CISSP Domain 4 Communication and Network Security Cheat Sheet

Software Defined Networking

SDN is an approach to virtualize networking and decouple networking from the hardware typically employed for this service. Routing decisions can be made remotely instead of on each router. One of the goal is to use inexpensive white-box networking hardware to achieve nimle and customizable networking capabilities. OpenFlow (TCP/TLS based) is a well known protocol that allows for control of switching rules to be designated or updated at a central controller.

Wireless Local Area Networks

Wifi has historically been perceived as being insecure. 802.11i (WPA2) was the first standard that had reasonable security.

DoS and Availablitity

WLANS have no way to assure availability. DoS can be implemented by simply polutting the airspace with noise.

Unlicensed Bands

A Band is a contiguos radio spectrum. ISM (Industrial, Scientific and Medical) bands are set aside for unlicensed use, unlike FCC (Federal Communication Commission). ISM bands include cordless phones, 802.11 wireless, Bluetooth.


  • FHSS – Frequency Hopping Spread Spectrum – Uses a number of small frequency channels throughout the band and ops through them in pseudorandom order to maximise throughput whil minimizing effects if interference
  • DSSS – Direct Sequence Spread Spectrum – Uses entire band at once, spreading signals through the band to maximise throughput whil minimizing effects if interference
  • OFDM – Orthogonal Frequency Division Multiplexing – allowing simultaneous transmission using multiple independent wireless frequencies


2.4Ghz can be quite crowded vs 5Ghz. However 5Ghz is a higher frequency with shorter waves and does not penetrate walls and other obstructions as well.

Managed, Master, Ad-Hoc and Monitor Modes

  • Managed (client mode) – 802.11 Wireless clients connect to an AP. Clients communicate with the AP only and not with other clients
  • Master (Infrastructure Mode) – Used by wireless APs and can only communicate with connected clients.
  • Ad hoc (peer to peer mode) – No central access. Computer with wired access can use this mode for internet sharing on the WLAN nic
  • Monitor – Read only sniffering mode used by tools like Kismet and Wellenreiter

SSID and MAC address Filtering

  • SSID – Clients join WLAN networks based on SSID. Can be broadcasted or hidden. Wireless sniffers can sniff the SSID even though broadcast is disabled
  • MAC address filtering – Used to allow only trusted clients. MACs can be spoofed


Wired Equivaletnt Privacy Protocol. Uses 40 and 104bit key lengths and RC4 ciphers. WEP frames have no timestamp and no replay protection: attackers can inject traffic by replaying previously sniffed WEP frames. Inherently weak due to early cryptography export restrictions.


802.11 describes a RSN – Robust Security Network which allows for changes to cryptographic cipers (plugable authentication modules). Aka WPA2 which uses AES encryption for confidentiality, CCMP (Counter mode CBC MAC Protocol) to create a Message Integrity Check (MIC) providing for Integrity. WPA2 should be used over WPA (RC4 and TKIP).


AKA 802.15 is a Personal Area Network wihch operates in 2.4GHz for low power and small distances.

  • Class 3: Under 10M
  • Class 2: 10M
  • Class 1: 100M

Bluetooth uses 128bit E0 symmetric stream cipher. Proven true strength to be only 38bits. The security relies on the 48bit MAC but can be guessed as first 24bits is the OUI and remaining 24bits can be guessed via brute forced. Sensitive devices should have discovery disabled.


Radio Frequency Identification

  • Active – battery, broadcasts signal, larger distances
  • Semi-Passive – battery, relies on reader’s signal for power
  • Passive – no battery, relies on reader’s signal for power, less expensive

All RFID can be blocked via Faraday cage – wrapping with aluminum foil.

Secure Network Devices and Protocols

Repeaters and Hubs

Repeaters and hubs are layer 1 devices that simples repeats bits. They lack security (devices connected to hub can read and alter another’s packets), run in half duplex mode (cannot send and receive simultaneously) and have large collision domains (Any node may send colliding traffic with one another). It’s useful for traffic TAPs and SPAN ports.


Bridges are layer 2 devices and has 2 ports used to connect two network segments together. It learns addresses on either side and provides traffic isolation creating two collision domains.


A switch is a bridge with more than two ports. A switch shrinks the collision domain to a single port.


A virtual LAN by creating multiple virtual switches within a switch. It separated systems into multiple broadcast domains. It is often used to segment data and management networks to provide defense in depth.

Port Isolation

Aka Private VLAN or PVLAN. It aims to provide isolation between ports where one system cannot reach the other system even though they are on the same VLAN. It can be useful in multitenant environments by creating logical segmentation in virtual environments.

SPAN ports

Switched Port Analyzer (SPAN – or Mirror Port) can be used to mirror one ports traffic to another used in IDS scenarios. Multiple switch ports can be aggregated into one port, however, one should be aware of oversubscription.

Network Taps

Taps are the preferred way to provide promiscuous network access to a sniffer. It can fail open in the event of a failure and provide access to all traffic including malformed ethernet frames (switches often clean that traffic and not pass it).

Related Posts with Thumbnails

About the Author

Alfred Tong
Author and owner of this blog. A Networking enthusiast, full time networking and systems Engineer. Generally curious about all things IT.Certifications: GIAC GSEC, CCNP-S, CCNP, CCSP, CCDP, CCNA, RHCE, JNCIA - FWV