Chapter 15: Secure Communications Channels PDF
Document Details
Uploaded by PlentifulMonkey
Universidad Autónoma de Nuevo León
Tags
Summary
This document is a chapter review on secure communication channels, focusing on technologies like PSTN, SS7, DSL, VDSL, G.fast, and ISDN. The chapter covers the importance of these technologies in modern organizations, highlighting their use in remote work and multimedia communication.
Full Transcript
Chapter 15: Secure Communications Channels 707 Chapter Review With this chapter, we have finished our coverage of the fourth domain of the CISSP Common Body of Knowledge, Communication and Network...
Chapter 15: Secure Communications Channels 707 Chapter Review With this chapter, we have finished our coverage of the fourth domain of the CISSP Common Body of Knowledge, Communication and Network Security, by discussing the myriad of technologies that allow us to create secure communications channels in our organizations. Though most people (particularly in the technology fields) would not consider voice to be their primary means of communication, it remains important for many reasons, not the least of which is the fact that traditional voice channels are more commonly used nowadays for digital data traffic. It is important to understand how these technologies blend in different ways so that we can better secure them. The COVID-19 pandemic forced most organizations around the world to quickly move toward (or improve their ability at) supporting a remote workforce largely based in home offices. While the news media regularly featured stories on the vulnerabilities and attacks on our multimedia collaboration and remote access systems, it is remarkable how well these held up to the sudden increase in use (and attacks). We hope that this chapter has given you a better understanding of how security professionals can continue to improve the security of these systems while supporting a remote workforce and third- party connectivity. Quick Review PART IV The public switched telephone network (PSTN) uses circuit switching instead of packet routing to connect calls. The Signaling System 7 (SS7) protocol is used for establishing and terminating calls in the PSTN. The main components of a PSTN network are signal switching points (SSPs) that terminate subscriber loops, signal transfer points (STPs) that interconnect SSPs and other STPs to route calls through the network, and service control points (SCPs) that control advanced features. A digital subscriber line (DSL) is a high-speed communications technology that simultaneously transmits analog voice and digital data between a home or business and a PSTN service provider’s central office. Asymmetric DSL (ADSL) has data rates of up to 24 Mbps downstream and 1.4 Mbps upstream but can only support distances of about a mile from the central office without signal boosters. Very high-data-rate DSL (VDSL) is a higher-speed version of ADSL (up to 300 Mbps downstream and 100 Mbps upstream). G.fast is DSL that runs over fiber-optic cable from the central office to a distribution point near the home and then uses legacy copper wires for the last few hundred feet to the home or office. It can deliver data rates of up to 1 Gbps. Integrated Services Digital Network (ISDN) is an obsolescent pure digital technology that uses legacy phone lines for both voice and data. CISSP All-in-One Exam Guide 708 Basic Rate Interface (BRI) ISDN is intended to support a single user with two channels each with data throughput of 64 Kbps. Primary Rate Interface (PRI) ISDN has up to 23 usable channels, at 64 Kbps each, which is equivalent to a T1 leased line. Cable modems provide high-speed access to the Internet through existing cable coaxial and fiber lines, but the shared nature of these media result in inconsistent throughputs. Internet Protocol (IP) telephony is an umbrella term that describes carrying telephone traffic over IP networks. The terms “IP telephony” and “Voice over IP” are used interchangeably. Jitter is the irregularity in the arrival times of consecutive packets, which is problematic for interactive voice and video communications. The H.323 recommendation is a standard that deals with audio and video calls over packet-based networks. The Session Initiation Protocol (SIP) is an application layer protocol used for call setup and teardown in IP telephony, video and multimedia conferencing, instant messaging, and online gaming. The Real-time Transport Protocol (RTP) is a session layer protocol that carries data in media stream format, as in audio and video, and is used extensively in VoIP, telephony, video conferencing, and other multimedia streaming technologies. RTP Control Protocol (RTCP) is used in conjunction with RTP and is also considered a session layer protocol. It provides out-of-band statistics and control information to provide feedback on QoS levels of individual streaming multimedia sessions. Multimedia collaboration is a broad term that includes remotely and simultaneously sharing any combination of voice, video, messages, telemetry, and files in an interactive session. Telepresence is the application of various technologies to allow people to be virtually present somewhere other than where they physically are. Unified communications (UC) is the integration of real-time and non-real-time communications technologies in one platform. An always-on VPN is a system configuration that automatically connects the device to the VPN with no user interaction. A VPN kill switch is a system configuration that automatically cuts off Internet access unless a VPN session is established. A VPN split tunnel is a configuration that routes certain traffic through the VPN while allowing other traffic to access the Internet directly. Chapter 15: Secure Communications Channels 709 The Password Authentication Protocol (PAP) is an obsolete and insecure authentication protocol that sends user credentials in plaintext and should not be allowed. The Challenge Handshake Authentication Protocol (CHAP) uses a challenge/ response mechanism using the password as an encryption key to authenticate the user instead of having the user send a password over the wire. The Extensible Authentication Protocol (EAP) is a framework that enables many types of authentication techniques to be used when establishing network connections. Desktop virtualization technologies, such as remote desktops and virtual desktops, allow users to remotely interact with computers as if they were physically using them. Two of the most common approaches to providing remote desktops are Microsoft’s Remote Desktop Protocol (RDP) and the open-source Virtual Network Computing (VNC) system. Virtual desktop infrastructure (VDI) is a technology that hosts multiple virtual desktops in a centralized manner and makes them available to authorized users. Secure Shell (SSH) is a secure tunneling mechanism that provides terminal-like PART IV access to remote computers. A network socket is an endpoint for a data communications channel, defined by five parameters: source address, source port, destination address, destination port, and protocol (TCP or UDP). Remote procedure calls allow a program somewhere in your network to execute a function or procedure on some other host. Questions Please remember that these questions are formatted and asked in a certain way for a reason. Keep in mind that the CISSP exam is asking questions at a conceptual level. Questions may not always have the perfect answer, and the candidate is advised against always looking for the perfect answer. Instead, the candidate should look for the best answer in the list. 1. In which type of networks is the Signaling System 7 (SS7) protocol used? A. Integrated Services Digital Network (ISDN) B. IP telephony network C. Real-time Transport Protocol (RTP) network D. Public switched telephone network (PSTN)
