Page 1588 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1588
Chapter 11: Secure Network Architecture and
Securing Network Components
1. Application (7), Presentation (6), Session (5), Transport (4),
Network (3), Data Link (2), and Physical (1).
2. Problems with cabling and their countermeasures include
attenuation (use repeaters or don’t violate distance
recommendations), using the wrong CAT cable (check the cable
specifications against throughput requirements, and err on the side
of caution), crosstalk (use shielded cables, place cables in separate
conduits, or use cables of different twists per inch), cable breaks
(avoid running cables in locations where movement occurs),
interference (use cable shielding, use cables with higher twists per
inch, or switch to fiber-optic cables), and eavesdropping (maintain
physical security over all cable runs or switch to fiber-optic cables).
3. Some of the frequency spectrum-use technologies are spread
spectrum, Frequency Hopping Spread Spectrum (FHSS), Direct
Sequence Spread Spectrum (DSSS), and Orthogonal Frequency-
Division Multiplexing (OFDM).
4. Methods to secure 802.11 wireless networking include disabling
the SSID broadcast; changing the SSID to something unique;
enabling MAC filtering; considering the use of static IPs or using
DHCP with reservations; turning on the highest form of encryption
offered (such as WEP, WPA, or WPA2/802.11i); treating wireless
as remote access and employing 802.1X, RADIUS, or TACACS;
separating wireless access points from the LAN with firewalls;
monitoring all wireless client activity with an IDS; and considering
requiring wireless clients to connect with a VPN to gain LAN
access.
5. The LAN shared media access technologies are CSMA, CSMA/CA
(used by 802.11 and AppleTalk), CSMA/CD (used by Ethernet),
token passing (used by Token Ring and FDDI/CDDI), and polling
