CISSP Domain 4 Communication and Network Security Cheat Sheet


Cable Modems

Cable modems are used by Cable TV providers to provide internet access. Broadband has multiple channels so dedicating bandwidth for network services requires dedicated channels for that puprose.

CallBack & Caller ID

  • Callback- modem based authentication system – System calls the user back based on the initial caller’s number
  • Caller ID – similar method: in addition to username and password it requires calling the correct phone number. Caller ID easil fordged making it a weak form of authentication.

Remote desktop Console Access

Remote desktop (TCP 3389) and VNC (TCP 5900) allow for graphical access of remote systems. They are often run through IPSEC VPN, SSH or SSL tunnel to ensure integrity. There are new approaches such as reverse tunnel model where user establishes and encrypted outbound connection to an centralized server outside which the user can authenticate to to (from the outside) to gain access such as Critic GotoMYPC and LogMeIn. This requires an installation of a small agent on the users desktop.

Desktop and Application Virtualization

VDI – virtual desktop infrastructure provides users access to a desktop hosted in a centralized virtual infrastructure. As opposed to providing full desktop environments, an organization can choose to simply virtualize key applications that can be served centrally. This is much like thin clients, mainframes and terminal servers in the past allowing for economies of scale and security advantages such as tightly controlled desktop and application environments. Patching and maintaining desktops to a security baseline becomes easier.

Screen Scraping

VNC is a screen scraping technology that packetize the display of a system being used for remote access. RDP does NOT use screen scraping.

Instant Messenger

Instant messaging allows for two or more users to communicate with each other via real time chat. IRC (internet relay chat – TCP 6667) is a old protocol used for this purpose. It can be used by malware to perform phone home to a C&C channel. AOL AIM, ICQ and XMPP (Extensible Messaging and Presence Protocol – Jabber) are other chat protocols. Chat software maybe subject to various security issues including remote exploitation and must be patched like other software. Organizations should have a policy controlling the user of chat software and technical controls in place to monitor and if necessary block their usage.

Remote Meeting Technology

Is a newer technology that allows users to conduct online meetings via the internet such as Gotomeeting, Office live Meeting, Webex. Many of these technologies are designed to tunnel through outbound SSL or TLS traffic. Often times these solutions may bypass existing remote access controls and must be understood, controlled and compliant with applicable policy.

PDAs

Personal Digital Assistants – Apple IOS, Windows Mobile, Blackberry and Google Android are OSes of such devices. They are often powerful enough to be sometimes used as laptops or desktops. Two major issues regarding PDA security are data loss due to theft or loss of device and wireless security. Sensitive data should encrypted. A PIN should be used to lock the device and the device offering remote wipe capability is an important control. PDAs should use secure wireless connections and if BT is used sensitive devices should be have automatic discovery disabled.

Wireless application Protocol

WAP was destined to provide secure web services to handle wireless devices such as smart phones. WAP is based on HTML, and includes HDML (handheld device markup language). Authentication is provided by Wireless Transport layer Security (WTLS) which is based on TLS. A WAP browser is a microbrowser, simpler than a full web browser, and requiring fewer resources. It connects to a WAP gateway which is a proxy server designed to translate Webpages. The microbrowser access sites written WML which is based on XML.

Content Distribution Networks

Content distribution networks or content delivery networks addresses latency problems but use a series of distributed caching serves to improved performance. It automatically determines the closest server to the end users to service the content. Examples are Akamai, Amazon Cloudfront, Cloudflare, Microsoft Azure. They increase availability and can reduce effect of DoS.

Related Posts with Thumbnails