and between broadband and baseband. Speaking of analog communications, what is the major disadvantage of using modems? Answer: They can be used to circumvent your firewall and IDS/IPS devices.
For the area networking conversation, you need to know the traditional terms LAN, WAN, MAN, PAN, WLAN, PWLAN, etc. You’ll also need to know the configurations of BUS, STAR, RING, and MESH. A good question is in which configuration would you most likely find a Hub.
And speaking of hubs, let’s talk a little about the different devices you should be on speaking terms with. Namely they are hubs, switches, repeaters, bridges, gateways, PBXs, firewalls and honeypots just to name a few. You’ll need to figure out which ones simply forward all traffic; which ones filter traffic based on MAC address and which ones are easiest to hack.
In some of the services and protocols, check out DNS, particularly read the details behind zone transfers and how they work. Then look at DHCP, Active Directory services, LDAP and Kerberos. Pay particular attention to which ports Kerberos uses and which protocol is used for communicating between the client and Kerberos.
Remote access is getting a lot of attention from (ISC)2, so pay particular attention to how RADIUS authenticates, why ISDN (It still does nothing) isn’t a good choice, why VPN is rapidly becoming the de facto standard for secure remote communication and why modems should NEVER be allowed in your network.
Wireless, ah wireless. It’s everywhere. Most establishments advertise “FREE WIFI” And each time a security professional sees that they cringe, it’s like hanging a sign around your neck saying here are my userid and password credentials. But seriously, let’s take a look at some of the topics you’ll need to become familiar with for the exam. So for a laundry list of acronyms, WEP, WPA, WPA2, 801.x (and all forms of 801 – 802.11 including A,B,G,N,I) and let’s not forget SSID. Don’t broadcast the SSID. That’s the answer, you just have to remember it when you get to the question on the exam. You’ll also need to understand WARDRIVING and WARDIALING and air sniffing. Oh, and before I forget, let me answer by Blackberry with my remote earphone using Bluetooth. Several questions are showing up on Bluetooth including bluescanner and bluesniffer. I’ve even seen some questions on a more recent version which deal with Apple’s wireless communication for iPads.
As a final note, instant messaging (IM) falls under the realm of network security and you will need to understand the implications of sending sensitive data via IM. In a word, DON’T!!!!
See you next week for Crypto.