Telecommunications and network security form a vital part of the CISSP exam syllabus. In this article, we will explore Chapter 6 of Shawn Harris' CSSP All-in-One Exam Guide (2013 edition) and delve into essential topics such as cloud computing, intranets and extranets, wide area networks, and the evolution of communication technologies.
Cloud computing has revolutionized the way computer processing capabilities are delivered. Rather than a product, cloud computing offers shared resources, software, and information as a service. However, there is an ongoing debate about whether cloud computing enhances or undermines security. It is important to differentiate between infrastructure, platform, and software offerings within the cloud computing model. Infrastructure as a Service (IaaS) primarily focuses on managing virtual machine servers, while Platform as a Service (PaaS) provides the software environment running on top of the IT network. Software as a Service (SaaS) emphasizes data protection, especially in the case of storage as a service (SAS). Access management to applications is a critical aspect of this model.
Intranets and extranets play a crucial role in facilitating internal and external communication within organizations. Intranets serve as centralized web-based applications for various business functions like employee services, marketing, and engineering. These websites are hosted on the internal network, ensuring secure access to authorized individuals. On the other hand, extranets enable sharing of internal information with vendors, suppliers, or customers. These web services, typically in XML or HTML format, allow controlled access to specific information over the internet. Maintaining proper security protocols is essential for extranets to ensure data integrity and confidentiality.
Metropolitan Area Networks (MANs) connect local area networks (LANs) within a specific geographical area. MANs utilize fiber-optic cables and are commonly implemented as fiber distributed data interface (FDDI) rings. Data transmission speeds can reach up to 100 megabits per second, making MANs suitable for various applications. Another type of MAN is Metro Ethernet, which integrates Ethernet with other networking technologies like MPLS. Although it is less expensive, Metro Ethernet is considered less reliable than FDDI and SONET (Synchronous Optical Network).
SONET, along with FDDI, forms the backbone of most wide area networks (WANs). SONET is highly reliable due to its fully redundant ring architecture, allowing for seamless data transmission. It employs multiplexing techniques and transmits data as electronic voltage, which is then converted into light for transmission over optical carrier (OC) lines. Layer 2 and 3 switches are used to connect optical fibers, creating a ring, star, or partial mesh topology. WANs have evolved significantly from analog phone systems to digital systems with t1 trunks, fiber optics, and ATM over SONET networks.
Dedicated links, also known as leased lines or point-to-point links, are pre-established connections for secure communications. T-carriers are dedicated lines used to carry voice and data over trunk lines. A T1 line can multiplex 24 channels, and fractional T lines allow shared bandwidth by dividing a T line into smaller portions. E-carriers are similar to T-carriers but are used in European countries. Optical carriers specify the speed of fiber-optic networks and adhere to the SONET standard.
To connect LANs to wide area networks, channel service unit/data service units (CSU/DSU) are utilized. The CSU connects digital equipment to a telephone company's line, while the DSU converts digital signals from routers, bridges, and multiplexers into compatible signals.
Exploring Advanced Switching Technologies and Voice over IP Security
In the realm of telecommunications and network security, it is essential to delve into advanced switching technologies and address the security concerns associated with Voice over IP (VoIP) systems. Continuing our examination of Chapter 6 from Shawn Harris' CSSP All-in-One Exam Guide (2013 edition), we will now focus on circuit switching, packet switching, frame relay, ATM (Asynchronous Transfer Mode), and voice over IP security issues.
Circuit switching is a switching method that provides dedicated bandwidth for point-to-point connections. It ensures a consistent and uninterrupted connection between two parties. In contrast, packet switching breaks data into packets and transmits them individually, making bandwidth available for other connections. It utilizes Quality of Service (QoS) to prioritize traffic types.
Frame relay is a data link layer protocol that enables multiple companies and networks to share the same resources efficiently. It utilizes DTE (Data Terminal Equipment) and DCE (Data Circuit-terminating Equipment) equipment. A collection of DCE service providers forms the frame relay cloud, providing switching and data communication functionality. Virtual circuits are employed in Asynchronous Transfer Mode (ATM), where cells are transferred between circuits. These circuits can be either permanent or switched. Switched virtual circuits are torn down after the connection is terminated, while permanent virtual circuits remain active.
X.25, an older web protocol, utilizes carrier switches to provide connectivity to various networks. It divides data into 128-byte frames and encapsulates them in High-Level Data Link Control (HDLC) frames. ATM, or Asynchronous Transfer Mode, is another switching technology that uses cells instead of packets. It is a high-speed networking technology suitable for voice and data services. ATM is connection-oriented, allowing virtual circuits to guarantee bandwidth and quality of service. The cost is based on the required bandwidth.
Within the extensive list of protocols, we encounter SMDs (Multi-Megabit Data Service), which connect LANs over Wide Area Networks (WANs). However, SMDs are now considered an obsolete technology. SDLC (Synchronous Data Link Control) facilitates dedicated links with permanent physical circuits, enabling mainframes to communicate with remote offices. HDLC extends SDLC and is also a bit-oriented data link protocol used for serial device communications. It boasts high throughput due to its full-duplex capabilities.
PPP (Point-to-Point Protocol) is similar to HDLC and serves as a data link protocol for point-to-point connections. It performs framing and encapsulation of multiprotocol packets. The High-Speed Serial Interface (HSSI) is used to connect multiplexers to ATM or frame relay networks. Lastly, Voice over IP (VoIP) protocol utilizes the existing physical network for both telephone and LAN services, eliminating the need for separate cables.
However, VoIP systems face security challenges. IP-based signaling in VoIP suffers from a lack of encrypted calls and authentication signals, making it susceptible to attacks. Hackers can exploit vulnerabilities in signaling protocols to intercept incoming and outgoing calls, spoof phone numbers, and eavesdrop on sensitive conversations. They can impersonate the recipient and trick the caller into divulging sensitive information. These security concerns necessitate countermeasures to safeguard VoIP systems.
To mitigate VoIP security risks, it is crucial to keep network devices up to date with the latest patches, install and maintain firewalls and VPNs, and disable unnecessary ports and services on routers, switches, and IP telephones. Additionally, identifying and securing telephony devices within the network is essential.
In conclusion, understanding advanced switching technologies and addressing VoIP security concerns are paramount in ensuring robust and secure telecommunications and network systems. By implementing appropriate measures, organizations can protect their communication infrastructure and mitigate potential threats.
