CISSP Domain 4 Communication and Network Security Cheat Sheet

Network Architecture and Design

Network Defense-in-depth

Anyone control may fail, so multiple controls are always recommended. Routers, Firewalls, IPS, hostbased protections, Antivirus, patching and user awareness training should all be used in concert so that failure of one control should not lead to compromise.

Fundamental Network Concepts

Simplex, Half Duplex and Full Duplex Communication

  • Simplex – One way – like car radio tuned to one channel
  • Half-Duplex – Sends and receives at one time only (not simultaneously) – like walkie talkie
  • Full-Duplex – Sends and receives simulataneously – like face to face communication

Baseband and Broadband

  • Baseband – One channel and can only send one signal at a time – Ethernets, 100bastT
  • Broadband – Mulitple channels can be sent at a time – Cable TV, Radio

Analog and Digital

  • Analog – Old phone networks, communications that are sent in waves to our ears – Vinyl record
  • Digital – Communications that transfers in bits of ones and zeroes – CD, DVD etc


  • LAN – Local Arean Network – small network confined to a building or an area within one
  • MAN – Metropolitan Network – network confined to a city, zip code, campus, or office park
  • WAN – Wide Area Network – network covering cities, stats, or countries
  • GAN – Global Area Network – A global collection of WANS – Global Information Grid (GIG) is US DoD GAN
  • PAN – Personal Area Network – Range of 100M or less, low powered devices such as BT use PANs

Internet, Intranet, and Extranet

  • Internet – Global collection of networks running TCP/IP providing best effort service
  • Intranet – Privately owned network running TCP/IP – company network
  • Extranet – Connection between private intranets such as connections to a business partner

Circuit-Switched and Packet-Switched Networks

  • Circuit Switched – Original Voice networks, a dedicated circuit or channel providing dedicated bandwidth between two end nodes. Once a channel or circuit is connected it is dedicated to that purpose, even while no other data is being transferred.
  • Packet switches – Researched and designed by ARPAnet. Instead of dedicated circuits, data is broken down into packets each sent individually allowing it to choose the best route and fall back routes if neccessary. Packets can be retransmitted, reassembled and allow for better bandwidth utilization.

Quality of Service

Packet switched networks may use Quality of Service (QoS) to give specific traffic preference over other traffic. QoS is often applied to VOIP traffic to avoid interruption.

Layered Design

OSI and TCP/IP models are designed in layers so that the complexity of the functionality of one layer is contained within the layer, so that changes in one layer do not directly affect another.

Models and Stacks

  • Network Model – description of how a network protocol suite operates – OSI, TCP/IP
  • Network Stacks – is a network protocol suite programmed in software or hardware – such as TCP/IP

OSI Model

Layer 1 – Physical

Describes units of data such as bits represented by energy and the medium used to carry them – light, electricity, radio waves, copper, fiber optics. Cabling standards such as thinnet, thickent, UTP exist on layer 1. Devices include hubs and repeaters.

Layer 2 – Data Link

Handles access to the physical layer as well as local area network communication. Ethernet card and it’s MAC (Media Access Control) address are at layer 2 as are switches and bridges. Layer 2 is divided into two sublayers: Media Access Control (MAC) and Logical Link Control (LLC). The MAC layer transfers data to and from the physical layer. LLAC handsles LAN communications. MAC touches layer 1 and LLC touches layer 3.

Layer 3 – Network

The network layer describes routing: moving data from a system on one LAN to a system on another. IP addresses and routers exist at Layer 3. Layer 3 protocols include IPv4 and IPv6.

Related Posts with Thumbnails

About the Author

Alfred Tong
Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV