CISSP Domain 4 Study Guide

Posted by SuperTechman
CISSP Domain 4

CISSP Domain 4

If you are studying the CISSP it would be a safe assumption that you are technically minded, and you know your way around networking and computers. If this is true, then this domain will cover a large amount of information you will already know. This domain covers network architecture, transmission methods, transport protocols, control devices, and security measures used to protect information in transit.

CISSP Domain 4 – Network Layer Concepts

LANS, WANS, MANS, GANS, and PANS

  • LAN – Local Area Network – A LAN is a small network confined to a building or an area within one geographical location
  • MAN – Metropolitan Network – tHis term is rarely used. A MAN is a network confined to a city, zip code, campus, or office park
  • WAN – Wide Area Network – A WAN is a large network made up of LANs connected to each other across multiple geographical locations.
  • GAN – Global Area Network – A global collection of WANS – Global Information Grid (GIG) is US DoD GAN
  • PAN – Personal Area Network – Range of 100M or less, low powered devices such as BT use PANs

Internet, Intranet, and Extranet

  • Internet – Global collection of networks running TCP/IP providing best effort service. The Internet is made up a public web pages external to your organisation.
  • Intranet – Privately owned network running TCP/IP – company network. The Intranet is web pages that are external internal to your organisation.
  • Extranet – Connection between private intranets such as connections to a business partner i.e. Web pages that are private and external to your organization that you are authorised to access.

Networking Concepts

TCP/IP

TCP/IP (Transmission Control Protocol/Internet Protocol) is the fundamental technology behind how computers communicate across networks and is the protocol that is one worth knowing about. TCP and IP are two protocol that work hand in hand to ensure successful network communication between two devices.

TCP is responsible for breaking down data into small packets and ensuring that they are transmitted in the correct order, without errors, and without loss. This is achieved by providing mechanisms for error detection, flow control, and congestion control.

IP is responsible for the addressing and routing of data packets across the network. It assigns unique addresses to each device on the network and determines the most efficient path for data to travel from one device to another.

TCP 3 way handshake

Understanding the TCP Three-Way Handshake is crucial for network engineers and administrators, as it forms the basis of all reliable communication over the internet. 

  • Step 1: In the first step, the client establishes a connection with a server. It sends a segment with SYN and informs the server about the client should start communication, and with what should be its sequence number.
  • Step 2: In this step server responds to the client request with SYN-ACK signal set. ACK helps you to signify the response of segment that is received and SYN signifies what sequence number it should able to start with the segments.
  • Step 3: In this final step, the client acknowledges the response of the Server, and they both create a stable connection will begin the actual data transfer process.

TCP uses a three way handshake to establish a reliable connection.

  1. SYN
  2. SYN-ACK
  3. ACK

Server chooses an initial sequence number on the first SYN and the server chooses it’s own sequence number during the SYN-ACK. And both sides acknowledges each other’s sequence number by incrementing it – the acknowledgment number. This is used to detect missing and out of order packets. Once a connection is established ACKs follow for each segment (PSH of data) and the connection ends in a RST or FIN.

TCP Flags

  • URG : Packet Contains Urgent Data
  • ACK : Ackknowledge received data
  • PSH : Push data to application layer
  • RST : Reset (tear down) a connection
  • SYN : Synchronize a connection
  • FIN : Finishes a connection (gracefully)
  • CWR : Congestion Window Reduced
  • ECE : Explicit Congestion notification Echo
  • NS : Nonce Sum

UDP

UDSP stands for User datagram protocol and is a layer 4 protocol that is simpler and faster than TCP.  It speeds up communications by not formally establishing a connection before data is transferred. This allows data to be transferred very quickly, but it can also cause packets to become lost in transit — and create opportunities for exploitation in the form of DDoS attacks.

MAC Addresses

MAC stands for Media Access Control. A MAC address is the unique hardware address of an Ethernet network interface card (NIC), typically burned at the factory by the manufacturer. Even though these are hardcoded, with a bit of effort, a MAC addresses maybe changed in software. The MAC address is 48 bits long with two halves: 24 bits form the Organization Unique Identified (OUI) and 24bits form the serial number (Extention indentifier).

ARP and RARP

ARP and RARP both are the Network layer protocol. Whenever a host needs to send an IP datagram to another host, the sender requires both the logical address and physical address of the receiver. The dynamic mapping provides two protocols ARP and RARP.

  • ARP – Resolves IP to MACs
  • RARP (reverse ARP) – Resolves MAC to IPs

IPv4

IP stands for Internet Protocol and v4 stands for Version Four (IPv4). IPv4 Internet Protocol v4 was designed for the US defense advanced research projects agency (DARPA) for use in ARPAnet which later became the internet. IP is simple, connectionless and unreliable and relies on TCP to offer such features. IPv4 uses a 32bit source and destination address which and has a limitation in the total address space.

We can distinguish five classes of IPv4 addresses: A, B, C, D, and E. Each of them has its own set of IP addresses. Let’s take a look at them.
Class A – The first bit, which is 0, spans the values 0.0.0.0 to 127.255.255.255. This class, which has 8 bits for the network and 24 bits for hosts, is designed for large networks.
Class B – It is intended for medium-sized to big networks. The first two bits, which are 10s, fall between 128.0.0.0 and 191.255.255.255. It also contains 16 bits for hosts and 16 bits for the network.
Class C – We use it for the small local area networks (LANs). The network in this class is indented using three octets. And the IP address has a range of 192.0.0.0 to 223.255.255.255, 24 network bits, and 8 host bits.
Class D – Only programs that require multicasting use it. That means we don’t use Class D for standard networking functions. Instead, it first three bits are set to “1,” and the fourth bit is used for “0”. Furthermore, 32-bit network addresses make up Class D addresses.
Class E – We use it for experimental or study-related reasons. This class of IP addresses covers the first octet values 240.0.0.0 to 255.255.255.255. An E class IP address’s first four bits are one in binary format.

IPv6

Successor to IPv4 featuring a larger address space (128bit address), simpler routing and simpler address management. All modern OS since Microsoft Vista has it enabled by default.

IPv4 vs. IPv6 – differences

There are several important differences between the old IPv4 and the new IPv6:

  • 32-bit addresses vs. 128-bit addresses, which provides a lot more addresses in the case of IPv6.
  • 4,294,967,296 IP addresses vs 340,282,366,920,938,463,463,374,607,431,768,211,456 IP addresses.
  • Fragmentation allows vs. no fragmentation. 
  • Address configuration manually or with DHCP vs. SLAAC or DHCP6. 
  • IPsec optional vs. part of the standard. IPv6 supports end-to-end encryption and can avoid man-in-the-middle attacks. 
  • NAT translation vs. no need for it in IPv6. 

Unicast, Multicast, and Broadcast

  • Unicast – one to one traffic. Unicast is a packet/frame (or flow of packets/frames) that has a single destination. This is the most common kind of traffic that we see in TCP/IP networks. When for example you access a web server, this is a unicast traffic.
  • Mulitcast – one to many traffic. Multicast is the middle ground between unicast and broadcast. Multicast traffic is destined to a “group” of hosts, called “multicast group”. Commonly used to stream audio or video
  • Broadcoast – one to all traffic. A broadcast is a packet/frame (or flows of packets/frames) that are destined for ALL devices on the network/segment.

Network Address Translation (NAT)

NAT stands for network address translation. It’s a way to map multiple private addresses inside a local network to a public IP address before transferring the information onto the internet. 

  • Static NAT – one to one translation
  • Pool NAT (dynamic NAT) – reserves a range of IPs to be mapped by another range.
  • PAT (NAT Overload) – many to one translation


Source link