August 25, 2025 • 28 mins
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
Network security is the cornerstone of modern cybersecurity, and understanding its intricacies is essential for anyone preparing for the CISSP exam. In this comprehensive episode, Sean Gerber delivers a rapid review of Domain 4: Communications and Network Security, which constitutes 13% of the CISSP exam questions.
The episode opens with a cautionary tale about a disgruntled Chinese developer who received a four-year prison sentence for deploying a logic bomb that devastated his former employer's network. This real-world example underscores the critical importance of proper employee termination procedures and privilege management—especially for technical staff with elevated access. As Sean emphasizes, "The eyes of Sauron" should be on any high-privilege employee showing signs of discontent.
Diving into Domain 4, Sean expertly navigates through foundational concepts like the OSI and TCP/IP models, explaining how they standardize network communications and why security professionals must understand them to implement effective defense strategies. The discussion progresses through IP networking (both IPv4 and IPv6), secure protocols, multi-layer protections, and deep packet inspection—all crucial components of a robust security architecture.
Particularly valuable is Sean's breakdown of modern network technologies like micro-segmentation, which divides networks into highly granular security zones. While acknowledging its power to limit lateral movement during breaches, he cautions that implementation requires sophisticated knowledge of software-defined networking (SDN) and careful planning: "It's better to start small than to go out and think of and get too big when you're dealing with deploying these SDN type of capabilities."
Wireless security, content delivery networks, and endpoint protection receive thorough examination, with Sean emphasizing that endpoints are "your first line of detection" and advocating for comprehensive endpoint detection and response (EDR) solutions that go beyond traditional antivirus. The episode concludes with insights on voice communication security, contrasting traditional telephone networks with modern VoIP systems and their unique vulnerabilities.
Whether you're preparing for the CISSP exam or looking to strengthen your organization's network security posture, this episode provides actionable insights backed by real-world experience. Ready to deepen your understanding of cybersecurity fundamentals? Subscribe to the CISSP Cyber Training Podcast and check out the free resources available at cisspybertraining.com to accelerate your certification journey.
Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Welcome to the CISSP Cyber Training Podcast, where we
provide you the training andtools you need to pass the CISSP
exam the first time.
Hi, my name is Sean Gerber andI'm your host for this
action-packed, informativepodcast.
Join me each week as I providethe information you need to pass
the CISSP exam and grow yourcybersecurity knowledge.
(00:20):
All right, let's get started.
Let's go.
Cybersecurity knowledge Allright let's get started.
Speaker 2 (00:30):
Good morning everybody.
It's Sean Gerber with CISSPCyber Training, and hope you all
are having a beautifullyblessed day today.
Today we're going to be talkingabout the CISSP Rapid Review
and we're going to be focused ondomain four.
So this will be part one,obviously today.
On Monday will be part one andthen on Thursday it will be part
two.
So we try to blend in theserapid reviews for your studying
(00:52):
preparedness and make sure thatyou are ready to go for the
CISSP exam.
But before we do, I had a quickarticle that I wanted to share
with you all.
It is actually on CSO Magazine,it's on the website they have
there and it's a disgruntleddeveloper gets a four-year
sentence for revenge attack onemployer's network.
Now this individual, who's aChinese national, named Davis
Liu he's a former softwaredeveloper at Eaton and that's
(01:15):
the electrical company that hegot four years for basically
putting a logic bomb withintheir network.
I've had this happen to me in acouple different ways.
It actually didn't happen to medirectly.
It happened to a friend of minein his company, and it took
them years and a lot of money toget this squared away.
So basically, davis Liu, hebasically got four years of
(01:36):
prison, plus three years ofsupervised release, for
deploying a malicious logic bombwith his ex-employer.
So his was going to let him go.
So what did he do?
He decided to go ahead and putin a logic bomb within his
network that was tied to activedirectory.
So the moment that hiscredentials would become
deactivated or disabled, then akill switch would be enabled and
(01:58):
then it locked out thousands ofusers by deleting employee
profiles and crashing theservers via an infinite java
thread loop.
So he knew what he was doingand he decided to put this in
place.
So this comes down to the factof when someone is leaving an
organization we'll come intothat you better have a good plan
around it, especially dependingupon their capabilities.
This attack was premeditatedwith.
(02:21):
Basically, they have forensics,evidence that he had set up in
there that he had did aprivilege escalation and he hid
that to allow them then do rapidfile deletion once he left the
company.
So this is the interesting partis that he knew what exactly
what he was doing and he had thecredentials to do this as a
software developer, seniorsoftware developer, and if you
(02:42):
read through the article, itsays that he, once he was
demoted, that was the pointwhere he made the decision I'm
out and I'm going to take thesepeople out with me.
So this caused hundreds ofthousands of dollars in
operational damage.
But I would say, from legalstandpoints the friend of mine
that had this same type ofsituation occurred with him.
There was the legal, there wasthe operational impact that it
had, but then there was also thelegal aspects and it went in
(03:04):
well over a million dollars whenit was all said and done.
So it's not an inexpensiveendeavor and, plus all of the
aspects of causing some sort ofreputational damage, everything
else it's chaos.
So the point of it is is thatas we talk about this in the
CISSP, you're getting it.
The main focus we talk about onCISSP cyber training is
(03:25):
understanding more than just payit.
The information to pass thetest is how do you do this
within your organization?
And so you need to work withyour HR people.
You need to also work with yourfolks that are dealing with
your infrastructure, and youneed to have a really good
process in place for employeetermination.
That includes anybody anybodywithin the organization, but
(03:46):
especially IT folks that haveprivileged capabilities.
The part in this situation as asenior software developer yeah,
he did have credentials to dothe things he did.
However, to be able tomanipulate Active Directory to
the level he did within theEaton Corporation that's the you
know.
Obviously they're a largecompany he obviously had some
level of credential creep and itwas given too much in
(04:08):
permissions related to thecompany.
So there's a lot of things thatcould potentially go wrong here
that maybe Eaton could havedone better with from an exit
standpoint.
But, as well as the moment, youknow that someone is used to
look at him as on a PIP or aperformance improvement plan,
and we used to look at them ason a PIP or a performance
improvement plan.
If I had someone that was asenior developer that was on a
PIP, then the eyes of Sauron areon that individual and I am
(04:33):
watching what they are doing.
And if you force people to havecredentials that are locked up
within, say, cyberark orsomeplace like that, you now can
watch and see what they do withthem as well.
Now, there is no obviously easybutton with this and there's no
perfect solution with them aswell.
Now, there is no obviously easybutton with this and there's no
perfect solution, but thisindividual had way too many
credentials and way too muchpower for him to be able to do
(04:53):
this and what he did.
So, ideally, you need to reallykind of look at that within
your organization.
Have a good exit strategy foryour people, make sure you work
with HR and you work with yourIT professionals to know what
you have in place to preventsomething similar to this
happening on your network.
Okay, so let's get started intodomain four of the rapid review,
part one hey all Sean Gerber,with CISSP Cyber Training, and
(05:16):
today we're going to be talkingabout the CISSP Rapid Review.
This is for Domain 4.
This is the exam prep that weput out at CISSP Cyber Training,
and Domain 4, communicationsand Network Security.
Okay, so this is the questionbreakdown for Domain 4.
As you look at this slide, allthe different domains, from
Domain 1 through Domain 8, areall part of the percentage that
(05:39):
you would have for the cisspexam.
But if we look at focus ondomain four, there's about 13 of
the questions that you will seefor the exam will be part of
this domain four.
Now you go to cissp cybertraining, you can get access to
all this content that'savailable to you if you are
watching this video, this freevideo that's out there.
We have tons of free resourcesat cissp cyber training that are
(06:01):
free from.
If you want to self-study andget ready for the exam, all my
free content will help you dothat.
If you need a little bit morehelp and you maybe more some
more guidance around some of thecontent and maybe directed
videos to help you walk youthrough each of the actual
domains, you can actually havemy paid resources and my
mentorship product as well.
So all that's available to youat CISSP Cyber Training.
(06:21):
But the main focus on thisslide is just to focus on.
13% of the questions will comefrom domain four.
Okay, so let's roll into this.
This domain 4.1, access andimplement secure design
principles in networkarchitectures.
Now, in this domain, in thissection, domain 4.1, we're going
to be talking about the OSImodel, the OSI and TCP IP models
(06:43):
that are there and kind of.
Again, the ultimate goal of therapid review is just kind of a
quick overview of what you mayexpect to see on the exam.
So when you're dealing with theOSI, it's a seven-layer
conceptual framework that is setup specifically for
standardizing networkcommunication functions and the
OSI model helps dramatically tohelp you kind of give you that
plan of what you can expect tosee, and the ultimate goal is
(07:06):
you have your transport layer,you have your data layer, you
have the various layers that aretied into the OSI model, and
that is a key factor when you'retrying to have standardization
around network protocols.
Then there's the TCP IP layer.
This is the practicalfour-layer suite that underpins
the entire internet.
Tcp IP is an important part ofthe overall internet itself and
(07:28):
it is a key, integral part ofall modern networks today.
Now, when you're dealing withthese different types of models,
there is a security thing youneed to consider, and this is
essential for any sort ofmulti-layered defense strategies
that you have a good planaround OSI and you understand
the TCP IP stack.
It's an important part becauseyou'll have an aspect of TCP IP
(07:51):
connections that are occurringbetween two points You're going
to have to understand am Igetting the connection?
Why am I not getting aconnection?
Is it because there's a SIN andthere's a SIN-AC?
Is there the termination or theFIN flags that are kicking off?
You're going to have tounderstand those different types
of flags and how the importanceof those and just because
you're studying for the exam,you go well, I don't need to
(08:12):
worry about that, because I havea network team that deals with
that for me.
You're going to have to knowhow to communicate with your
network team on the variousparts of the OSI model, because
you could be having data loss invarious stages, or you may also
have to know what are thedifferent flags that you are
dealing with as it relates toTCP IP.
So all of these are animportant part of the overall
(08:35):
understanding of cybersecurity.
Now the IP networking.
We're going to deal with thisIP, regular as itself, ip4 and
IP6.
Now IP as itself is theinformation aspects that you're
going to have, the fundamentalprotocol for addressing, routing
data packets, and that's IPnetworking period, and it's
broken into IPv4 and IPv6.
(08:57):
Now IPv4 is the 32-bit addressthat's been been out there
forever that most people haveadopted and utilize within their
networks.
However, because of the so manyip addresses tied to actual
devices themselves, they thenmove to ip version 6, which is
the 188 128 bit version, whichallows for a much larger space
(09:19):
of IP addresses and it alsohelps with the simplization of
the configurations of thesevarious IP addresses.
However, ipv6 has not been aswidely adopted as IPv4 because
obviously it's been aroundlonger and there are some
challenges of people bringingIPv6 into their networks.
It's eventually going to happenbecause there's just not enough
(09:40):
IPs out there, especially whenyou're dealing with all this IoT
work that's available.
But, at the end of the day,ipv4 and IPv6 are both extremely
important parts of any sort ofnetworking program.
Now they both requiremeticulous secure configurations
to ensure that you're getting aproper security for each of
them.
Now ipv6 introduces new attackvectors such as slaac, ndp
(10:07):
spoofing.
All of those are differentvectors that we didn't have in
ipv4, but ipv4 has its ownissues in itself, so
understanding the differencesbetween ipv4 and IPv6 is an
important factor when you'restudying for the exam.
The next section is secureprotocols.
These provide confidentiality,integrity and authenticity for
the data that's specifically intransit, and when we're talking
(10:28):
secure protocols, you're talkingVPNs, you're talking HTTPS,
you're talking SSH, dnssec.
All of these are very importantparts of the overall
transporting of the data and thesecurity around this.
Now it's mandatory for manysensitive communications that
you have some level of secureprotocols for this communication
(10:50):
.
This would include strongmessage ciphers, robust key
management, up-to-date versionsof it that are available, and
you want to make sure that allof that is done, because those
are key factors in any protocolthat is set up specifically for
transport of data between pointA and point B.
These can be done automatically.
They can be done set upmanually, but at the end of it,
(11:13):
a secure protocol for the datatransfer and the data protection
is an important part of anysort of security plan that you
have within your organization.
Implications of multi-layerprotocols Now encapsulation is
an important part of you'll hearpeople talk about it.
This is where data from higherlayers are wrapped by lower
layers, basically down the stack.
(11:33):
So what it comes down to is youhave your OSI model as layers,
layers, as your data is leavingfrom basically your physical
layer and it's moving.
It's all the way up to thetransport layer and beyond into
the presentation layer.
It is all encapsulated as itgoes up and then, when it comes
down, the encapsulation isremoved.
That is the data encapsulationpiece that you would expect to
(11:53):
see within the CISSP.
Now the attack surface of havingmulti-layer protocols is that
the vulnerabilities can exist inpotentially any layer.
So if you have multi-layeraspects, there's aspects that
could come into where theypotentially could bypass
controls of one layer to gainaccess to another.
So this is where it'simperative that you have a
(12:14):
defense in-depth strategy whenyou're dealing with any sort of
security and, as we've talkedabout routinely on CISSP, cyber
training is having the multilayers of defense.
If you have a firewall, thenyou have in point of detection
and response.
Maybe you have some honeypotsthat are built in there.
You have defenses that arebuilt and that are in layers so
that if one person gets throughone area, there may be a
(12:36):
situation where they're alertedwhen they're going through
another area.
It's also imperative to havesome deep packet inspection
involved and this is in variouspoints of your network.
There would be various tags ortaps that are put in place that
will suck this data out.
They will look at the dataitself and then they will do a
deep packet inspection of allthe data that's transferring the
(12:57):
wire.
These are really important.
There's also some regulatoryrequirements around that.
I've worked in some companiesthat have had to do that and
it's great product, but it doestake a lot to make that and put
that in place.
But deep packet inspection isan important part of any
security tools that you may have, depending upon the level of
risk that you have within yourcompany.
Converged protocols, so you havevoice over IP.
(13:19):
Now, this is what integratesvoice and video onto data
networks.
Bottom line is for cost savingsand flexibility.
Now, if you've all noticed,though, when you're dealing with
some voice communications, theyget a bit of a delay.
Sometimes that is voice over IPthat may be not totally
configured correctly.
Fiber optics this transmits datavia light, offering obviously
(13:40):
bandwidth issues and allowingyou increased bandwidth, low
latency and then, potentially,from electromagnetic
interferences immunity there's.
Fiber optics have become moreand more transparent throughout
the where most people I mean wedidn't have fiber optics going
to homes in the past.
Now we all have.
Many of us have fiber opticsthat come into our house
specifically.
(14:00):
So it's a great tool, allowsfor much faster bandwidth and it
is a great product.
I love fiber, just love it.
Security implications of doingthis, though, is it does
introduce new attack vectors,such as voice over IP,
eavesdropping, toll fraud whichI haven't seen much of, but it
is out there, obviously denialof service on the call managers
and various other eavesdropping,toll fraud which I haven't seen
(14:21):
much of, but it is out there,obviously denial of service on
the call managers and variousother aspects that could affect
your fiber optic aspects.
So there are again, as we getnew technologies and new
capabilities, then they becomealso a target for the bad guys
and girls.
Micro-segmentation this dividesnetworks and data centers into
various other highly granularareas and it does allow you to
have some really good securitysegments in place to, one,
(14:43):
manage the data, two, but alsoto manage the workload.
So the micro segmentation Ifeel is a really important part
of any organization.
However, like anything else, ifyou don't have a good plan on
how to do micro segmentation, alot of times it just gets thrown
together in one big bucket andthe benefit that you're looking
for is really kind of negatedand limited.
(15:03):
Based on that, it doessignificantly limit the
attacker's lateral movement andit reduces the breach blast
radius.
In the event that somebody wereto gain access to a bunch of
data, the amount of data thatthey potentially could get
because of micro segmentationcan be dramatically reduced.
But again back to the firstpoint.
If you don't know what you'redoing and you just kind of throw
everything in one bucket, itisn't as beneficial as it
(15:25):
potentially could be.
It does require sophisticated,granular firewall rules and
often it's considered what theycall software defined networking
or SDN this it takes a specialperson who understands how to do
SDN communications and how todo SDN firewall rules.
It does.
It's not hard right, I've doneit myself.
(15:46):
I've worked with some verysmart people to kind of help
guide me in some of this.
It is not difficult.
However, it does take a muchbigger approach to understanding
the network and what you'regoing to do within your network.
So you just got to have a goodplan before you deploy something
like this.
And it's better to start smallthan to go out and think of and
get too big when you're dealingwith deploying these SDN type of
(16:07):
capabilities.
Wireless networks obviously thetechnology uses radio waves and
mobility.
To ease of deployment, we alluse Wi-Fi and Wi-Fi is well
known and well used uh, and sobecause of that, though they're
increasing the encryptioncapability of that uh, it does
require require wpa2 and three.
Obviously there's you canincorporate it with radius and
(16:29):
there's also other sort of rogueap detection that would be your
um auxiliary or access pointsdetection.
That is out there as well.
We used to do in the old dayswe would go around and look for
access points with justbasically a device like a Geiger
counter and it would go andlook for other wireless access
points that were enabled.
Now they've incorporated a lotof that into the device
(16:53):
themselves and they're lookingfor rogue Wi-Fi outlets.
So great capabilities in theWi-Fi space.
Now, obviously, the securityimplication of this is it's
inherently susceptible foreavesdropping potentially.
And then rogue APs big deal forrogue APs.
I've met with them a lot, I'vehad to deal with those
situations and they can thendeal with brute force attacks
(17:15):
and you do require strongencryption and authentication
are an important part of anyWi-Fi network.
Again, wi-fis are great, butjust throwing them up out there
shadow IT, all those things justkind of start rolling on
themselves.
So it's imperative that you dohave a really good plan when
you're deploying Wi-Fi withinyour network.
Highly recommend that you find,maybe potentially, a person who
(17:36):
does Wi-Fi really well withintheir network and talk to them.
Cellular networks this is whereyou have technology.
That's obviously 5G.
It offers higher speeds, lowerlatencies.
This allows for much betterdata transfers and you're not
limited to point places such asWi-Fi locations.
It does incorporate involvingsecurity standards, obviously
(17:57):
for improved authentication andencryption.
When you're dealing with 5G thelower cellular capabilities of
LTE and 4G they had securityimplications that are not as
strong and robust as 5G andtherefore, it's imperative that
you move to 5G if possible ifpossible.
(18:21):
But there's different types ofthreats that can affect 5G
networks, such as IMSI catchers,signaling attacks, supply chain
vulnerabilities and so forth.
Iot is a big factor when you'redealing with 5G and there's
some vulnerabilities that can beincorporated there as well, so
it's really important Again, wetalk about all this stuff over
and over again but having a goodplan on how you're going to
deploy this within your networks, the use of each of these
(18:42):
technologies, is a crucial partof your overall security game
plan.
Okay, the last section of domain4.1.
This is going to be with cdnsand content delivery networks.
Now, these are geographicallydistributed proxy servers that
are basically caching thecontent, that are closer to the
order you're at to increase thespeed and resilience.
Cdns are an important part ofthe way the internet works today
(19:04):
and especially with as muchcontent that is out there, cdns
have to be used.
They really do.
Now, the problem is is, if theyget DDoSed, if they get denial
of service tax done on them,then they can go down and then
it causes all kinds of latencyissues.
But they have DDoS mitigation,they have WAF capabilities and
(19:25):
then they well, in many caseshave TLS termination and secure
content caching.
Okay, some of the securityimplications that are involved
in this.
It does introduce reliance onthird-party security postures
that are third parties that aremanaging your network.
Obviously, the CDN is relyingon them to do the job right and
to make sure that they have thesecurity in place to protect
your data.
This includes potentially ofcache poisoning,
(19:45):
misconfigurations or the need toprotect the original server
itself.
So you are relying on somebodyelse to protect the data and to
protect the communications, andthat, in turn, does incur some
level of risk to you and yourcompany.
Secure network components thisis what domain 4.2, so
operational of heart, operationof hardware.
So when you're dealing withdifferent secure components, you
(20:08):
want to have redundant powerset up and this would be ups's
uninterrupted power supplies.
You may have generators in wellin place as well, this to
ensure you have continuousoperation of these critical
network devices and systems.
Again, you have to understandwhich ones are these critical
systems, but you want to havesome level of redundant power
for these.
This could also potentiallyinclude redundant networking
(20:30):
capabilities as well, dependingupon if this is required.
Your critical system isrequired to have network
connectivity outside to theworld, you may have to have
another circuit specificallybrought in for that specific
need.
Warranty and support We'vetalked about this with Microsoft
routinely.
Is that the relying on vendorwarranties and support contracts
for timely and hardwarereplacement, firmware updates
(20:51):
and technical assistance.
You need to make sure that youhave a good plan around the
warranties, how you're going topay for those, how you're going
to maintain the support withthose and it comes down to is
some of these systems may notever have support because
they're so old.
How do you deal with that?
That's a different conversation.
But again, warranty and supportis an important part of all of
your networking plans.
(21:12):
You need to ensure you haveavailability and resilience for
your network infrastructure.
A lack of redundancy or expiredsupport contracts will lead to
single points of failure.
I've seen it happen where yourcontract hasn't been negotiated.
You think you're good, thecontract goes away, you don't
have support and now you'respending three months trying to
get your contract back up tospeed and at that point in time
(21:35):
you're vulnerable.
So if you're a securityprofessional, understanding your
legal and your regulatory spaceis good, but also understanding
your contractual aspects are animportant part.
A company I work with we'veactually done contractual
reviews for people to make surethat they have the right
contracts in place for theirpeople.
Transmission media so you havedifferent types of transmission
media.
You have trans twisted pair,which is your UTP and STP.
(21:58):
You have coax.
You have wireless.
You have fiber optics We'vekind of talked about those as
well and the ultimate point isis that you want to determine
which ones do you need to useand you need to understand those
specifically for your the CISSP.
Now, they will vary inbandwidth, distance, cost and
susceptibility to interference,based on the product that you
get.
You deal with CAT6.
(22:19):
It has ability to carry.
Based on the product that youget you deal with Cat6, it has
ability to carry high levels ofdata across it, but then there's
some limitations on thedistance in which it can go.
If you're dealing with a singletwisted pair versus a
multi-twisted pair, how doesthat work for you?
All of those pieces are aspectsthat you need to be aware of
when you're dealing with yourtransmission media.
Different media have distinctvulnerabilities specifically
(22:40):
associated with them.
Copper is an important part,but it is susceptible to
eavesdropping and you will seethis with.
And it isn't so much that wehave many copper lines now, but
in the past there was a lot ofcopper that went through
buildings and so forth.
It was extremely susceptible toeavesdropping and also to
electromagnetic interferences aswell.
(23:00):
Now that you have the twistedpair, and especially if it's
shielded twisted pair, then youhave less risk of having any
sort of EMI effects that coulddeal with it.
Fiber optics highly secureagainst EMI, but they're
extremely fragile and they'rereally hard that if you break
them you can't just go andconnect them back together.
You have to have special toolsto do so.
(23:22):
So it makes it a little bitmore complicated.
Wireless obviously, is the mostvulnerable to eavesdropping and
jamming and unauthorized access, but it also is one of the most
flexible and is pretty muchused ubiquitously everywhere.
So understanding yourtransmission media pair, or your
transmission media, is animportant part of your CISSP,
and understanding how each ofthose pieces are crucial will
(23:43):
help you.
As far as you're studying forthis, make sure you have a good
grasp of each of those types.
Network access control devicesthese are designed as to enforce
security policies on devicesattempting to connect to the
network, both wired and wireless.
These can perform postureassessments where you're
basically checking the device,health patches, antivirus and so
forth.
It authenticates users anddevices and then grants and
(24:06):
denies or potentiallyquarantines the access based on
your access that you're allowedto have.
And these are networks accesscontrol devices.
They do prevent unauthorized ornon-compliant devices from
accessing a network.
So if you don't have portcontrols in place, these NACs
can actually help reduce that.
If somebody were to plugsomething in, it can limit the
effect of those devices.
(24:27):
So, again, it reduces yourattack surface and limits the
spread of potential malware froman infected endpoint.
Endpoint security this protectsthe individual computing devices
such as your laptops, desktops,servers and so forth, and it is
an important part of any sortof security strategy you may
have.
This could deal with endpointdetection and response, host
(24:47):
base ids and ipss, dlp and hostbased firewalls.
All of those are part of yourendpoint security program and
they're a common entry point forall attackers of the endpoints,
because people are there andpeople click on links.
They are crucial for detectingand preventing any sort of
malware defense or infections,and I usually say the endpoints
are your first line of detection.
Uh, that and your people.
(25:08):
Your people are like sensorsand between them and your
endpoints, they are your firstline.
They are the ones that aregoing to help identify
suspicious activity.
They'll help control data flows.
All of those things are animportant part of your endpoint
detection strategy.
Make sure you deploy endpointdetection and response some sort
of protection and response toyour endpoints right now.
(25:30):
Now one thing to also consideris just antivirus.
Right, people used to always beantivirus.
It needs to be a much bettersolution, such as endpoint
detection and response type ofsecurity suites.
These are focused specificallyon heuristics.
They're focused on thedifferent types of signatures.
They're also based on othercommunications they get from the
mothership that are tellingthem hey, these are the attacks
(25:53):
we're seeing.
Edr is a really good endpointfor you need to consider for all
endpoint security.
Okay, domain 4.3, public switchtelephone networks PSTNs.
Now, these are traditionalcircuit-based switch telephone
network used for voicecommunication and it does rely
on copper wires and switchingcenters to do the work.
So this is the old school whereyou had somebody sitting in
(26:16):
behind a desk and they'replugging in different wires into
different ports to make thecommunication the connection.
This is a PSTN.
Granted, obviously that wasreally old school, but it's the
traditional old type of phonenetwork.
It is susceptible towiretapping and eavesdropping
and denial of services as well.
They still exist in differentplaces.
(26:37):
Obviously, in areas that aremaybe a little less developed,
they're more prevalent, butbottom line is, pstn is still
out there, and you, as asecurity professional, need to
understand what is a PSTNnetwork Voice over IP.
This is what allows for voiceand multimedia communications
over IP networks such as theInternet, and then, obviously,
it's instead of the traditionalphone lines that you would have,
(26:57):
such as a PSTN network.
Obviously, it's instead of thetraditional phone lines that you
would have, such as a PSTNnetwork.
They're becoming more and moredeveloped and deployed
throughout.
Most companies have these, andthey will include various
different types of threats thatcan affect them, such as
eavesdropping, dos attacks.
Obviously, they can target yourvoice over IP clients if they're
high IP or high value clients,and they will also target the
(27:20):
servers as well.
Gaining access to these systemscan be a plethora of information
, and so bad guys and girls willattack those systems.
They really truly do want theVoIP systems, and if you don't
have good security enabled onthem, they are a high target and
they can also incorporate a lotof risk for you and your
organization, hence, if theywere to be breached or
(27:43):
compromised.
You now are running in asituation where you become
liable because you didn't put inadequate controls for them.
Thanks so much for joining metoday on my podcast.
If you like what you heard,please leave a review on iTunes,
as I would greatly appreciateyour feedback.
Also, check out my videos thatare on YouTube and just head to
my channel at CISSP CyberTraining and you will find a
(28:03):
plethora, or a cornucopia, ofcontent to help you pass the
CISSP exam the first time.
Lastly, head to CISSP CyberTraining and sign up for 360
free CISSP questions to help youin your CISSP journey.
Thanks again for listening.
Welcome to the CISSP Cyber Training Podcast, where we
provide you the training andtools you need to pass the CISSP
exam the first time.
Hi, my name is Sean Gerber andI'm your host for this
action-packed, informativepodcast.
Join me each week as I providethe information you need to pass
the CISSP exam and grow yourcybersecurity knowledge.
(00:20):
All right, let's get started.
Let's go.
Cybersecurity knowledge Allright let's get started.
Speaker 2 (00:30):
Good morning everybody.
It's Sean Gerber with CISSPCyber Training, and hope you all
are having a beautifullyblessed day today.
Today we're going to be talkingabout the CISSP Rapid Review
and we're going to be focused ondomain four.
So this will be part one,obviously today.
On Monday will be part one andthen on Thursday it will be part
two.
So we try to blend in theserapid reviews for your studying
(00:52):
preparedness and make sure thatyou are ready to go for the
CISSP exam.
But before we do, I had a quickarticle that I wanted to share
with you all.
It is actually on CSO Magazine,it's on the website they have
there and it's a disgruntleddeveloper gets a four-year
sentence for revenge attack onemployer's network.
Now this individual, who's aChinese national, named Davis
Liu he's a former softwaredeveloper at Eaton and that's
(01:15):
the electrical company that hegot four years for basically
putting a logic bomb withintheir network.
I've had this happen to me in acouple different ways.
It actually didn't happen to medirectly.
It happened to a friend of minein his company, and it took
them years and a lot of money toget this squared away.
So basically, davis Liu, hebasically got four years of
(01:36):
prison, plus three years ofsupervised release, for
deploying a malicious logic bombwith his ex-employer.
So his was going to let him go.
So what did he do?
He decided to go ahead and putin a logic bomb within his
network that was tied to activedirectory.
So the moment that hiscredentials would become
deactivated or disabled, then akill switch would be enabled and
(01:58):
then it locked out thousands ofusers by deleting employee
profiles and crashing theservers via an infinite java
thread loop.
So he knew what he was doingand he decided to put this in
place.
So this comes down to the factof when someone is leaving an
organization we'll come intothat you better have a good plan
around it, especially dependingupon their capabilities.
This attack was premeditatedwith.
(02:21):
Basically, they have forensics,evidence that he had set up in
there that he had did aprivilege escalation and he hid
that to allow them then do rapidfile deletion once he left the
company.
So this is the interesting partis that he knew what exactly
what he was doing and he had thecredentials to do this as a
software developer, seniorsoftware developer, and if you
(02:42):
read through the article, itsays that he, once he was
demoted, that was the pointwhere he made the decision I'm
out and I'm going to take thesepeople out with me.
So this caused hundreds ofthousands of dollars in
operational damage.
But I would say, from legalstandpoints the friend of mine
that had this same type ofsituation occurred with him.
There was the legal, there wasthe operational impact that it
had, but then there was also thelegal aspects and it went in
(03:04):
well over a million dollars whenit was all said and done.
So it's not an inexpensiveendeavor and, plus all of the
aspects of causing some sort ofreputational damage, everything
else it's chaos.
So the point of it is is thatas we talk about this in the
CISSP, you're getting it.
The main focus we talk about onCISSP cyber training is
(03:25):
understanding more than just payit.
The information to pass thetest is how do you do this
within your organization?
And so you need to work withyour HR people.
You need to also work with yourfolks that are dealing with
your infrastructure, and youneed to have a really good
process in place for employeetermination.
That includes anybody anybodywithin the organization, but
(03:46):
especially IT folks that haveprivileged capabilities.
The part in this situation as asenior software developer yeah,
he did have credentials to dothe things he did.
However, to be able tomanipulate Active Directory to
the level he did within theEaton Corporation that's the you
know.
Obviously they're a largecompany he obviously had some
level of credential creep and itwas given too much in
(04:08):
permissions related to thecompany.
So there's a lot of things thatcould potentially go wrong here
that maybe Eaton could havedone better with from an exit
standpoint.
But, as well as the moment, youknow that someone is used to
look at him as on a PIP or aperformance improvement plan,
and we used to look at them ason a PIP or a performance
improvement plan.
If I had someone that was asenior developer that was on a
PIP, then the eyes of Sauron areon that individual and I am
(04:33):
watching what they are doing.
And if you force people to havecredentials that are locked up
within, say, cyberark orsomeplace like that, you now can
watch and see what they do withthem as well.
Now, there is no obviously easybutton with this and there's no
perfect solution with them aswell.
Now, there is no obviously easybutton with this and there's no
perfect solution, but thisindividual had way too many
credentials and way too muchpower for him to be able to do
(04:53):
this and what he did.
So, ideally, you need to reallykind of look at that within
your organization.
Have a good exit strategy foryour people, make sure you work
with HR and you work with yourIT professionals to know what
you have in place to preventsomething similar to this
happening on your network.
Okay, so let's get started intodomain four of the rapid review,
part one hey all Sean Gerber,with CISSP Cyber Training, and
(05:16):
today we're going to be talkingabout the CISSP Rapid Review.
This is for Domain 4.
This is the exam prep that weput out at CISSP Cyber Training,
and Domain 4, communicationsand Network Security.
Okay, so this is the questionbreakdown for Domain 4.
As you look at this slide, allthe different domains, from
Domain 1 through Domain 8, areall part of the percentage that
(05:39):
you would have for the cisspexam.
But if we look at focus ondomain four, there's about 13 of
the questions that you will seefor the exam will be part of
this domain four.
Now you go to cissp cybertraining, you can get access to
all this content that'savailable to you if you are
watching this video, this freevideo that's out there.
We have tons of free resourcesat cissp cyber training that are
(06:01):
free from.
If you want to self-study andget ready for the exam, all my
free content will help you dothat.
If you need a little bit morehelp and you maybe more some
more guidance around some of thecontent and maybe directed
videos to help you walk youthrough each of the actual
domains, you can actually havemy paid resources and my
mentorship product as well.
So all that's available to youat CISSP Cyber Training.
(06:21):
But the main focus on thisslide is just to focus on.
13% of the questions will comefrom domain four.
Okay, so let's roll into this.
This domain 4.1, access andimplement secure design
principles in networkarchitectures.
Now, in this domain, in thissection, domain 4.1, we're going
to be talking about the OSImodel, the OSI and TCP IP models
(06:43):
that are there and kind of.
Again, the ultimate goal of therapid review is just kind of a
quick overview of what you mayexpect to see on the exam.
So when you're dealing with theOSI, it's a seven-layer
conceptual framework that is setup specifically for
standardizing networkcommunication functions and the
OSI model helps dramatically tohelp you kind of give you that
plan of what you can expect tosee, and the ultimate goal is
(07:06):
you have your transport layer,you have your data layer, you
have the various layers that aretied into the OSI model, and
that is a key factor when you'retrying to have standardization
around network protocols.
Then there's the TCP IP layer.
This is the practicalfour-layer suite that underpins
the entire internet.
Tcp IP is an important part ofthe overall internet itself and
(07:28):
it is a key, integral part ofall modern networks today.
Now, when you're dealing withthese different types of models,
there is a security thing youneed to consider, and this is
essential for any sort ofmulti-layered defense strategies
that you have a good planaround OSI and you understand
the TCP IP stack.
It's an important part becauseyou'll have an aspect of TCP IP
(07:51):
connections that are occurringbetween two points You're going
to have to understand am Igetting the connection?
Why am I not getting aconnection?
Is it because there's a SIN andthere's a SIN-AC?
Is there the termination or theFIN flags that are kicking off?
You're going to have tounderstand those different types
of flags and how the importanceof those and just because
you're studying for the exam,you go well, I don't need to
(08:12):
worry about that, because I havea network team that deals with
that for me.
You're going to have to knowhow to communicate with your
network team on the variousparts of the OSI model, because
you could be having data loss invarious stages, or you may also
have to know what are thedifferent flags that you are
dealing with as it relates toTCP IP.
So all of these are animportant part of the overall
(08:35):
understanding of cybersecurity.
Now the IP networking.
We're going to deal with thisIP, regular as itself, ip4 and
IP6.
Now IP as itself is theinformation aspects that you're
going to have, the fundamentalprotocol for addressing, routing
data packets, and that's IPnetworking period, and it's
broken into IPv4 and IPv6.
(08:57):
Now IPv4 is the 32-bit addressthat's been been out there
forever that most people haveadopted and utilize within their
networks.
However, because of the so manyip addresses tied to actual
devices themselves, they thenmove to ip version 6, which is
the 188 128 bit version, whichallows for a much larger space
(09:19):
of IP addresses and it alsohelps with the simplization of
the configurations of thesevarious IP addresses.
However, ipv6 has not been aswidely adopted as IPv4 because
obviously it's been aroundlonger and there are some
challenges of people bringingIPv6 into their networks.
It's eventually going to happenbecause there's just not enough
(09:40):
IPs out there, especially whenyou're dealing with all this IoT
work that's available.
But, at the end of the day,ipv4 and IPv6 are both extremely
important parts of any sort ofnetworking program.
Now they both requiremeticulous secure configurations
to ensure that you're getting aproper security for each of
them.
Now ipv6 introduces new attackvectors such as slaac, ndp
(10:07):
spoofing.
All of those are differentvectors that we didn't have in
ipv4, but ipv4 has its ownissues in itself, so
understanding the differencesbetween ipv4 and IPv6 is an
important factor when you'restudying for the exam.
The next section is secureprotocols.
These provide confidentiality,integrity and authenticity for
the data that's specifically intransit, and when we're talking
(10:28):
secure protocols, you're talkingVPNs, you're talking HTTPS,
you're talking SSH, dnssec.
All of these are very importantparts of the overall
transporting of the data and thesecurity around this.
Now it's mandatory for manysensitive communications that
you have some level of secureprotocols for this communication
(10:50):
.
This would include strongmessage ciphers, robust key
management, up-to-date versionsof it that are available, and
you want to make sure that allof that is done, because those
are key factors in any protocolthat is set up specifically for
transport of data between pointA and point B.
These can be done automatically.
They can be done set upmanually, but at the end of it,
(11:13):
a secure protocol for the datatransfer and the data protection
is an important part of anysort of security plan that you
have within your organization.
Implications of multi-layerprotocols Now encapsulation is
an important part of you'll hearpeople talk about it.
This is where data from higherlayers are wrapped by lower
layers, basically down the stack.
(11:33):
So what it comes down to is youhave your OSI model as layers,
layers, as your data is leavingfrom basically your physical
layer and it's moving.
It's all the way up to thetransport layer and beyond into
the presentation layer.
It is all encapsulated as itgoes up and then, when it comes
down, the encapsulation isremoved.
That is the data encapsulationpiece that you would expect to
(11:53):
see within the CISSP.
Now the attack surface of havingmulti-layer protocols is that
the vulnerabilities can exist inpotentially any layer.
So if you have multi-layeraspects, there's aspects that
could come into where theypotentially could bypass
controls of one layer to gainaccess to another.
So this is where it'simperative that you have a
(12:14):
defense in-depth strategy whenyou're dealing with any sort of
security and, as we've talkedabout routinely on CISSP, cyber
training is having the multilayers of defense.
If you have a firewall, thenyou have in point of detection
and response.
Maybe you have some honeypotsthat are built in there.
You have defenses that arebuilt and that are in layers so
that if one person gets throughone area, there may be a
(12:36):
situation where they're alertedwhen they're going through
another area.
It's also imperative to havesome deep packet inspection
involved and this is in variouspoints of your network.
There would be various tags ortaps that are put in place that
will suck this data out.
They will look at the dataitself and then they will do a
deep packet inspection of allthe data that's transferring the
(12:57):
wire.
These are really important.
There's also some regulatoryrequirements around that.
I've worked in some companiesthat have had to do that and
it's great product, but it doestake a lot to make that and put
that in place.
But deep packet inspection isan important part of any
security tools that you may have, depending upon the level of
risk that you have within yourcompany.
Converged protocols, so you havevoice over IP.
(13:19):
Now, this is what integratesvoice and video onto data
networks.
Bottom line is for cost savingsand flexibility.
Now, if you've all noticed,though, when you're dealing with
some voice communications, theyget a bit of a delay.
Sometimes that is voice over IPthat may be not totally
configured correctly.
Fiber optics this transmits datavia light, offering obviously
(13:40):
bandwidth issues and allowingyou increased bandwidth, low
latency and then, potentially,from electromagnetic
interferences immunity there's.
Fiber optics have become moreand more transparent throughout
the where most people I mean wedidn't have fiber optics going
to homes in the past.
Now we all have.
Many of us have fiber opticsthat come into our house
specifically.
(14:00):
So it's a great tool, allowsfor much faster bandwidth and it
is a great product.
I love fiber, just love it.
Security implications of doingthis, though, is it does
introduce new attack vectors,such as voice over IP,
eavesdropping, toll fraud whichI haven't seen much of, but it
is out there, obviously denialof service on the call managers
and various other eavesdropping,toll fraud which I haven't seen
(14:21):
much of, but it is out there,obviously denial of service on
the call managers and variousother aspects that could affect
your fiber optic aspects.
So there are again, as we getnew technologies and new
capabilities, then they becomealso a target for the bad guys
and girls.
Micro-segmentation this dividesnetworks and data centers into
various other highly granularareas and it does allow you to
have some really good securitysegments in place to, one,
(14:43):
manage the data, two, but alsoto manage the workload.
So the micro segmentation Ifeel is a really important part
of any organization.
However, like anything else, ifyou don't have a good plan on
how to do micro segmentation, alot of times it just gets thrown
together in one big bucket andthe benefit that you're looking
for is really kind of negatedand limited.
(15:03):
Based on that, it doessignificantly limit the
attacker's lateral movement andit reduces the breach blast
radius.
In the event that somebody wereto gain access to a bunch of
data, the amount of data thatthey potentially could get
because of micro segmentationcan be dramatically reduced.
But again back to the firstpoint.
If you don't know what you'redoing and you just kind of throw
everything in one bucket, itisn't as beneficial as it
(15:25):
potentially could be.
It does require sophisticated,granular firewall rules and
often it's considered what theycall software defined networking
or SDN this it takes a specialperson who understands how to do
SDN communications and how todo SDN firewall rules.
It does.
It's not hard right, I've doneit myself.
(15:46):
I've worked with some verysmart people to kind of help
guide me in some of this.
It is not difficult.
However, it does take a muchbigger approach to understanding
the network and what you'regoing to do within your network.
So you just got to have a goodplan before you deploy something
like this.
And it's better to start smallthan to go out and think of and
get too big when you're dealingwith deploying these SDN type of
(16:07):
capabilities.
Wireless networks obviously thetechnology uses radio waves and
mobility.
To ease of deployment, we alluse Wi-Fi and Wi-Fi is well
known and well used uh, and sobecause of that, though they're
increasing the encryptioncapability of that uh, it does
require require wpa2 and three.
Obviously there's you canincorporate it with radius and
(16:29):
there's also other sort of rogueap detection that would be your
um auxiliary or access pointsdetection.
That is out there as well.
We used to do in the old dayswe would go around and look for
access points with justbasically a device like a Geiger
counter and it would go andlook for other wireless access
points that were enabled.
Now they've incorporated a lotof that into the device
(16:53):
themselves and they're lookingfor rogue Wi-Fi outlets.
So great capabilities in theWi-Fi space.
Now, obviously, the securityimplication of this is it's
inherently susceptible foreavesdropping potentially.
And then rogue APs big deal forrogue APs.
I've met with them a lot, I'vehad to deal with those
situations and they can thendeal with brute force attacks
(17:15):
and you do require strongencryption and authentication
are an important part of anyWi-Fi network.
Again, wi-fis are great, butjust throwing them up out there
shadow IT, all those things justkind of start rolling on
themselves.
So it's imperative that you dohave a really good plan when
you're deploying Wi-Fi withinyour network.
Highly recommend that you find,maybe potentially, a person who
(17:36):
does Wi-Fi really well withintheir network and talk to them.
Cellular networks this is whereyou have technology.
That's obviously 5G.
It offers higher speeds, lowerlatencies.
This allows for much betterdata transfers and you're not
limited to point places such asWi-Fi locations.
It does incorporate involvingsecurity standards, obviously
(17:57):
for improved authentication andencryption.
When you're dealing with 5G thelower cellular capabilities of
LTE and 4G they had securityimplications that are not as
strong and robust as 5G andtherefore, it's imperative that
you move to 5G if possible ifpossible.
(18:21):
But there's different types ofthreats that can affect 5G
networks, such as IMSI catchers,signaling attacks, supply chain
vulnerabilities and so forth.
Iot is a big factor when you'redealing with 5G and there's
some vulnerabilities that can beincorporated there as well, so
it's really important Again, wetalk about all this stuff over
and over again but having a goodplan on how you're going to
deploy this within your networks, the use of each of these
(18:42):
technologies, is a crucial partof your overall security game
plan.
Okay, the last section of domain4.1.
This is going to be with cdnsand content delivery networks.
Now, these are geographicallydistributed proxy servers that
are basically caching thecontent, that are closer to the
order you're at to increase thespeed and resilience.
Cdns are an important part ofthe way the internet works today
(19:04):
and especially with as muchcontent that is out there, cdns
have to be used.
They really do.
Now, the problem is is, if theyget DDoSed, if they get denial
of service tax done on them,then they can go down and then
it causes all kinds of latencyissues.
But they have DDoS mitigation,they have WAF capabilities and
(19:25):
then they well, in many caseshave TLS termination and secure
content caching.
Okay, some of the securityimplications that are involved
in this.
It does introduce reliance onthird-party security postures
that are third parties that aremanaging your network.
Obviously, the CDN is relyingon them to do the job right and
to make sure that they have thesecurity in place to protect
your data.
This includes potentially ofcache poisoning,
(19:45):
misconfigurations or the need toprotect the original server
itself.
So you are relying on somebodyelse to protect the data and to
protect the communications, andthat, in turn, does incur some
level of risk to you and yourcompany.
Secure network components thisis what domain 4.2, so
operational of heart, operationof hardware.
So when you're dealing withdifferent secure components, you
(20:08):
want to have redundant powerset up and this would be ups's
uninterrupted power supplies.
You may have generators in wellin place as well, this to
ensure you have continuousoperation of these critical
network devices and systems.
Again, you have to understandwhich ones are these critical
systems, but you want to havesome level of redundant power
for these.
This could also potentiallyinclude redundant networking
(20:30):
capabilities as well, dependingupon if this is required.
Your critical system isrequired to have network
connectivity outside to theworld, you may have to have
another circuit specificallybrought in for that specific
need.
Warranty and support We'vetalked about this with Microsoft
routinely.
Is that the relying on vendorwarranties and support contracts
for timely and hardwarereplacement, firmware updates
(20:51):
and technical assistance.
You need to make sure that youhave a good plan around the
warranties, how you're going topay for those, how you're going
to maintain the support withthose and it comes down to is
some of these systems may notever have support because
they're so old.
How do you deal with that?
That's a different conversation.
But again, warranty and supportis an important part of all of
your networking plans.
(21:12):
You need to ensure you haveavailability and resilience for
your network infrastructure.
A lack of redundancy or expiredsupport contracts will lead to
single points of failure.
I've seen it happen where yourcontract hasn't been negotiated.
You think you're good, thecontract goes away, you don't
have support and now you'respending three months trying to
get your contract back up tospeed and at that point in time
(21:35):
you're vulnerable.
So if you're a securityprofessional, understanding your
legal and your regulatory spaceis good, but also understanding
your contractual aspects are animportant part.
A company I work with we'veactually done contractual
reviews for people to make surethat they have the right
contracts in place for theirpeople.
Transmission media so you havedifferent types of transmission
media.
You have trans twisted pair,which is your UTP and STP.
(21:58):
You have coax.
You have wireless.
You have fiber optics We'vekind of talked about those as
well and the ultimate point isis that you want to determine
which ones do you need to useand you need to understand those
specifically for your the CISSP.
Now, they will vary inbandwidth, distance, cost and
susceptibility to interference,based on the product that you
get.
You deal with CAT6.
(22:19):
It has ability to carry.
Based on the product that youget you deal with Cat6, it has
ability to carry high levels ofdata across it, but then there's
some limitations on thedistance in which it can go.
If you're dealing with a singletwisted pair versus a
multi-twisted pair, how doesthat work for you?
All of those pieces are aspectsthat you need to be aware of
when you're dealing with yourtransmission media.
Different media have distinctvulnerabilities specifically
(22:40):
associated with them.
Copper is an important part,but it is susceptible to
eavesdropping and you will seethis with.
And it isn't so much that wehave many copper lines now, but
in the past there was a lot ofcopper that went through
buildings and so forth.
It was extremely susceptible toeavesdropping and also to
electromagnetic interferences aswell.
(23:00):
Now that you have the twistedpair, and especially if it's
shielded twisted pair, then youhave less risk of having any
sort of EMI effects that coulddeal with it.
Fiber optics highly secureagainst EMI, but they're
extremely fragile and they'rereally hard that if you break
them you can't just go andconnect them back together.
You have to have special toolsto do so.
(23:22):
So it makes it a little bitmore complicated.
Wireless obviously, is the mostvulnerable to eavesdropping and
jamming and unauthorized access, but it also is one of the most
flexible and is pretty muchused ubiquitously everywhere.
So understanding yourtransmission media pair, or your
transmission media, is animportant part of your CISSP,
and understanding how each ofthose pieces are crucial will
(23:43):
help you.
As far as you're studying forthis, make sure you have a good
grasp of each of those types.
Network access control devicesthese are designed as to enforce
security policies on devicesattempting to connect to the
network, both wired and wireless.
These can perform postureassessments where you're
basically checking the device,health patches, antivirus and so
forth.
It authenticates users anddevices and then grants and
(24:06):
denies or potentiallyquarantines the access based on
your access that you're allowedto have.
And these are networks accesscontrol devices.
They do prevent unauthorized ornon-compliant devices from
accessing a network.
So if you don't have portcontrols in place, these NACs
can actually help reduce that.
If somebody were to plugsomething in, it can limit the
effect of those devices.
(24:27):
So, again, it reduces yourattack surface and limits the
spread of potential malware froman infected endpoint.
Endpoint security this protectsthe individual computing devices
such as your laptops, desktops,servers and so forth, and it is
an important part of any sortof security strategy you may
have.
This could deal with endpointdetection and response, host
(24:47):
base ids and ipss, dlp and hostbased firewalls.
All of those are part of yourendpoint security program and
they're a common entry point forall attackers of the endpoints,
because people are there andpeople click on links.
They are crucial for detectingand preventing any sort of
malware defense or infections,and I usually say the endpoints
are your first line of detection.
Uh, that and your people.
(25:08):
Your people are like sensorsand between them and your
endpoints, they are your firstline.
They are the ones that aregoing to help identify
suspicious activity.
They'll help control data flows.
All of those things are animportant part of your endpoint
detection strategy.
Make sure you deploy endpointdetection and response some sort
of protection and response toyour endpoints right now.
(25:30):
Now one thing to also consideris just antivirus.
Right, people used to always beantivirus.
It needs to be a much bettersolution, such as endpoint
detection and response type ofsecurity suites.
These are focused specificallyon heuristics.
They're focused on thedifferent types of signatures.
They're also based on othercommunications they get from the
mothership that are tellingthem hey, these are the attacks
(25:53):
we're seeing.
Edr is a really good endpointfor you need to consider for all
endpoint security.
Okay, domain 4.3, public switchtelephone networks PSTNs.
Now, these are traditionalcircuit-based switch telephone
network used for voicecommunication and it does rely
on copper wires and switchingcenters to do the work.
So this is the old school whereyou had somebody sitting in
(26:16):
behind a desk and they'replugging in different wires into
different ports to make thecommunication the connection.
This is a PSTN.
Granted, obviously that wasreally old school, but it's the
traditional old type of phonenetwork.
It is susceptible towiretapping and eavesdropping
and denial of services as well.
They still exist in differentplaces.
(26:37):
Obviously, in areas that aremaybe a little less developed,
they're more prevalent, butbottom line is, pstn is still
out there, and you, as asecurity professional, need to
understand what is a PSTNnetwork Voice over IP.
This is what allows for voiceand multimedia communications
over IP networks such as theInternet, and then, obviously,
it's instead of the traditionalphone lines that you would have,
(26:57):
such as a PSTN network.
Obviously, it's instead of thetraditional phone lines that you
would have, such as a PSTNnetwork.
They're becoming more and moredeveloped and deployed
throughout.
Most companies have these, andthey will include various
different types of threats thatcan affect them, such as
eavesdropping, dos attacks.
Obviously, they can target yourvoice over IP clients if they're
high IP or high value clients,and they will also target the
(27:20):
servers as well.
Gaining access to these systemscan be a plethora of information
, and so bad guys and girls willattack those systems.
They really truly do want theVoIP systems, and if you don't
have good security enabled onthem, they are a high target and
they can also incorporate a lotof risk for you and your
organization, hence, if theywere to be breached or
(27:43):
compromised.
You now are running in asituation where you become
liable because you didn't put inadequate controls for them.
Thanks so much for joining metoday on my podcast.
If you like what you heard,please leave a review on iTunes,
as I would greatly appreciateyour feedback.
Also, check out my videos thatare on YouTube and just head to
my channel at CISSP CyberTraining and you will find a
(28:03):
plethora, or a cornucopia, ofcontent to help you pass the
CISSP exam the first time.
Lastly, head to CISSP CyberTraining and sign up for 360
free CISSP questions to help youin your CISSP journey.
Thanks again for listening.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!