Module 3: Systems and Network Security: Lesson 1: The Different Computing Components

Module 3: Systems And Network Security
Lesson 1: The Different Computing Components

Information systems are various computing components that create an system that produces, hosts, or provides data
Motherboard allows all computing components to work together
BIOS supports computer startup and runtime services for operating systems and other applications
CPU carries out tasks, routines, etc. that are contained in the CPU or from read-only memory
The CPU Control Unit (CU) controls CPU operations
The CPU Arithmetic Logic Unit (ALE) performs binary arithmetic functions for the
The CPU Cache stored data allowing faster transactions
The CPU Bus connects all internal components
CPU protection rings determines privilege levels for the operating system, applications, and more
CPU Ring Level 0 requires the most privilege required to access
CPU Ring Level 1 requires a high level of privilege required to access
CPU Ring Level 2 requires a moderate level of privilege to access
CPU Ring Level 3 requires a minimal level privilege to access
Ring 0-2 operate in privileged mode
Ring 3 operates in user mode
Multi-tasking is performing multiple tasks using different processes
Multi-processing is using more than 1 CPU processor to complete a task unction
Multi-programming is the performance of two tasks on a single processor
Multi-threading is performing multiple tasks using the same process
CPU States: Ready, Waiting, Running, Supervisory, Stopped
© Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
TPM provides the use and storage of cryptographic keys, certificates, and hashing values
Endorsement Key (EK) is created by the hardware manufacturer (public and private keys)
Storage Root Key (SRK) secures the keys stored in the TPM
Memory stores data for direct and immediate use by a computing devices
Volatile Memory: memory storage will be lost if power is lost
Non-Volatile Memory: memory storage is maintained if power is lost
Read Only Memory (ROM) is non-volatile storage
Random Access Memory (RAM) is volatile storage
Programmable Read-Only Memory (PROM) cannot be erased
Erasable Programmable Read-Only Memory (EPROM) requires removal and ultraviolet light to erase data
Electronically Erasable Programmable Read-Only Memory (EEPROM) can be erased without the removal
Flash Memory is non-volatile memory used in most mobile computing devices
Firmware is software stored inside a ROM memory chip
Static RAM (SRAM) provides quicker access to data
Dynamic RAM (DRAM) uses capacitors to hold a charge for access to data
Synchronous DRAM (SDRAM) synchronized with the clock speed
Double data rate SDRAM (DDR SDRAM) can improve memory clock speed to at least 200 MHz
Non-Volatile RAM (NVRAM) retains its data if power is lost. Also called SRAM (static random-access memory cells)
Cache memory is used to increase processing speeds
Primary Memory is volatile and can’t store data permanently (Primary storage or main memory)
Secondary Memory is non-volatile memory and stores and retains data
Memory isolation is a requirement for multilevel security mode systems
Segmentation enforces memory requirements via hardware controls

Phlashing attack installs malicious software in the BIOS that allows unauthorized remote access
Cold Boot Attack freezes memory chips to postpone the decay of data when the system is not powered on
Have security controls in place to protect against physical access, keyboard/mice, monitors, printers
Lesson 2: Software, Applications, And Databases

Cold Boot Attack freezes memory chips to postpone the decay of data when the system is not powered on
Have security controls in place to protect against physical access, keyboard/mice, monitors, printers
Clients connect a computing device to a specific service
Thick client (local tasking), thin client (centrally managed), smart client (HTTP based)
Middleware integrates an operating system to an application
Collaboration software allows a geographically dispersed team to connect
Database software stores digital information in an organized fashion
DBMS is an application used to connect a subject to the database
Relational database uses columns (attributes) and rows (tuples) to organize and store data
Hierarchical database uses a tree like to organize related data records and fields
Network Database is a hierarchical database that allows multiple parent/child relationships
Object-oriented database handles data fields as objects rather than in tables or hierarchy
SQL is the language used to manage/retrieve information in a relational database
API is a defined communications method for software applications
ODBC is an open database API
JDBC is a Java application database API
OLE DB is a Microsoft database API
Lesson 3: TCP/IP And The OSI Model

TCP/IP is a suite or stack of many different communication protocols
TCP/IP uses a 3 way handshake for reliability of the connection
SYN (SYN:1, ACK:0), SYN/ACK (SYN:1, ACK:1), ACK (SYN:0, ACK:1)
TCP/IP uses port (number), protocol (communication), and services (protocol function)
TCP/IP Model
OSI model is today’s standard reference model for communication rules

As communication moves through the OSI layers, information is added (encapsulation) and removed (de-
encapsulation)
OSI Model
Lesson 4: Principles of IP Networks

IP networks facilitate computing devices communications
Ethernet is the most common IP network protocol (IEEE 802.3, OSI Layer 2)
Various network components comprise a network
Routers connects networks together and manages communications between the different networks
Bridges connects 2 separate LAN networks together
Switches connects multiple computing devices, and multiple networks to a LAN network
Modems modulates and demodulates analog carrier signals (Commonly used to access to the Internet)
Firewalls controls and filters inbound and outbound network traffic
Repeaters strengthen a network signal

Gateways connects 2 or more networks using different network protocols
Proxy servers act on behalf of the source and destination
Access points extend a wireless network coverage area
WANs span over a large geographical area
LANs are limited to a small geographical area
MAN are smaller than WAN, but bigger than LAN
Broadcast Domain includes all network devices and receive a network broadcast
Collision Domain limits network packet collisions
CSMA/CD and CSMA/CA prevent network collisions using detection and collision avoidance
Unicast sends network communications to 1 host
Broadcast sends communications to the entire network
Multicast sends network communications to a group of users subscribed to the multicast protocol
Anycast sends network communications to a group of hosts based on the best route
Network tuning uses segmentation, isolation, architecture
Network segmentation reduces communication problems with broadcasts, collisions, and other congestion by grouping
different types of network traffic together and forcing them to use specific networks
Network isolation uses subnets, VLANs, zones
Subnets are a smaller and separate networks for different types of network traffic
VLANs are a common method of creating a subnet
Zones are a group of subnets, VLANs, or other network components
Lesson 5: Must Know Protocols And Services

PPS is a logical connection using shared rules to transmit information using a known port number
Port is the number
Protocol is the communication rules
Service is the protocol purpose
Converged protocol requires conversion to be routed over IP networks
Multiplayer protocol: spans multiple layers of TCP/IP or OSI model
Unsecure PPS do not have security features
Secure PPS have security features that protect communications
Web based protocols
Email based protocols
Remote Access based protocols
Converged based protocols
A protocol that spans across multiple layers of the TCP/IP or OSI stack
Multilayer protocols spans across multiple layers of the TCP/IP or OSI stack
TCP and DNP3 are the 2 main multilayer protocols
DNP3 is ICS protocol used for SCADA that connects the RTU to the MCS
Lesson 6: Network Services Part 1

Multilayer protocols spans across multiple layers of the TCP/IP or OSI stack
TCP and DNP3 are the 2 main multilayer protocols
DNP3 is ICS protocol used for SCADA that connects the RTU to the MCS
ARP poisoning attack send a victim to a spoofed destination
Also called ARP Cache Poisoning Attack or ARP Spoofing Attack
RARP translates a MAC address into an IP address and was succeeded by BootP, which was succeeded by DNS
DNS resolves IP addresses (35.201.95.83) to a domain name (homedepot.com)
DNS is a OSI layer 7 protocol that uses port 53 TCP/UDP
DNS resource record is the mapping of domain name to IP address
DNS zone is a group of resource records (e.g. admin, engineers, etc.)
Zone transfer is the copying DNS zones to other DNS servers
Authoritative server is the DNS server containing the original zone information
Recursive lookup/query sent to 1 or more DNS servers to find the correct resource record
Non-recursive lookup/query goes to a specific DNS server only
Split DNS: separate DNS servers for different lookups
DNS Cache Poisoning attack sends a victim to a spoofed webpage
Also called DNS Spoofing, Pharming, etc.
DNS Hijacking attack uses a hijacked DNS server to send a victim to a spoofed webpage
DNSSEC Preventing forged DNS records by requiring digital signatures
DNS architecture places servers in strategic places, using zones, and filtering communications
Lesson 7: Network Services Part 2

SNMP collects and reports various information about managed devices
SNMP components: Managed device, SNMP agent, Managing station or SNMP server
Managed device: Any device managed by SNMP
SNMP agent: Software installed on managed devices to gather SNMP information
Managing station: Centralized manager of the SNMP community
SNMP uses UDP port 161 (manager to agent) and UDP port 162 (traps)
Lock down ports 161 and 162 and use SNMPv3 or higher for authentication
Use strong passwords for community strings, Community strings should be public (read-only) wherever possible vs
private (read-write)
Do not use the same string for public and private communities
ICMP reports failures and errors, and is a diagnostic tool
ICMP uses TCP/UDP Port 7 (echo) for communications
ICMP traceroute will identify the path a packet will take
Ping Sweep is used to discover live hosts to attack
Ping of Death is a DoS attack
Fraggle Attack is a DoS attack
Smurf Attack is a DoS attack
NTP is used to synchronize internal system clocks
Stratum 0 is most accurate time source, using GPS signals or atomic clocks. Also called reference timing or reference
clock
Stratum 1 is synched within a few microseconds of a stratum 0 source
NTP uses UDP port 123 for time synchronization
NTP Security: Use the same time source for all components
Use NTPv3 or higher for authentication
Lesson 8: IP Addressing and Subnetting

Network address are created using binary math (1s and 0s)
IPv4 are 32 bit numerical addresses (4 octets of 8 bits)
Subnets divide host addresses into sub-networks
Subnet mask determines what network the host IP address is assigned
IPv4 Class and Address Ranges
IPv4 Private Address Space
NAT convert a private IPv4 address into a public IPv4 address

192.168.1.1 <> NAT <> 128.12.1.1
CIDR represent a subnet with a “/” and the number of bits
IPv4 Subnet Classes And CIDR Blocks
IPv6 are 128 bit hexadecimal addresses (8 blocks of 16 bits each)

IPv6 has MUCH more IP address space than IPv4
IPv6 increased the network packet size from 65,535 bytes to 4,294,967,295 bytes
Supports much better Quality of Service (QoS)
Lesson 9: Principles of Wireless Networking

Wireless networks allow communication without the need for a physical cable
BSS defines the parameters for the wireless network
SSID is the 32 character wireless network identifier
ESSID is the network name when AP is in use
BSSID is the network name when in ad-hoc mode
Wireless LAN uses RF for communications
Spread spectrum spreads communications
FHSS is frequency hopping
DSSS used to reduce signal noise/interference
802.11 is the IEEE wireless network standard
802.16 defines wireless MANs
Infrastructure mode expands wired to wireless network
Stand-alone mode has no physical connection
Ad-hoc mode is peer-to-peer
bridge allows wired devices to connect to wireless devices
Access points extend the wireless network range
WEP, WPA, WPA2, EAP are the main encryption algorithms
Guest zones isolate guest users on the wireless network
Captive portal requires guests to authenticate to gain access
War driving is moving around to gain unauthorized access to a wireless network
Bluejacking is sending unsolicited Bluetooth messages
Bluesnarfing is gain unauthorized access to a Bluetooth enabled device
Lesson 10: Virtualization and the Cloud

Virtualization is creating a software-based device vs a physical one
Benefits are less hardware, centralized control, and better IT performance
Virtual host is a software created computer or server
Physical host is a physical computing device
Hypervisor (or VMM) is the software that connects the virtualization to the physical host
Type 1 is bare metal/native, Type 2 is hosted
OS can be installed on either hypervisor
Host application is software running in a virtual host
Virtual network is a software created network
VDI provides an OS to a user using a centralized hosting server
VDC is a managed collection of virtual infrastructure components
Cloud computing is system services and resources made available to users over the internet
Service provider provides particular computing services in the cloud
ISP (infrastructure), ASP (applications), MSP (managed services)
There are public (open), private (closed), hybrid (2 or more organizations) clouds
aaS makes scalable services available to users which are IaaS (infrastructure), PaaS (platform), SaaS (software)
Lesson 11: Virtualized Networks

Virtualized networks are software based network
Requires a physical device to provide adequate resources
VLANs are software created Local Area Network (LAN)

PVLAN uses specific network interfaces or private ports (port isolation)
SDN is the use of multiple virtualized network resources to create a converged network
Application layer request resources for applications through the control layer
Control layer coordinates resources for applications from the infrastructure layer
Infrastructure layer provides physical resources for the application layer
VSAN is a virtualized network that connects storage components
VSAN provides flexible and scalable for information system storage
VSAN can be centrally managed or managed at the hypervisor level
Lesson 12: The Different Types of Data Storage

Data is the primary focus of most computer attacks
Primary Storage is volatile storage, mainly RAM
Secondary Storage is non-volatile storage, mainly ROM
Virtual Storage is virtualized primary or secondary storage
Flash storage is non-volatile electronic storage
SSD, mobile devices, SD cards USB uses flash storage
ROM storage is found in hard drives, CD ROM, DVD ROMs
RAID high performance storage using disk arrays
RAID 0 stripes information across multiple disks
RAID 1 mirrors data across multiple disks
RAID 2, 3, and 4 are not in use today
RAID 5 stripes and has a parity/interleaved bit

RAID 6 is RAID 5 with an additional backup
RAID 10 is striping and mirroring
NAS is network connected storage
SAN combined storage devices creating one drive
Data storage concerns are data remanence, removable media, sanitizing, encryption, and covert channels
Lesson 13: Firewall Technologies

Firewalls are used to filter and control communications between different networks
Can be a stand alone, virtualized, software, or file based
ACLs can filter traffic based on source, destination, pps, and more
ACLs are configured then applied to interfaces
Packet Filtering (1st generation), Proxy Firewall (2nd generation)
Stateful (3rd generation)
Packet filtering controls traffic based on source/destination/pps (layer 3)
Proxy firewalls inspect traffic prior to authorizing a connection
Cicruit level inspects the packet header and session information (layer 5)
Application level filters content by inspecting layer 7 protocol
Stateful firewalls track the state of the connection and protocol
Stateful inspection uses dynamic paclet filtering for high ports
Bastion host is a hardened firewall server placed between an internal and external network
Dual-homed are firewalls with more than one interface
Screened host uses an external router and sends traffic to a dual-homed firewall or bastion host
Screened subnet creates a DMZ using 2 different firewalls
Three Tier Architecture contains 2 or more screened subnets
Keeping operating system up to date with patching
Review firewall audit logs frequently to detect issues
Review firewall rulesets/ACLs periodically to tune the firewall

Module 3: Systems and Network Security: Lesson 1: The Different Computing Components

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 3: Systems and Network Security: Lesson 1: The Different Computing Components

Uploaded by

Copyright:

Available Formats

Module 3: Systems And Network Security

Lesson 1: The Different Computing Components

Segmentation enforces memory requirements via hardware controls

Lesson 2: Software, Applications, And Databases

OLE DB is a Microsoft database API

Lesson 3: TCP/IP And The OSI Model

OSI model is today’s standard reference model for communication rules

Lesson 4: Principles of IP Networks

Repeaters strengthen a network signal

Lesson 5: Must Know Protocols And Services

Email based protocols

Remote Access based protocols

Converged based protocols

Lesson 6: Network Services Part 1

Lesson 7: Network Services Part 2

Lesson 8: IP Addressing and Subnetting

IPv4 Private Address Space

NAT convert a private IPv4 address into a public IPv4 address

IPv6 are 128 bit hexadecimal addresses (8 blocks of 16 bits each)

Lesson 9: Principles of Wireless Networking

Bluesnarfing is gain unauthorized access to a Bluetooth enabled device

Lesson 10: Virtualization and the Cloud

Lesson 11: Virtualized Networks

VLANs are software created Local Area Network (LAN)

Lesson 12: The Different Types of Data Storage

RAID 5 stripes and has a parity/interleaved bit

Lesson 13: Firewall Technologies

You might also like