(ISC)² CISSP

CISSP domain 4: Communications and network security — What you need to know for the exam [2022 update]

April 12, 2022 by Greg Belding

The CISSP certification exam was last updated in May 2021. Domain 4 of this certification exam covers Communications and network security, and there have been some changes since the last exam update. This article will help you get a handle on the material domain 4 covers as a whole and what has changed.

When demonstrating mastery, a full understanding of the fundamentals is paramount. Securing information systems, communications, and network security are fundamental elements of this corner of Information Security. Whether it be micro-segmentation, Wi-Fi networks or even a user’s voice, communication and network security underpin information system security.

CISSP domain 4: Communications and network security

Communications and Network Security is the fourth domain of the eight domains covered in the CISSP certification exam and accounts for 13% of the exam material. This certification exam was most recently updated in May 2021 and covered some updated exam subdomains. The current domain 4 subdomains and objectives are:

Assess and implement secure design principles in network architectures

  • Open system interconnection (OSI) and transmission control protocol/internet protocol (TCP/IP) models
  • Internet protocol (IP) networking (e.g., internet protocol security (IPSec), internet protocol (IP) v4/6)
  • Secure protocols
  • Implications of multilayer protocols
  • Converged protocols (e.g., fiber channel over ethernet (FCoE), internet small computer systems interface (iSCSI), voice over internet protocol (VoIP))
  • Micro-segmentation (e.g., software defined networks (SDN), virtual eXtensible local area network (VXLAN), encapsulation, software-defined wide area network (SD-WAN))
  • Wireless networks (e.g., Li-Fi, Wi-Fi, Zigbee, satellite)
  • Cellular networks (e.g., 4G, 5G)
  • Content distribution networks (CDN)

Secure network components

  • Operation of hardware (e.g., redundant power, warranty and support)
  • Transmission media
  • Network access control (NAC) devices
  • Endpoint security

Implement secure communication channels according to design

  • Voice
  • Multimedia collaboration
  • Remote access
  • Data communications
  • Virtualized networks
  • Third-party connectivity

Below is additional information regarding communication and network security that will assist you as you get ready for the CISSP certification exam, focusing on new material covered by this domain. Further information, such as a full listing of the domains and CISSP linear examination weights, can be found in the CISSP exam outline.

Enter assessment and the 2021 CISSP update

The 2021 update of the CISSP exam contains the word “Assess” for the first time as part of a subdomain. It is similar to how an information security consultant or professional will assess an organization’s network architecture to confirm if it uses secure design principles and is thereby a little more real-world centered than previous exam updates.

Comparative protocols

While open system interconnection, or OSI, is the most commonly seen network model on the CISSP certification exam, you will still need to know the TCP/IP model and its corresponding layers. The comparative chart below will help you organize this information.

OSI Model TCP/IP Model Layer Number
Application Application 7
Presentation Application 6
Session Application 5
Transport TCP (host to host) 4
Network IP 3
Data link Network access 2
Physical Network access 1


Secure protocols

New for the 2021 CISSP exam update as an objective of the subdomain, assess and implement secure design principles in network architectures is secure protocols. This objective covers the following prevalent secure protocols:

  •       Kerberos
  •       SSL and TLS
  •       SFTP
  •       SSH
  •       IPSec

Micro-segmentation

The 2021 CISSP update contains an expanded section on micro-segmentation (before only software defined networks (SDN) was covered). This domain will cover:

  •       SDN
  •       Virtual extensible local area network (VXLAN)
  •       Encapsulation
  •       Software defined wide area network (SD-WAN)

Network access control (NAC) devices

Controlling the physical access to network equipment is not where security stops.  Rather, networks need to also be protected by logical controls.  Devices that help in this regard are:

  •       Stateful and stateless firewalls
  •       Intrusion detection and prevention devices
  •       Proxy and reverse proxy servers

Secure your endpoints!

The most important part of your network to secure, and often the most difficult, is your network’s endpoints. You can use many different technologies and methods to secure your endpoints, such as multi-factor authentication, network encryption, VPN tunnels, anti-virus and anti-malware software, volume encryption, remote access etc. You shouldn’t rely on just one of these to secure your endpoint, but instead, deploy as many as you can that will form a strong fist of protection. Other endpoint protection methods that you should be familiar with are automated patch management, application allowlisting, and restricting the use of removable media.

Find your network’s “voice”

These days, voice protocols are becoming common traffic on organizational networks. Not only can voice be treated as a form of data on networks, but in many cases, it receives priority over other non-voice data covered by established levels of quality of service (QoS) set by the organization. With virtual meeting software being increasingly used by organizations, voice data will continue to eat up high amounts of network bandwidth going into the future.

Remote access

One thing the pandemic has brought to the world in terms of workplace change is remote access by employees. Many job roles can now be performed anywhere thanks to this technology, normally using a Virtual Private Network (VPN) to access organization resources that were formerly sequestered from anyone outside of the organization’s premises. Virtual desktop infrastructure (VDI) and Remote desktop services (RDS) can be used to give the employee the same experience from their home that they would have if they were physically sitting in front of their PC in their office.

Understanding domain 4

Communication and network security are not merely the “boots on the ground” end of securing information systems, but rather, it is where the proverbial rubber meets the road. Information systems reside on physical networks with their cybersecurity defined by communication protocols, so it is the heart of information security in many senses. The concepts above will help you keep on top of the 2021 CISSP exam update.

For more information on the CISSP certification, view our CISSP certification hub.

Sources

Posted: April 12, 2022
Author
Greg Belding
View Profile

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.

Leave a Reply

Your email address will not be published.