Page 847 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 847
Summary
The tasks of designing, deploying, and maintaining security on a
network require intimate knowledge of the technologies involved in
networking. This includes protocols, services, communication
mechanisms, topologies, cabling, endpoints, and networking devices.
The OSI model is a standard against which all protocols are evaluated.
Understanding how the OSI model is used and how it applies to real-
world protocols can help system designers and system administrators
improve security. The TCP/IP model is derived directly from the
protocol and roughly maps to the OSI model.
Most networks employ TCP/IP as the primary protocol. However,
numerous subprotocols, supporting protocols, services, and security
mechanisms can be found in a TCP/IP network. A basic understanding
of these various entities can help you when designing and deploying a
secure network.
In addition to routers, hubs, switches, repeaters, gateways, and
proxies, firewalls are an important part of a network’s security. There
are several types of firewalls: static packet filtering, application-level
gateway, circuit-level gateway, stateful inspection, deep-packet
inspection, and next-gen.
Converged protocols are common on modern networks, including
FCoE, MPLS, VoIP, and iSCSI. Software-defined networks and
content-distribution networks have expanded the definition of
network as well as expanded the use cases for it. A wide range of
hardware components can be used to construct a network, not the
least of which is the cabling used to tie all the devices together.
Understanding the strengths and weaknesses of each cabling type is
part of designing a secure network.
Wireless communications occur in many forms, including cell phone,
Bluetooth (802.15), RFID, NFC, and networking (802.11). Wireless
communication is more vulnerable to interference, eavesdropping,
denial of service, and man-in-the-middle attacks.
