收藏 分享(赏)

CISSP 官方通信与网络安全专题课件.pdf

上传人:a****2 文档编号:3332294 上传时间:2024-03-02 格式:PDF 页数:179 大小:1.42MB
下载 相关 举报
CISSP 官方通信与网络安全专题课件.pdf_第1页
第1页 / 共179页
CISSP 官方通信与网络安全专题课件.pdf_第2页
第2页 / 共179页
CISSP 官方通信与网络安全专题课件.pdf_第3页
第3页 / 共179页
CISSP 官方通信与网络安全专题课件.pdf_第4页
第4页 / 共179页
CISSP 官方通信与网络安全专题课件.pdf_第5页
第5页 / 共179页
CISSP 官方通信与网络安全专题课件.pdf_第6页
第6页 / 共179页
亲,该文档总共179页,到这儿已超出免费预览范围,如果喜欢就下载吧!
资源描述

1、COMMUNICATION AND NETWORK COMMUNICATION AND NETWORK SECURITY SECURITY 3 3Domain Objectives Understand the structures,transmission methods,Understand the structures,transmission methods,transport formats,and security measures used to transport formats,and security measures used to provide confidentia

2、lity,integrity,and availability for provide confidentiality,integrity,and availability for transmissions over private and public communications transmissions over private and public communications networks and works and media.Identify risks that can be quantitatively and qualitatively Identify risks

3、 that can be quantitatively and qualitatively measured to support the building of business cases to measured to support the building of business cases to drive proactive security in the enterprise.drive proactive security in the enterprise.4 4Domain Agenda Apply Secure Design Principles to Network A

4、pply Secure Design Principles to Network ArchitectureArchitecture Securing Network ComponentsSecuring Network Components Design and Establish Secure Communication Design and Establish Secure Communication ChannelsChannels Prevent or Mitigate Network AttacksPrevent or Mitigate Network AttacksAPPLY SE

5、CURE DESIGN APPLY SECURE DESIGN PRINCIPLES TO NETWORK PRINCIPLES TO NETWORK ARCHITECTURE ARCHITECTURE 6 6Module Topics Layering ModelsLayering Models Open System Interconnect(OSI)ModelOpen System Interconnect(OSI)Model TCP/IP Reference ModelTCP/IP Reference Model Internet Protocol(IP)NetworkingInter

6、net Protocol(IP)Networking Directory ServicesDirectory Services HTTP ProxyingHTTP Proxying Implication of Multilayer ProtocolsImplication of Multilayer Protocols Converged ProtocolsConverged Protocols7 7Module Topics MultiMulti-Protocol Label Switching(MPLS)Protocol Label Switching(MPLS)Voice over I

7、nternet Protocol(VoIP)Voice over Internet Protocol(VoIP)Types of Wireless TechnologiesTypes of Wireless Technologies Types of Wireless NetworksTypes of Wireless Networks Spread SpectrumSpread Spectrum Wireless Security IssuesWireless Security Issues Cryptography to Maintain Communications SecurityCr

8、yptography to Maintain Communications Security How Certificates are UsedHow Certificates are Used Securing Network ComponentsSecuring Network Components8 8Layering Models Several layering models exist;the most commonly Several layering models exist;the most commonly used are:used are:The OSI The OSI

9、 reference modelreference modelThe TCP/IP or The TCP/IP or Department of Department of Defense(DoD)Defense(DoD)modelmodel9 9Open System Interconnect(OSI)ModelAPPLICATION LAYER Network-related application programs PRESENTATION LAYER Standardization of data presentation to the applications SESSION LAY

10、ER Management of sessions between applications TRANSPORT LAYER End-to-end error detection and correction NETWORK LAYER Management of connections across the network DATA LINK LAYER Reliable data delivery Includes LLC and MAC sub-layers PHYSICAL LAYER Physical characteristics of the network media 1010

11、Layer 1:Physical LayerPhysical topologies are Physical topologies are defined at this layer.defined at this layer.1111Layer 2:Data-Link LayerPrepares the packet Prepares the packet that it receives from that it receives from the network layer to be the network layer to be transmitted as frames trans

12、mitted as frames on the networkon the networkEnsures the Ensures the information that it information that it exchanges with its exchanges with its peers is errorpeers is error-freefree1212Layer 3:Network Layer DataData-link layer relies on link layer relies on hardware addressing,the hardware addres

13、sing,the network layer uses logical network layer uses logical addressing that is addressing that is created when hosts are created when hosts are configuredconfigured1313Internet Protocol(IP)I IP P I Is a connectionless protocol that does not guarantee errors a connectionless protocol that does not

14、 guarantee error-free deliveryfree delivery H Has two functions:as two functions:AddressingAddressingFragmentationFragmentation1414Layer 3 Devices Read the destination Layer 3 address in received Read the destination Layer 3 address in received packets and use their routing table to determine the pa

15、ckets and use their routing table to determine the next device on the network to send the packetnext device on the network to send the packet Example devices:Example devices:Routers1515Layer 3 ProtocolsOpen Shortest Open Shortest Path First(OSPF)Path First(OSPF)Versions 1 and 2Versions 1 and 2IGMP I

16、GMP-Internet Internet Group Multicast Group Multicast ProtocolProtocolIPv4/IPv6 IPv4/IPv6-Internet ProtocolInternet ProtocolDVMRP DVMRP-Distance Vector Distance Vector Multicast Routing Multicast Routing ProtocolProtocolIPsec IPsec-Internet Internet Protocol SecurityProtocol Security1616Layer 4:Tran

17、sport Layer C Creates reates an endan end-toto-end transport between peer end transport between peer hosts hosts I Important mportant T Transport ransport L Layer ayer protocols in the TCP/IP protocols in the TCP/IP suitesuite:User Datagram Protocol(UDP)Transmission Control Protocol(TCP)1717UDP UDP

18、does not ensure that UDP does not ensure that transmissions are received transmissions are received without errors,and therefore is without errors,and therefore is classified as a connectionless classified as a connectionless unreliable protocol unreliable protocol 1818TCP 1919Layer 4 ProtocolsTCP T

19、CP-Transmission Transmission Control ProtocolControl ProtocolUDP UDP-User User Datagram Datagram ProtocolProtocol2020Layer 5:Session LayerProvides a logical Provides a logical persistent persistent connection between connection between peer hostspeer hostsResponsible for Responsible for creating,cre

20、ating,maintaining,and maintaining,and tearing down the tearing down the session session 2121Layer 5 ProtocolsPAP PAP-Password Password Authentication Authentication ProtocolProtocolPPTP PPTP PointPoint-toto-Point Point Tunneling ProtocolTunneling ProtocolRPC RPC-Remote Remote Procedure Call Procedur

21、e Call ProtocolProtocol2222Layer 6:Presentation Layer This layer provides services to ensure that the peer This layer provides services to ensure that the peer applications use a common format to represent applications use a common format to represent datadataASCIIASCIIEBCDICEBCDIC2323Layer 7:Applic

22、ation Layer The applications portal to the applicationThe applications portal to the applicationWhen an application or the operating system transmits or When an application or the operating system transmits or receives data over a network,it uses the services from this layerreceives data over a netw

23、ork,it uses the services from this layerThe application layer is not the application The application layer is not the application 2424Layer 7 ProtocolsDHCP/DHCPv6 DHCP/DHCPv6-Dynamic Host Dynamic Host Configuration Configuration Protocol/v6Protocol/v6DNS DNS-Domain Domain Name SystemName SystemHTTP

24、HTTP-Hypertext Hypertext Transfer ProtocolTransfer ProtocolLDAP LDAP-Lightweight Lightweight Directory Access Directory Access ProtocolProtocolSMTP SMTP-Simple Mail Simple Mail Transfer ProtocolTransfer ProtocolRouting Routing Information Information Protocol(RIP)Protocol(RIP)Versions 1 and 2Version

25、s 1 and 22525OSI Model ActivityINSTRUCTIONSINSTRUCTIONSComplete the diagram Complete the diagram with the appropriate with the appropriate labels.labels._ LAYER Network-related application programs _ LAYER Standardization of data presentation to the applications _ LAYER Management of sessions betwee

26、n applications _ LAYER End-to-end error detection and correction _ LAYER Management of connections across the network _ LAYER Reliable data delivery Includes LLC and MAC sub-layers _ LAYER Physical characteristics of the network media 2626OSI Model Activity-AnswersINSTRUCTIONSINSTRUCTIONSComplete th

27、e diagram Complete the diagram with the appropriate with the appropriate labels.labels.APPLICATION LAYER Network-related application programs PRESENTATION LAYER Standardization of data presentation to the applications SESSION LAYER Management of sessions between applications TRANSPORT LAYER End-to-e

28、nd error detection and correction NETWORK LAYER Management of connections across the network DATA LINK LAYER Reliable data delivery Includes LLC and MAC sub-layers PHYSICAL LAYER Physical characteristics of the network media 2727TCP/IP Reference ModelOSI LAYEROSI LAYERTCP/IP LAYERTCP/IP LAYER7Applic

29、ation4Application6Presentation5Session4Transport3Transport3Network2Network2Data Link1Link Layer1Physical2828OSI vs.TCP/IP Model Comparison Activity 1.1.How are the TCP/IP and OSI models different?How are the TCP/IP and OSI models different?2.2.In what ways are the TCP/IP and OSI models In what ways

30、are the TCP/IP and OSI models similar?similar?2929Internet Protocol(IPv4)NetworkingIP is responsible IP is responsible for addressing for addressing packetspacketsThe address is The address is expressed as four expressed as four octets separated octets separated by a dot(.)by a dot(.)For example For

31、 example 216.12.146.140216.12.146.1403030Network ClassesClassRange of Number of Octets for First OctetNetwork NumberNumber of Hostsin NetworkA1126116,777,214B128191265,534C1922233254D224239MulticastE240255Reserved3131IPv6A much larger address A much larger address fieldfieldImproved securityImproved

32、 securityImproved quality of Improved quality of service service 3232Transmission Control Protocol(TCP)The Transmission Control The Transmission Control Protocol provides connectionProtocol provides connection-oriented data management and oriented data management and reliable data transferreliable d

33、ata transfer3333TCP and UDP Ports TCP and UDP map data types through the use of port TCP and UDP map data types through the use of port numbers associated with servicesnumbers associated with services UDP uses port numbers in a similar fashion to TCPUDP uses port numbers in a similar fashion to TCPW

34、ellWell-Known Ports:Known Ports:Ports 0 through 1023Ports 0 through 1023Registered PortsRegistered Ports:Ports 1024 through Ports 1024 through 4915149151Dynamic or Private Dynamic or Private Ports:Ports:Ports 49152 through Ports 49152 through 65535655353434User Datagram Protocol(UDP)Provides a light

35、weight service for connectionless data transfer Provides a lightweight service for connectionless data transfer Without error detection and correction Without error detection and correction Useful as an attack mechanism as there is no state for Useful as an attack mechanism as there is no state for

36、routers/firewalls to observe and monitorrouters/firewalls to observe and monitor3535Internet/Intranet/ExtranetInternet Internet Outside untrusted Outside untrusted networknetworkIntranet Intranet Internal networkInternal networkExtranet Extranet Outside semiOutside semi-trustedtrusted3636Other Explo

37、itationsDynamic Host Dynamic Host Configuration Configuration Protocol(DHCP)Protocol(DHCP)Internet Control Internet Control Message Message Protocol(ICMP)Protocol(ICMP)Ping(Packet Ping(Packet InterNetInterNetGroper)Groper)Ping ScanningPing ScanningTraceroute Traceroute Exploitation Exploitation 3737

38、Remote Procedure Calls(RPC)RPCs represent the RPCs represent the ability to allow for the ability to allow for the execution of objects execution of objects across hosts across hosts 3838Directory ServicesDNS security DNS security extensions extensions(DNSSEC)(DNSSEC)Lightweight Lightweight director

39、y access directory access protocol(LDAP)protocol(LDAP)Network basic Network basic input output input output system(NetBIOS)system(NetBIOS)Network Network information information service service (NIS/NIS+)(NIS/NIS+)3939Email Protocols4040File Transfer Protocol(FTP)FTP is a FTP is a statefulstateful p

40、rotocol protocol that allows files to be that allows files to be transmitted between transmitted between host and serverhost and server4141Trivial File Transfer Protocol(TFTP)S Simplified implified version of FTPversion of FTPFor moving for For moving for moving small moving small files.files.No No

41、authentication or authentication or encryption encryption S Should only be hould only be used in trusted used in trusted networks with networks with low latencylow latency4242Hypertext Transfer Protocol(HTTP)Designed to transfer HTML web pages between a Designed to transfer HTML web pages between a

42、server and a clientserver and a clientTraffic is sent in clear text but can be encryptedTraffic is sent in clear text but can be encryptedEncrypted using SSL or TLSEncrypted using SSL or TLS4343Supervisory Control and Data Acquisition(SCADA)DNP3 is commonly used in SCADA systemsDNP3 is commonly used

43、 in SCADA systemsPrimary protocol used to communicate between Primary protocol used to communicate between SCADA devicesSCADA devicesNo security features No security features 4444Network Perimeter Vulnerabilities Protocol Vulnerabilities Protocol Vulnerabilities Throughout the StackThroughout the St

44、ackData InsecuritiesData InsecuritiesSession Hijacking and Session Hijacking and ManMan-in in-thethe-middle middle AttacksAttacksOperating System and Operating System and Server WeaknessesServer WeaknessesDevice and Vendor Device and Vendor“Backdoors”“Backdoors”4545What is IP Convergence?Excellent s

45、upport for multimedia applicationsExcellent support for multimedia applicationsA converged IP network is a single platform on which A converged IP network is a single platform on which interoperable devices can be run in innovative waysinteroperable devices can be run in innovative waysA uniform env

46、ironment requires fewer components in A uniform environment requires fewer components in the networkthe network4646Fibre Channel over Ethernet(FCoE)Lightweight encapsulation protocol that lacks the reliable Lightweight encapsulation protocol that lacks the reliable data transport of the TCP layerdat

47、a transport of the TCP layer Must operate on DCBMust operate on DCB-enabled Ethernet and use lossless enabled Ethernet and use lossless traffic classes traffic classes Mimics the lightweight nature of native FC protocols and Mimics the lightweight nature of native FC protocols and mediamedia Does no

48、t incorporate TCP or even IP protocolsDoes not incorporate TCP or even IP protocols Only for shortOnly for short-haul communication within a data centerhaul communication within a data center4747DCB StandardsPriorityPriority-Based Based Flow Control Flow Control(PFC),802.1Qbb(PFC),802.1QbbEnhanced E

49、nhanced Transmission Transmission Selection(ETS),Selection(ETS),802.1Qaz 802.1Qaz Quantized Quantized Congestion Congestion Notification(QCN),Notification(QCN),802.1Qau 802.1Qau Data Center Data Center Bridging Exchange Bridging Exchange Protocol(DCBX),Protocol(DCBX),802.1Qaz 802.1Qaz 4848iSCSI(Inte

50、rnet SCSI Small Computer System Interface)Internet Protocol(IP)Internet Protocol(IP)-based storage networking standard based storage networking standard linking data storage facilitieslinking data storage facilitiesFacilitates data transfers over intranets and to manage Facilitates data transfers ov

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 教育教学 > 考试真题 > 2.29金太阳联考 > 2.29金太阳联考 > 更多高考新课联系:F8688333

copyright@ 2008-2023 wnwk.com网站版权所有

经营许可证编号:浙ICP备2024059924号-2