CISSP Domain 4 Communication and Network Security Cheat Sheet


LAN Physical Network Topologies

Bus

Connects network nodes in a string. Each node inspects data that is passes along. Single cable failure causes entire network to go down.

Tree

Aka Heirachical network with a root node. Legacy topology where root is often a mainframe.

Ring

Connects nodes like a ring.

Star

Dominant physical topology for LANs. Better fault tolerance but require more cabling.

Mesh

Can be partial or fully meshed. Has superior availability with redundant paths which is often used for HA or load sharing.

WAN Technologies and Protocols

T1,T3,E1,E3

  • T1/D1 (US) – 1.544Mbit/s – 24 DS0 Channels – copper telephone circuit
  • T3/D3 (US) – 44.736Mbit/s – 28 T1s
  • E1 (EUR) – 2.048Mbit/s – 30 Channels
  • E3 (EUR) – 34.368Mbit/s – 16 E1s

SONET – Synchronous Optical Networking carries multiple T circuits over fiber using physical fiber ring.

Frame Relay

Packet switched layer 2 WAN protocol that provides no error recovery that focuses on speed. Frame relay mulitplexes multiple logical connections over a single physical connection to create a virtual circuits. A PVC (Permanent Virtual Circuit) is always connected. a SVC (Switch virutal circuit) sets up each call, transfer data and terminates the connection after idle timeout. Frame Rela is addressed locally via Data Link Connection Indentifiers (DLCI).

X.25

Older packet switched WAN protocol. It performs error correction that can add latency on long links. It can carry TCP/IP which has it’s own relability therefore there is no need take the extra performance hit by providing reliability at the X.25 layer.

ATM

Ayschronous Transfer mode is a WAN technology that uses fixed legnth cells. ATM cells are 53bytes long with a 5 byte heade and 48 byte payload. SDMS (Switched Multimegabit Data Service) is older and similar to ATM also using 53-byte cells.

MPLS

Multpliprotocol Label Switching (MPLS) provides a way to forward WAN data via labels via a shared MPLS cloud network. Decisions are made based on the label and often used to carry voice and data. Since it is a cloud network, connections no longer need to be point to point thus simplifies WAN routing schemes.

SDLC and HDLC

Synchronous Data Link control (SDLC) is a synchronous Layer 2 WAN protocol that uses polling to transmit data. Polling is similar to token passing; the difference is a priamry node polls secondary nodes which can transmit data when polled. Combined nodes can act a primary or secondary. SDLC supports NRM transmission only. High-level Data Link control (HDLC) is a successor to SDLC. HDLC adds error correction and flow control, as well as two additional modes (ARM and ABM).

  • NRM – Normal reponse mode – secondary nodes can transmit when given permission by the primary
  • ARM – Asyncrhonous Response mode – Secondary nodes may iniate communication with the primary
  • ABM – Asyncrhonous Balanced mode – Combined mode where nodes may act as primary or secondary, intiating transmissions without receiving permission.

Convered Protocols

DNP3

Distributed Network Protocol (DNP3) provides an open standard used primarily within the energy sector for interoperability between various vendors’ SCADA and smartgrid applications. DNP3 is a multilayer protocol and may be carried via TCP/IP. Recent improvements allow for Secure Authentication which address spoofing or replay attacks. It allowed preshared keys only. IEEE 1815-2012 is the current standard; it supports PKI.

Storage Protocols

FCoE and ISCSI are both storage area network protocols that allows block level file access across a network.

  • FCoE – Fiber Channel over Ethernet – Transmits accross ethernet onto a converged network switch that supports the protocol
  • iSCSI – makes uses of higher layers of TCP/IP and can be routed over the WAN. Uses LUNs to provide addressing storage across a network.

Virtual San

One concept of VSAN allows for conceptually simplistic approach to isolation within a SAN analogous to VLANs on a network. Another concept of VSAN leans heavily on the virtual side of the phrase – allows for faster provisioning of virtual storage by leveraging virtualization to afford simple linear scalability to the SAN.

VOIP

Voice over IP (VOIP) carries voice over data networks. The advantages are lower cost and resiliency. The VOIP protocol includes RTP (Real-time transport protocol) designed to carry streaming audio and video and relies on SIP (Session Initiation Protocol) or H.323 for signaling. VOIP should be secured by SRTP (Secure RTP) which utilizes AES for confidentiality and SHA-1 for integrity. Alternatively can use IPSEC to prvent eavesdropping.

Related Posts with Thumbnails

About the Author

Alfred Tong
Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV