CISSP Lesson 2

1. Physical - electrical and mechanical level(x.21, HSSI,MAC address)
2. Data Link - prep for transfer of data(PPP, SLIP, ARP)
3. Network - handles data routing(IP,ICMP)
4. Transport - negotiates the data exchange(TCP,UDP,SPX)
5. Session - coordinates conversations between apps(NFS,SQL,RPC)
6. Presentation - o/s that associates types of files to programs(TIFF,JPEG,MPEG)
7. Application - not the app, but supports the end-user app process(HTTP,FTP,SMTP,TELNET)

1. Link(Network Access) - x.25,ethernet,token ring, frame relay(layers 1 & 2 of OSI)
2. Network(Internet) - IP, ARP, ICMP, IPsec) (layer 3 of OSI)
3. Transport(host-to-host) - TCP, UDP (layer 4 of OSI)
4. Application - HTTP, FTP (layers 5-7 OSI)
3.

Address Resolution Protocol - ARP matches ip address to an ethernet address.

Internet Control Message Protocol - used for diagnostics and error correction.

network nodes are connected by unidirectional transmission links to form a closed loop.(token and FDDI)

Nodes are connected to every other node in the network. Backbone redundant.

All transmissions of the network nodes travel the full length of the cable and are received by all stations. (Ethernet)

A version of bus that invorporates the use of branches

Most used today. Nodes are connected to a central LAN device directly.

Point-to-Point - i.e. Dial-up Networking (DUN)

Password Authentication Protocol - not encrypted but typically easy to implement on any network

Challenge Handshake Protocol - authentication using an encrypted key.

Serial Link Internet Protocol - connecting one network to another over a single physical line or via modems.

Extensible Authentication Protocol, Transport Layer Security - both client and server authenticate over TLS. Digital certificates are used.Can be confident user is authorized.

Tunneled TLS

Protected EAP - like EAP-TLS but easier to administer but less secure due to lack of client-side certificate.

Frequency Hopping Spread Spectrum - Provides no error recovery. Splits available signal bandwidth and segments it.

Direct Sequence Spread Spectrum - Splits contents of message into smaller bits and decoded at receiver end.

Wireless Application Protocol - over the internet

Wired Equivalent Privacy - uses shared secret between client and access point. Can be decrypted in a short time.

WiFi Protected Access - uses TKIP

WEP Protected Access 2 - Supports IEEE 802.1ix authentication

access through a preprogrammed, unknown access point using DUN or external network connection

Interception of network communication either passive or active

Accessing the system with another user's valid entery, via incorrect logoff or open session.

Taking control of another user's network connection, via IP spoof.

Convincing a network device to perform an authorized action by masquerading as a trusted user, resource, or file.

Users using their user name and password to access data they are not authorized for.

DoS attack - receipt of an excessive amount of data.

DoS attack - causes severe congestion with ICMP ping response methods.

DoS Attack - A buffer of the TCP initialization flooded with connection requests.

DoS Attack - An altered offset field in IP packets confusing the system, causing it to crash.

2 NICS, one on internal side and one on external side

Uses a router to filter data before the data reaches the firewall.

Uses an external router to review data and bounce back as necessary before reaching the subnet.

1. Failure Resistant Disk System(FRDS)
2. Failure Tolerant System.
3. Disaster Tolerant System.

only FRDS is currently developed.

1. Differential - copy all cumulative changes since last full. (takes more space than incremental)
2. Incremental - copy data changes since the last full.
3. full

D - minimal protection
C - discretionary protection
C1 - discretionary security protection
C2 - Controlled Access Protection (No off the shelf system goes higher than this)
B - Mandatory protection
B1 - Labeled Security Protection
B2 - structured protection
B3 - security domains
A1 - verified protection