CISSP: Secure communication channels
This article is part of our CISSP certification prep series. For more CISSP-related resources, see our CISSP certification hub.
What do I need to know about secure communication channels for the CISSP certification exam?
Definition and examples of secure communication channels
Communication channels can be thought of as the means of transmission of information between devices and users on a network. The rate at which mobile technologies have been adopted in recent years has led to much greater intercommunication between device types. The standard by which these devices connect to one another is called unified information and communications systems, and is widely seen as a good thing for ease of use and setup for many different classes of devices.
The problem with this standard is that it also opens up more opportunities for attackers to exploit security weaknesses within popular technologies such as:
- Multimedia collaboration
- Remote access
- Data communications
- Virtualized networks
We will take a look at each of these attack vectors and see what precautions need to be taken in order to secure devices on your network. Understanding these concepts will help you to prepare for your CISSP exam, as these topics are covered in Domain 4.3 of the exam outline documentation. If you are sitting for your exam after 15 April 2018, your exam objectives can be found here.
Voice communication covers many different technologies, which means that you will need to be familiar with systems such as:
- PBX (private branch exchange)
- POTS (plain old telephone system)
- VoIP (Voice over Internet Protocol)
Learning about voice technologies is essential because it is still one of the most costly services that companies incur, so being able to effectively manage, investigate, and administer is really important. If outside users are able to use your voice services fraudulently, your company may be liable if crimes are committed with your services. International toll fraud is also costly, and can come about from unsecured phone systems.
Multimedia collaboration includes applications such as instant messaging programs, video conferencing, and other real-time collaboration tools. These tools reinforce the notion of convergence technologies because they are able to carry voice, data, text, and video all in a single application over the Internet instead of over separate networks. You will need to understand the risks associated with:
- VoIP—This includes session controls and signalling protocols that relate to the notification and setup of calls. Candidates must also be familiar with codec software that converts audio and video into digital frames as well as open VoIP protocols such as H.323 and SIP (session initiated protocol). Understanding how SIP provides integrity protection with MD5 hash functions and encryption such as TLS is also important for the CISSP exam. VoIP security must also be understood.
- Remote Meeting Technology—This technology allows users to collaborate by sharing control of remote desktops, file sharing, chat functions, voice, and video. These technologies are vulnerable to unauthorized participation, eavesdropping, spying, data leakage, and communications interception. To prevent this, mitigating technologies must be employed, such as firewall restrictions, data encryption, authentication security measures, computer management policies, and user awareness training.
- Instant Messaging and Chat—Initially introduced as text-based communication, many of these applications now include voice, video, file sharing, and remote control. Understanding that instant messaging (IM) technologies can be peer-peer or client-server relationships and all of the threat vectors that are associated with IM and chat is also important. These threats include malware distribution and social engineering.
- Content Distribution Network—A CDN is a system of interconnected machines that provide large-scale services such as internet service providers (ISPs) and network operations. CDNs serve end users with high-speed connections and high availability. You need to understand concepts such as hybrid models (peer-to-peer and server-to-client connections), as well as the corresponding threat vectors, such as unauthorized bandwidth usage, P2P malware attacks, malicious executable files, and unauthorized system access.
Remote access was originally designed with dial-up systems in mind, allowing home-based users and traveling users the ability to access the internal network from a dial-up modem connection. This technology reduces the cost of a dedicated leased line, and was seen as a more affordable method for letting people connect to the system while out of the office. The RAS server would then authenticate the user based on the credentials that they entered and users would be able to access the corporate network with them. VPN and tunneling protocols must be firmly understood, and examples of these are:
- Remote Access Services
- Dial-up and RAS
- Old Dial-up Remote Protocol
- Authentication Protocols such as CHAP, PAP, EAP.
- Modern VPN protocols: PPTP, L2TP/IPSec SSL/TLS SSTP, Modern Authentication Protocols (VPN) MSCHAP v2 and EAP.
- Point-to-Point Protocol
- Microsoft Remote Desktop Protocol (RDP) Remember that it uses port 3389
- Secure Shell (SSH) Remember that it uses port 22 and that it is more secure than Telnet. Telnet transmits passwords in plain text and is therefore not secure.
Candidates must be familiar with the following secure communications protocols:
- SSL (Secure Socket Layer)
- TLS (Transport Layer Security)
- swIPe (Swipe IP Security Protocol)
- S-RPC (Secure Remote Procedure Call)
- SET (Secure Electronic Transaction)
- PAP (Password Authentication Protocol)
- CHAP (Challenge Handshake Authentication Protocol)
- EAP (Extensible Authentication Protocol)
A virtualized network, also known as a software-defined network (SDN), is a collaboration of software and hardware to create a network that is bound and controlled by the software component. A virtualized network is a collection of ports on a managed switch that are configured via software, allowing changes to be made to the network layer without the need to change any physical components of the network. This means that the connections of the local area network can be changed via the application. Components that you will need to be familiar with are:
- Virtual Switches: Remember that they have existed within hypervisors for a long time but now they are able to link hypervisors together. SDNs are flexible and elastic, and they can be configured remotely to effect network wide changes to traffic. They are centrally managed and are interoperable with many different protocols. They are dynamic and can be automatically provisioned and configured.
- Virtualized Network Storage: Also known as software defined storage, SDS is storage management software that can make off-the-shelf hardware like NAS units behave like SAN equipment.
- Virtualized Networks Segmentation: Also known as private virtual local area networks (PVLANs), these systems add extra features to VLANs, but virtually. This allows for the creation of private groups within your network, and can also provide features such as port isolation and enhanced routing features. A primary PVLAN is just a VLAN that has been segmented into smaller groups, while a secondary PVLAN exists only inside of a Primary PVLAN, has specific VLAN IDs, and has a physical switch associated with the behaviour of each packet with a VLAN ID.
The CISSP has been described by many as the “inch deep, mile wide” certification because of the many subjects that it goes into, without overwhelming depth. The CISSP is one of the most highly sought-after certifications in information security at present and it is a must-have qualification for anyone who is hoping to pursue a career in cybersecurity.
Candidates who are considering taking this exam should check out Infosec’s CISSP Bootcamp. If you are looking to get a head start on this certification, more information can be found here.