Repeaters (Layer 1) – amplify signal, no added intelligence, no filtering

Hubs (Layer 1) – used to connect multiple LAN devices, no added intelligence

Bridges (Layer 2)

• Amplifies signal and adds some intelligence
• Forwards the data to all network segments if the Media Access Control (MAC) or hardware address of the destination computer is not on the local network segment
• Automatically forwards all broadcast traffic

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. You may also want to consider these CISSP resources from Amazon.com

Switches (Layer 2) – Will only send data to the port where the destination MAC address is, not to all ports

Routers (Layer 3) – opens packet and looks at either MAC or IP address and forwards the packet to the destination network

Gateways – primarily software, can be multi-protocol and can examine the entire packet

Asynchronous Transfer Mode (ATM) Switches – use relay technology and typically used in WANs and CANs.

LAN Extenders

• Remote access multi-layer switch connected to a host router
• Filters based on MAC address, but not capable of firewalling

WAN Technologies

• Rules for communicating between computers on a WAN
• Communications between large disparate networks

Private Circuit Technologies

• Evolved before packet switching networks
• Dedicated analog or digital point-to-point connection
• Serial Line Internet Protocol (SLIP), Point-to-Pont Protocol (PPP), ISDN and xDSL
• Dedicated Line – indefinitely and continuously reserved for transmissions
• Leased Line – type of dedicated line leased from a carrier

Types and Speeds of Leased Lines

Digital Signal Level 0 (DS0) – single channel at 64KBps on a T1

Digital Signal Level 1 (DS1) – 1.544 MBps in US on a T1 and 2.108 MBps in Europe on an E1

Digital Signal Level 3 (DS3) – 44.736 MBps on a T3

T1 – transmits DS-1 data at 1.544 MBps on telephone switching network

T3 – transmits DS-3 data at 44.736 MBps on telephone switching network

E1 – predominantly used in Europe and carries data at 2.108 MBps

E3 – predominantly used in Europe and carries data at 34.368 MBps

SLIP (Serial Line Internet Protocol)

• Developed in 1984 to support TCP/IP over low speed serial interfaces
• Using Windows NT RAS, NT computers can use TCP/IP and SLIP to communicate to remote hosts

PPP (Point to Point Protocol)

• Used over dial-up and dedicated links
• Includes login, password and error correction
• Operates at Layer 2 and uses CHAP and PAP

ISDN (Integrated Services Digital Network)

• Integration of digital telephony and data transport
• Digitization of the telephone network, allowing voice, data, etc.
• Overtaken by DSL

xDSL (Digital Subscriber Line)

• Uses existing twisted pair telephone lines
• ADSL (Asymmetric DSL)
  • More bandwidth downstream (1.5 to 9 MBps) than upstream (16 to 640 KBps)
  • Works at 18000 ft theoretical lengths and 14400 ft practical lengths over copper twisted pair
• SDSL (Single-line DSL)
  • Provides from 144 KBps up to 1.544 MBps in both downstream and upstream traffic, depending on the distance from the carriers point of presence (POP) over copper twisted pair
  • Works at 10000 ft lengths
• HDSL (High-rate DSL)
  • 1.544 MBps both up and down over two copper twisted pair (T1 speed)
  • Can do 2.048 MBps on three copper twisted pair
• VDSL – (Very High-rate DSL)
  • 13-52 MBps down and 1.5 MB to 2.3 MBps upstream over single copper twisted pair operating range 1,000 – 4,500 feet

You may also want to consider these CISSP resources from Amazon.com

Mail Services – Send and receive e-mail internally and externally

Print Services – Print documents to shared printers

Client/Server Services – Allocate computing resources among workstations

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. You may also want to consider these CISSP resources from Amazon.com

Domain Name Service

• Matches Internet Uniform Resource Locator (URL) with the actual IP address of the server providing the URL
• Maps host names to IP addresses
• Domain Name System (DNS) – global network of servers that provide this service

So I Googled, “CISSP Domain 2”.  The result was TechTarget’s SearchSecurity.com listed at number 1. And it says “CISSP Domain 2 quiz: Access Control.” Access Control? What do you mean Access Control? I thought “Telecommunications and Network Security” is the CBK”s Domain 2?

At first I thought it was a mistake by TechTarget, but as I go down the Google search result they all say Access Control. Was I smoking something when I was typing my notes 4 years ago? You are probably saying, “well Don, what is the big deal?” It sort of kinda a big deal, since if you have been following my entries in this blog, I have Access Control listed as Domain 1 and Telecommunications and Network Security is Domain 2. Don’t want to end up losing street cred here . Plus really it bugs me not being able to figure out how I could have done such a mistake.

So I visited the original source, I went to ISC2.org and looked up how they listed the domains. And this is what I found:

• Access Control
• Application Development Security
• Business Continuity and Disaster Recovery Planning
• Cryptography
• Information Security Governance and Risk Management
• Legal, Regulations, Investigations and Compliance
• Operations Security
• Physical (Environmental) Security
• Security Architecture and Design
• Telecommunications and Network Security

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. You may also want to consider these CISSP resources from Amazon.com

If you notice the list is in alphabetical order. There is no direct number designation for each domain. I also used the Shon Harris All-in-One book () primarily to do my review. Since I don’t have the book handy (it is stuck somewhere in storage), I went to Amazon and looked up the book and see if I can view the table of contents inside. The book is now on its fifth edition (CISSP All-in-One Exam Guide, Fifth Edition) and I know I have an older version. The oldest version I can find that has the Amazon Look Inside feature is the Third Edition. And voila! There it is the first domain discussed is Access Control and therefore making it Domain 1, right?

But wait, it also lists Telecommunications & Network Security fourth in the list, which means I am still up in smoke . I looked up the publication date of the third edition and it shows as September 15, 2005. I bought my book in 2003 and this means I have the older edition, which may have a different way of listing the domains. I can’t prove that since I don’t have the book and I don’t feel like diving into the abyss otherwise known as my storage, I just continued Googling for answers.

I looked up the Official CISSP book () that I have (Official (ISC)2 Guide to the CISSP CBK ((ISC)2 Press)) and it lists “Information Security Governance and Risk Management” as Domain 1, while “Access Control” is Domain 2. I really could care less, I already passed the exam, I already have 120 CPEs and I am on time on my membership payments to ISC2, so I am set to get my CISSP cert to be renewed by September this year. But this difference in numbering does bug me. Now I think about it, I did notice the numbering difference when I bought the Official CISSP book in 2006, I didn’t pay much attention to it for some reason since I was already deep into my studying of the Shon Harris book. What was I smoking? What was Ms. Harris smoking? Well to be quite sure, nothing.

As I did further Googling I landed into another SearchSecurity.com site. The site that started this little hubbub. And guess what I found?

Domain 1 is “Telecommunications & Network Security”, Domain 2 “Physical Security”…

Whut!?!

Yep, the site contradicted itself.

So a quick conclusion after all this little exercise in WTF, I concluded that OFFICIALLY there are 10 Domains in the CISSP Common Body of Knowledge. Which domain comes first, next and last, is NOT AN OFFICIAL RANKING OR NUMBERING. Don’t get too hung up on this while you are studying, you will not encounter a question in the exam that says, “In Domain 2 of the CBK…”, it will instead more than likely say, “In the Access Control Domain of the CBK…”

All that said, I wish you goodluck on the exam. If you are not taking the exam, thank you for reading . Happy weekend.

• Secure connection between two nodes using secret encapsulation method
• Secure Encrypted Tunnel – encapsulated tunnel (encryption may or may not be used)
• Tunnel can be created by the following three methods:
  • Installing software or agents on the client or network gateway
  • Implementing user or node authentication systems
  • Implementing key and certificate exchange systems

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. You may also want to consider these CISSP resources from Amazon.com

VPN Protocol Standards

PPTP – Point-to-Point Tunneling Protocol

• Works at the data link layer
• Single point to point connection from client to server
• Common with asynchronous connections with NT and Win 95

L2TP – Layer 2 Tunneling Protocol

• Combination of PPTP and earlier Layer 2 Forwarding Protocol (L2F)
• Multiple protocols can be encapsulated within the L2TP
• Single point to point connection from client to server
• Common with Dial-up VPNs

IPSec

• Operates at the network layer
• Allows multiple and simultaneous tunnels
• Encrypt and authenticate IP data
• Focuses more on Network to Network Connectivity

VPN Devices

• Hardware and Software devices that utilize VPN standards
• Two types:
  • IPSec Compatible
  • Non-IPSec Compatible

IPSec Compatible

• Installed on a network perimeter and encrypt traffic between two networks
• Only works with IP
• Operates at the Network Layer
• Two modes:
  • Tunnel Mode – entire packet is encrypted and encased in the IPSec packet
  • Transport Mode – only datagram is encrypted leaving IP address visible
• Datagram – self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination

Non-IPSec Compatible

• Common non-IPSec compatible includes: SOCKS, PPTP and SSH
• SOCKS is not a traditional VPN protocol, but is robust and operates at the application layer
• PPTP was implemented in Win95 and NT
  • Multiprotocol and uses PAP and CHAP user authentication
  • Compresses data
  • End-to-End encryption
• Secure Shell SSH-2 – Not strictly VPN but can be used as one with terminal session

Firewall-based VPNs

• Frequently available with 3^rd Generation (Stateful Inspection) Firewalls
• Operates at the application layer
• Performance degradation is often a problem

You may also want to consider these CISSP resources from Amazon.com

• 3 Private IP Address Ranges

• Global Non-routable Addresses
• Class A – 10.0.0.0 to 10.255.255.255
• Class B – 172.16.0.0 to 172.31.255.255
• Class C – 192.168.0.0 to 192.168.255.255
• Class A addresses are for large networks (1 – 127)
• Class B addresses are for medium size networks (128-191)
• Class C address are for small networks – fewer than 256 devices (192-223
• Class D are for multicast addresses

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS. You may also want to consider these CISSP resources from Amazon.com

At the OSI Application Layer

SET – Secure Electronic Transaction

• Originated by Visa and Mastercard
• Being overtaken by SSL

SHTTP – Secure HTTP

• Early standard for encrypting HTTP documents
• Also being overtaken by SSL

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

At the OSI Transport Layer

SSH-2

• SSH has RSA certificates
• Supports authentication, compression, confidentiality and integrity
• DES encryption
• Because Secure Shell (SSH-2) supports authentication, compressions, confidentiality and integrity, SSH is used frequently for Encrypted File Transfer

SSL – Secure Socket Layer

• Contains SSL record protocol and SSL Handshake Protocol
• Uses symmetric encryption and public key authentication
• MAC – Message Authentication Code for Integrity

SKIP – Simple Key Management for Internet Protocol  - Similar to SSL with no prior communication required

You may also want to consider these CISSP resources from Amazon.com

Layered architecture

• Shows how communication should take place
• Clarify the general functions of a communication process
• To break down complex networking processes into more manageable sub-layers
• Using industry standard interfaces enables interoperability
• To change the features of one layer without changing the code in every layer
• Easier troubleshooting

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Open Systems Interconnect (OSI) Model

Layer 7 – Application

• Responsible for all application-to-application communications
• User information maintained at this layer is user data
• Security: Confidentiality, Authentication, Data Integrity, Non-repudiation
• Technology: Gateways
• Protocols: FTP, SMB, Telnet, TFTP, SMTP, HTTP, NNTP, CDP, GOPHER, SNMP, NDS, AFP, SAP, NCP, SET

Layer 6 – Presentation

• Responsible for the formatting of the data so that it is suitable for presentation
• Responsible for character conversion (ASCII/EBCDIC)
• Encryption/Decryption, Compressions and Virtual Terminal Emulation
• User information maintained at this layer is called messages
• Security: Confidentiality, Authentication, Encryption
• Technology: Gateway
• Protocols: ASCII, EBCDIC, Postscript, JPEG, MPEG, GIF

Layer 5 – Session

• Responsible for the setup of the links, maintaining of the link and the link tear-down between applications
• Security: None
• Technology: Gateway
• Protocols: Remote Procedure Calls (RPC), SQL, RADIUS, DNS, ASP

Layer 4 – Transport

• Responsible for the guaranteed delivery of user information
• Also responsible for error detection, correction and flow control
• User information at this layer is called datagram
• Security: Confidentiality, Authentication, Integrity
• Technology: Gateway
• Protocols: TCP, UDP, SSL, SSH-2, SPX, NetBIOS, ATP

Layer 3 – Network

• Responsible for the routing of user data from one node to another through the network including the path selection
• Logical addresses are used at this layer
• User information maintained at this layer is called packets
• Security: Confidentiality, Authentication, Data Integrity
• Technology: Virtual Circuits (ATM), routers
• Protocols: IP, IPX, ICMP, OSPF, IGRP, EIGRP, RIP, BOOTP, DHCP, ISIS, ZIP, DDP, X.25

Layer 2 – Data Link

• Responsible for the physical addressing of the network via MAC addresses
• There are two sublevels: MAC & LLC
• Has error detection, frame ordering and flow control
• User information maintained at this layer is called frames
• Security: Confidentiality
• Technology: Bridges, switches
• Protocols: L2F, PPTP, L2TP, PPP, SLIP, ARP, RARP, SLARP, IARP, SNAP, BAP, CHAP, LCP, LZS, MLP, Frame Relay, Annex A, Annex D, HDLC, BPDU, LAPD, ISL, ,MAC, Ethernet, Token Ring, FDDI

Layer 1 – Physical

• Responsible for the physical transmission of the binary digits through the physical medium
• Includes things such as the physical cables, interfaces and data rate specifications
• User information maintained at this layer is called bits
• Security: Confidentiality
• Technology: ISDN, Hubs, Repeaters, Cables

The Rainbow Series (sometimes known as the Rainbow Books) is a series of computer security standards published by the United States government in the 1980s and 1990s. They were originally published by the U.S. Department of Defense Computer Security Center, and then by the National Computer Security Center.

These standards describe a process of evaluation for trusted systems. In some cases, U.S. government entities (as well as private firms) would require formal validation of computer technology using this process as part of their procurement criteria. Many of these standards have influenced, and have been superseded by, the Common Criteria.

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

The books have nicknames based on the color of its cover. For example, the Trusted Computer System Evaluation Criteria was referred to as “The Orange Book.” In the book entitled Applied Cryptography, security expert Bruce Schneier states of NCSC-TG-021 that he “can’t even begin to describe the color of [the] cover” and that some of the books in this series have “hideously colored covers.” He then goes on to describe how to receive a copy of them, saying “Don’t tell them I sent you.”

(Source: http://en.wikipedia.org/wiki/Rainbow_Series)

• Redbook – Trusted Network Interpretation (TNI)
• Time and technological changes lessen the relevancy of the TNI to contemporary networking
• Deals with technical issues outside the scope of the Orange Book with regards to networks
• Redbook interprets the Orange Book

Orange Book – Trusted Computer Security Evaluation Criteria

• A document published by the US Department of Defense which contains criteria used for evaluating the degree of security in a networked system. It characterizes security from D (the minimum) to A1 (very secure). Most OPERATING SYSTEMS and NETWORK OPERATING SYSTEMS are classified at the C2 level. It is also known as the Orange Book and is often abbreviated to TCSEC.

TNI Evaluation Classes

• D – Minimal protection
• C – Discretionary protection
• C1 – Discretionary Security Protection
• C2 – Controlled Access protection
• B – Mandatory
• B1 – Labeled Security
• B2 – Structured
• B3 – Security Domains

Protocols – a standard set of rules that determines how computers communicate with each other across networks despite their differences

Layered architecture – An architecture in which data moves from one defined level of processing to another. Communications protocols are a primary example (i.e the OSI model)

• Shows how communication should take place
• Clarify the general functions of a communication process
• To break down complex networking processes into more manageable sub-layers
• Using industry standard interfaces enables interoperability
• To change the features of one layer without changing the code in every layer
• Easier troubleshooting

Salami Attack – a series of minor computer crimes that are part of a larger crime

One common method of attack involves saturating the target (victim) machine with external communications requests, such that it cannot respond to legitimate traffic, or responds so slowly as to be rendered effectively unavailable. In general terms, DoS attacks are implemented by either forcing the targeted computer(s) to reset, or consuming its resources so that it can no longer provide its intended service or obstructing the communication media between the intended users and the victim so that they can no longer communicate adequately.Denial-of-service attacks are considered violations of the IAB’s Internet proper use policy, and also violate the acceptable use policies of virtually all Internet Service Providers. They also commonly constitute violations of the laws of individual nations. (Source: http://en.wikipedia.org/wiki/Denial-of-service_attack)

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Common DoS Attacks

• Filling hard drive space with e-mail attachments
• Sending a message that resets a targets host subnet mask causing routing disruption
• Using up all the target’s resources to accept network connections

Additional DoS Attacks

• Buffer Overflow Attack
  • When a process receives much more data that expected
  • Since buffers are created to contain a finite amount of data, the extra information, which has to go somewhere – can overflow in adjacent buffers, corrupting or overwriting the valid data held in them
  • PING – Packet Internet Groper – uses ICMP – Internet Control Message Protocol
  • PING of Death – Intruder sends a PING that consists of an illegally modified and very large IP datagram, thus overfilling the system buffers and causing the system to reboot or hang
• SYN Attack
  • Attacks the buffer space during a TCP handshake
  • Attacker f;ppds the target system’s “in-process” queue with connection requests causing the system to timeout
• Teardrop Attack
  • Modifying the length of the fragmentation fields in the IP packet
  • When a machine receives this attack, it is unable to handle the data and can exhibit behavior ranging from a lost Internet connection to the infamous BSOD, the machine becomes confused and crashes
• Smurf Attack
  • Source site sends spoofed network requests to a large network (bounce site) and all machines responds to a target site
  • Exploits IP broadcast addressing
• Fraggle Attack
  • “Cousin” of the Smurf Attack
  • uses UDP echo packets in the same fashion as the ICMP echo packet

• Unauthorized access through circumvention of security access controls
• Masquerading, logon abuse (primarily internal attacks)

Class B – non-business use of systems

Class C

• Eavesdropping
• Active: Tampering with a transmission to create a covert signaling channel or probing the network
• Passive – Covertly monitoring or listening to transmissions that is unauthorized
• Covert Channel – using a hidden unauthorized communication
• Tapping – refers to the physical interception of transmission medium (like splicing of cable)

Planning to take the CISSP Exam? Get a copy of my personal notes (300plus pages worth) that I used to pass the exam for only $25.00. Click the Add To Cart Button to Purchase Plus you will also get copies of notes from other CISSPs. Learn more about this package by visiting this blog entry: CISSP REVIEW NOTES I USED TO PASS THE EXAM. CLICK BELOW TO MAKE YOUR PURCHASE NOW. All Purchases are securely processed through Paypal. Once you click the button please check your shopping cart at the upper right hand side of the page to complete your order. IMPORTANT NOTICE: I MANUALLY REVIEW ALL ORDERS. SO ONCE YOU PURCHASE THE PRODUCT, THERE WILL BE SOME DELAY ON YOU RECEIVING AN E-MAIL FROM ME WITH THE LINK TO THE DOWNLOAD AREA OF THE PRODUCT. YOU WILL GET A RESPONSE FROM ME WITHIN 24-48 HOURS.

Class D – denial of service saturation of network services

Class E

• Network Intrusion – external penetration
• Spoofing – a spoofing attack involves nothing more than forging one’s source address; the act of using one machine to impersonate another
• Piggy Backing – attack using another user’s connection
• Back Door – attack via dial-up or external connection

Class F

• Probing
• Gives an intruder a road map of the network for DoS attach
• Gives a list of available services
• Traffic analysis via sniffers, which scans the host for available services
  • Like a telephone wiretap allows the FBI to listen in to people’s conversation, a “sniffing” program lets someone listen in on computer conversations
• Tools: Telnet (manual), vulnerability scanners (automatic)