Certified Information Systems Security Professional (CISSP) Domain

Presentación del tema: "Certified Information Systems Security Professional (CISSP) Domain"— Transcripción de la presentación:

1 Certified Information Systems Security Professional (CISSP) Domain
Seguridad en Redes y Telecomunicaciones (Telecommunications and Networking Security) Certified Information Systems Security Professional (CISSP) Domain

2 Conceptos Telecomunicaciones – es la transmisión eléctrica de datos entre sistemas. Protocolo – conjunto estándar de reglas que determinan cómo se lleva a cabo la comunicación entre sistemas. Organismos: FCC (Federal Communications Commission) ITU (International Telecommunication Union) - CCITT ISO (International Standards Organization) IETF (Internet Engineering Task Force) IEEE (Institute of Electrical and Electronic Engineers)

3 Modelo OSI En un inicio cada fabricante utilizaba su propio protocolo
OSI (Open Systems Interconnect), 1980s, impulsado por ISO Modelo jerárquico, modular, dividido en capas con funcionalidades específicas. Objetivo: proveer un conjunto de estándares de sistema abierto para los fabricantes de equipo para promover interoperabilidad. Encapsulación - adición de información específica de cada capa a los paquetes

4 Modelo OSI – Capa de Aplicación
Proporciona interfaz hacia el usuario. Verifica disponibilidad del otro extremo de la comunicación. Trabaja directamente con los datos del usuario. i.e. SMTP, HTTP, LDP, FTP, TFTP, SNMP, X.400, etc. Aplicación 7 Presentación Sesión Transporte Red Enlace Física

5 Modelo OSI – Capa de Presentación
Formato, sintaxis estandarizada. Conversión de datos Compresión (RLE, ZIP, LZH, etc.) Cifrado i.e. ASCII, GIF, TIFF, JPEG, AVI, DOC, EBCDIC, etc. Aplicación Presentación 6 Sesión Transporte Red Enlace Física

6 Modelo OSI – Capa de Sesión
Establece, mantiene y termina conexiones entre aplicaciones. Tipos de comunicación: Simplex Half duplex Full duplex Control de diálogo: Establecimiento Transferencia de datos Fin de sesión i.e. NFS, SQL, RPC, Xwindow, DNA SCP, ASP (AppleTalk Session Protocol) etc. Aplicación Presentación Sesión 5 Transporte Red Enlace Física

7 Modelo OSI – Capa de Transporte
Conectividad de extremo a extremo (end-to-end). Establece conexiones lógicas entre sistemas (circuitos virtuales) Segmentación y reensamblaje. Transferencia confiable y no confiable de información. Detección y corrección de errores. Control de flujo (ventanas y buffering) 3-way-handshake Mantiene separados los datos de las distintas aplicaciones i.e. UDP, TCP, SPX (Sequenced Packet Exchange), SSL*, etc. Aplicación Presentación Sesión Transporte 4 Red Enlace Física

8 Modelo OSI – Capa de Red Direccionamiento lógico Aplicación
Determinación de la mejor ruta. Protocolos ruteables (routed): Contienen información del usuario, i.e. IP, IPX, AppleTalk Protocolos de ruteo (routing): Contienen información para determinar las rutas, i.e., RIP, IGRP, EIGRP, OSPF, BGP, IS-IS Otros: ICMP, IPSEC, GRE, IGMP, etc. Aplicación Presentación Sesión Transporte Red 3 Enlace Física

9 Modelo OSI – Capa de Enlace
Data link Direccionamiento físico (MAC). Control de flujo, detección de errores. Formato de tramas para envío sobre medio físico como una serie de bits. Subcapas: LLC (Logical Link Control) MAC (Media Access Control) i.e. ARP, RARP, SLIP, PPP, L2F, L2TP, FDDI, ISDN, HDLC, SDLC, SNA, TR, FR, ATM, Ethernet, etc. Aplicación Presentación Sesión Transporte Red Enlace 2 Física

10 Modelo OSI – Capa Física
Convierte bits a señales de acuerdo con el medio de transmisión (voltajes, ondas electromagnéticas, pulsos, etc). Sincronización, velocidad del medio, ruido. Cables, conectores, tarjetas, señales. i.e. HSSI, X.21, EIA/TIA-232, EIA/TIA-449, V.90, V.35, G.703 Aplicación Presentación Sesión Transporte Red Enlace Física 1

11 Encapsulación de Datos
L7 – Mensaje Encab. Payload L4 - Segmento Encab. Payload L4 L3 - Datagrama Encab. Payload L3 L2 – Trama (Frame) Encab. Payload L2 FCS / CRC L1

12 Modelo OSI Física Enlace Red Transporte Sesión Aplicación Física
([Enviar]) XXX XXX Física Enlace Red Transporte Sesión Presentación Aplicación Física Enlace Red Transporte Sesión Presentación Aplicación Física Enlace Red E0 E1 RED 1 RED 2

13 TCP/IP Conjunto de protocolos ampliamente utilizado para la transferencia de datos entre sistemas. Creado por el Departamento de Defensa de E.U. TCP/IP (detalle) OSI TCP/IP Aplicación Proceso ó Aplicación Proc Proc Proc Proc Proc Presentación Transporte Host a Host Sesión TCP UDP ICMP Transporte Internet o Internetwork IP Red ARP RARP Enlace Acceso a la Red Ethernet, FR, TR, FDDI PPP, SLIP, etc Física Medio

14 Tipos de Transmisión Analógica – señales continuas (ondas electromagnéticas a través de un medio) Digital – pulsos (binarias) Menor efecto del ruido, confiable en largas distancias v t v t

15 Tipos de Transmision Modulación – señal moduladora modifica parámetros (frecuencia, amplitud, fase) de una señal portadora (carrier) Modem – modulador/demodulador

16 Tipos de Transmisión Comunicación Síncrona – sincronización entre los dispositivos (señal de reloj) Comunicación Asíncrona – sin sincronización, utiliza delimitadores Banda Base – la señal es transmitida aplicándola directamente al medio, utilizándo su ancho de banda por completo. Banda Ancha – divide el medio en canales para transmitir varias señales simultáneamente, y por lo tanto, alcanzar mayores velocidades de transmisión (mayores a 56kbps). i.e. T1, E1, ISDN, ATM, DSL, Cable

17 Medios de Transmisión Ancho de banda (bandwidth): máxima frecuencia (rango) que puede transmitir un medio Velocidad (data rate, throughput): capacidad de transmisión de datos Ruido – señales indeseables en una línea debido al ambiente Atenuación – pérdida de potencia en la señal al ser transmitida, aumenta con distancia y frecuencia. Crosstalk – mezcla de señales de diferentes cables. Cable coaxial: resistente a interferencia (EMI), mayor ancho de banda, permite mayores distancias que cobre, pero es caro y díficil de manejar. Fibra óptica: transmite pulsos luminosos. Mayor velocidad, inmune a EMI, no emite radiación, pero es más caro. Se usa en backbones. (glass) (kevlar) Sheath Conducting layer Insulation (PVC, Teflon) Conducting core

18 Medios de Transmisión Twisted Pair: par de hilos de cobre, trenzados para minimizar interferencia y crosstalk. Es barato pero no es bueno para largas distancias – atenuación. UTP – unshielded, sin blindaje STP – shielded, con blindaje externo adicional Categoría Características Usos Cat1 Grado telefónico(voz) Modems, telefonía Cat2 Datos hasta 4Mbps Terminales mainframes Cat3 10Mbps Eth, 4Mbps TR 10Base-T Cat4 16Mbps Token Ring Cat5 100Mbps, alto trenzado 100Base-Tx, CDDI, ATM Cat6 155Mbps Redes alta velocidad Cat7 1Gbps Redes de muy alta velocidad

19 Topologías de Red Topología Características Problemas Tecnologías Bus
Un solo cable al que están conectados todos. Los problemas en un equipo pueden afectar a los cercanos Ethernet Anillo Todos conectados por un cable, en circuito cerrado. Los problemas de un equipo pueden afectar a los cercanos en el mismo anillo. FDDI Estrella Todos conectados a un dispositivo central. Punto único de falla. Bus lógico (Ethernet) y anillo lógico (Token Ring) Árbol Topología de bus con ramas de cables Malla (Mesh) Computadoras interconectadas entre sí, redundancia. Más caro y difícil resolución de problemas. Internet (malla parcial)

20 Tecnologías LAN LAN (Local Área Network) – comunicación y recursos compartidos en un área relativamente pequeña (mismo tipo de tecnología de capa de enlace). Implementación Estándar Características Ethernet 802.3 Medio compartido – acceso al medio en turnos, existen colisiones Utiliza dominios de broadcast y colisión CSMA/CD Coaxial, TP 10Mbps – 1Gbps Token Ring 802.5 Todos los dispositivos se conectan a un MAU central (Multistation Access Unit) Acceso al medio con token 4 – 16Mbps Monitoreo activo, beaconing FDDI 802.8 Anillos duales para redundancia 100Mbps Opera a largas distancias, con altas velocidades – backbones, emplea fibra CDDI utiliza UTP

21 Ethernet Nombre Distancia Velocidad Descripción Ethernet 10Base-2, ThinNet 185m 10Mbps Coaxial, BNC Ethernet 10Base-5, ThickNet 500m Ethernet 10Base-T 100m UTP/STP, RJ45 FastEthernet 100Base-TX 100Mbps GigaEthernet 1000Base-Tx 1Gbps GigaEthernet 1000Base-Fx 2km-10km Fibra CSMA/CD: Carrier Sense Multiple Access with Collision Detection, monitorean medio para verificar que nadie esté transmitiendo, si hay una colisión, envían una señal para abortar (jam) y esperan un tiempo aleatorio para retransmitir (back-off algorithm). CSMA/CA: Collision Avoidance, los equipos indican su intención de transmitir antes de hacerlo. Collision A B D E Printer G H J File Server CSMA/CD se usa en Ethernet, CSMA/CA en wireless

22 Token Ring Topología: estrella física, anillo lógico
Token: trama de control de 24 bits (encabezado – con direcciones, campo de datos, y trailer) El token va recorriendo el anillo, y sólo el equipo con el token puede transmitir. Active monitor: elimina tramas atrapadas en ciclo (loop) Beaconing: envío de un beacon (trama) para indicar errores A B G C D F E Printer File Server Token MAU

23 FDDI Fiber Distributed Data Interface (ANSI)
Utiliza dos anillos, uno en el sentido de las manecillas del reloj para datos, el otro en sentido contrario para redundancia. Ring wrap – señal que indica fallo en anillo primario

24 Conceptos Dominio de colisión: grupo de equipos que “compiten” por el uso del mismo medio compartido. Separados por dispositivos L2. Dominio de broadcast: grupo de equipos que escuchan el mismo tráfico broadcast. Separados por dispositivos L3. Tipos de Acceso al Medio: CSMA Tokens Polling: tipo de acceso al medio en el que las estaciones secundarias sólo pueden transmitir si se lo pregunta una primaria. Métodos de transmisión LAN Unicast: dirigido a un sólo host Multicast: dirigido a un grupo de hosts Broadcast: dirigido a todos los hosts dentro de un segmento de red.

25 IP Protocolo no orientado a conexiones
Utiliza direccionamiento lógico (jerárquico) para ruteo de paquetes. IPv6 – 128bits IPv4 – 32bits (red/host). Subnet mask – determina que porción de la dirección es de red y de host. Esta máscara determina la clase de la red. Clase A: 8bits para dirección de red, 24 para host Clase B: 16 bits para dirección de red, 16 bits para host Clase C: 24 bits para dirección de red, 8 par host Direcciones privadas: (1 Clase A) a (16 Clases B) – (256 Clases C) 24 Bits Bits

26 IP Upper Layer Data 15 16 31 Version (4 bit) Header length (4 bit)
15 16 31 Version (4 bit) Header length (4 bit) Type of Service (8-bit) Total Length of IP datagram (16-bit) Identification (16-bit) Flags (3 bit) Fragment Offset (13-bit) Time to Live (8-bit) Protocol (8-bit) Header Checksum (16-bit) 20 bytes Source IP address (32-bit) 28 bytes Destination IP address (32-bit) IP Options (if any) Pad Upper Layer Data

27 TCP y UDP Protocolos de la capa de transporte, se encargan de “transportar” los datos entre dos sistemas. TCP UDP Orientado a conexión (circuitos virtuales) No establece conexiones Confiable, solicita confirmación (acknowledgement) Mejor esfuerzo (best effort), sin confirmación Señalización de tres vías (three way handshake) No establece conexión virtual Números de secuencia Sin secuenciamiento Control de flujo (ventana deslizante) Sin control de flujo Requiere mayores recursos Rápido, paquetes con poca información adicional (overhead)

28 Acknowledgment Number
TCP y UDP TCP UDP Source Port Destination Port Source Port Destination Port Sequence Number UDP Msg Length UDP Checksum Acknowledgment Number Data HLEN Rsvd Code Window TCP Checksum Urgent Pointer Options (if Any) Padding Data *Code=SYN, ACK, RST, PSH, FIN, URG

29 TCP Establecimiento de conexiones TCP sigue un 3-way-handshake SYN
Emisor Receptor (Escuchando) Envía Syn (x) SYN Envía Syn (y), Ack (x+1) SYN, ACK Recibe Ack (x+1) Envía Ack (y+1) ACK Recibe Ack (y+1) Establecida Establecida

30 Números de Puertos y Protocolos
UDP y TCP utilizan puertos para comunicarse con las capas superiores y separar las diferentes conexiones. Conocidos (well known): Registrados (registered): 1024 – 49151 Dinámicos (dynamic/private): Socket – puerto y dirección fuente y destino. De manera similar, IP utiliza un número de protocolo para identificar lo que corresponde a capas superiores. FTP DNS TFTP Telnet SMTP HTTP SNMP L5 a L7 21/20 23 25 80 161/162 53 69 Puerto L4 TCP UDP 6 17 Protocolo L3 IP

31 Otros Protocolos TCP/IP
ARP – Address Resolution Protocol, busca obtener una dirección física (MAC) que corresponde a una lógica (IP) Susceptible a envenenamiento (ARP poisoning, es decir, colocar información incorrecta en la tabla ARP RARP – Reverse Address Resolution Protocol, utilizado por terminales sin disco para obtener su dirección IP, conociendo su dirección física. BOOTP – Boot Protocol, proporciona más información que RARP a estaciones sin disco. DHCP – Dynamic Host Configuration Protocol, utilizado por equipo con su propio S.O. para obtener una IP ICMP – Internet Control Message Protocol, entrega mensajes, reporta errores e información de rutina, y se utiliza para probar conectividad y resolución de problemas Ping – echo request + echo reply ICMP unreachables – indican que el destino no es alcanzable

32 Dispositivos de Red Repetidor Switches Hub Bridges L2, software
L1, hardware Repite y amplifica señales “Cable invisible” Switches L2, hardware Puede tener muchos puertos. Funcionalidad similar a un bridge. Permite creación de VLANS (LANS virtuales, es decir, segentación en distintos dominios de colisión en un mismo switch, e independiente deubicación física) Multilayered – combinan funcionalidades de otras capas Hub L1, hardware Repetidor multipuertos Bridges L2, software Segmenta LANs - divide dominios colisión Tablas de reenvío: Transparente: Tabla CAM (MAC vs puerto) Source Routing: los paquetes contienen la información necesaria para ser reenviados. Spanning Tree – prevención de ciclos infinitos (loops) Reenvía broadcasts => broadcast storms Local (una misma LAN), remoto (a través de una WAN) o de traducción (diferentes tecnologías LAN)

33 Dispositivos de Redes Routers L3, software Decisiones basadas en IP Interconecta redes No reenvía broadcasts – divide dominios de broadcast Si desconoce la dirección destino, no reenvía los paquetes. Lleva una tabla de ruteo (IP vs interfaz) Crea un nuevo encabezado L2 para cada trama. El ruteo se lleva a cabo en base a la dirección destino. Estático – configurado en el router Dinámico – la tabla se construye a partir de protocolos de ruteo. Sistema Autónomo (AS) – red individual manejada por una entidad específica.

34 Dispositivos de Redes Gateway: software que interconecta dos ambientes diferentes, actuando como traductor o restringiendo la interacción entre ellos. Usualmente L7, pero puede variar. Ejemplos: routers, gateways de correo, gateways de voz PBX: Private Branch Exchange, conmutador de telefonía privado, proporciona servicios telefónicos, puede ser analógico o digital. Se conecta a la red pública telefónica (PSTN) Phreaker – hacker telefónico Local loop – lazo entre usuario y central telefónica DISA – Direct Inward System Access – código de autorización para acceso a líneas

35 Firewalls Filtran tráfico, facilitan segregación. L3 a L7.
DMZ (demilitarized zone): zona de buffer entre redes protegidas y desprotegidas Dual-homed: equipo con dos tarjetas de red conectadas a diferentes redes con distintos niveles de confianza Multi-homed: equipo con varias tarjetas de red Desventajas: punto central de falla, posible bajo desempeño, pueden limitar servicios deseables, no proporcionan protección contra virus y atacantes internos. Internet

36 Tipos de Firewall Packet filtering: filtra basado en los paquetes (reglas que evalúan los encabezados). 1ª generación. Dynamic: añade puertos dinámicos a reglas temporales para permitir las conexiones de regreso. UDP. 4ª generación. Stateful inspection: lleva una tabla con el estado de las conversaciones y filtra con base en esto. Analiza todo el paquete, permite seguir protocolos no orientados a conexión. 3ª generación. Proxy: intermediario, redirige peticiones a su destino. Application Level: Inspecciona todo el paquete y toma decisiones con base en todo su contenido, específico para cada protocolo. Circuit Level: crea un circuito entre cliente y servidor; sólo inspecciona los encabezados y puede usarse para varios protocolos. i.e. SOCKS Kernel Proxy: crea stacks dinámicos personalizados de TCP/IP cuando necesita evaluar un paquete. Examina todo el paquete de acuerdo con protocolo identificado. 5ª generación.

37 Arquitecturas de Firewall
Bastion Host: sistema configurado de manera “invulnerable”, debido a su alta exposición: divide redes confiables y no confiables. Screened Host: firewall que se comunica directamente con un dispositivo de filtrado previo y con la red interna. Screened Subnet: El firewall está ubicado entre otros dos dispositivos que filtren tráfico. Consideraciones: negar lo no permitido, anti-spoofing, fragmentación, source routing. Internet Internet

38 Servicios de Red Network Operating System (NOS): controla acceso a los recursos de red y proporciona los servicios para habilitar la interacción de una computadora con la red. DNS: Domain Name Service; resuelve nombres de host a direcciones IP Las redes se dividen en zonas dentro de un servidor Resource records: archivo que relaciona IPs con nombres Authoritative name server: contiene el listado para una zona. Los servidores se encuentran organizados jerárquicamente, con dominios de diferentes niveles. COM AT&T Root Top Level 2nd Level MX Uninet

39 Servicios de Directorio
Contiene una base de datos jerárquica de los usuarios, computadoras, impresoras, recursos y los atributos de cada uno. Basados en el modelo X.500 LDAP (Lightweight Directory Access Protocol) – protocolo para acceso a la base de datos del directorio. Metadirectories – permiten encontrar información en otros directorios a través de uno de mayor nivel. Ejemplos: Microsoft Active Directory, Novell Directory Services

40 NAT Network Address Translation: traduce de una dirección IP a otra
Static - Uno a uno Dynamic - Uno a muchos – permite compartir IPs, stateful, overload Port translation - Mapeo de puertos (PAT) /24 /24 Global pool Port 2000 Port 2001 NAT PAT Internet

41 Tipos de Redes Intranet – red interna, privada, que utiliza tecnologías Web. Extranet – red de comunicación entre diferentes compañías LAN – red local, en zona geográfica pequeña MAN (Metropolitan Area Network) – backbone que interconecta redes locales, de área amplia e Internet en una zona geográfica grande. Utiliza SONET/SDH ó FDDI (fibra) WAN (Wide Area Network) – establecen comunicación a través de grandes distancias.

42 Telecomunicaciones Multiplexing – combinar múltiples canales de datos sobre un mismo medio de transmisión. TDM (Time Division Multiplexing) – asigna diferentes espacios de tiempo sobre la línea a cada canal. Escalable. DS-0 DS-1 DS-2 DS-3 DS-4 DS-5 DS-6

43 Telecomunicaciones Enlace dedicado – enlace punto a punto exclusivo para esa conexión. Costo proporcional a distancia. Conmutación – establecimiento de conexión solo cuando se necesita. Circuit switching – establece una conexión virtual que actúa como un enlace dedicado entre dos sistemas. i.e. telefonía Packet switching – los datos son divididos en paquetes, que pueden seguir diferentes rutas para llegar a un destino. CSU/DSU (Channel/Data Service Unit) – conversor entre señales digitales y señales apropiadas para las líneas de transmisión. DTE – Data Terminal Equipment – del usuario DCE – Data Circuit-terminating Equipment – del Telco, señalización DTE DCE T1 (Telco) DSU/CSU CSU/DSU

44 Tecnologías WAN Nombre Tipo Velocidad Características T-Carrier
Enlace dedicado T1 = 24xDS0 = 1.5Mbps T3 = 28xT1 = 45Mbps Utiliza TDM para combinar canales de voz (64kbps) sobre un par de cobre. Es posible utilizar T1 fraccional. Europa: E1 (2Mbps), E3 (34Mbps) SONET OC-1= 52Mbps OC-3 = 155Mbps OC-12 = 622Mbps... Utiliza TDM para combinar canales DS0, T1, T3, etc sobre fibra óptica. Europa: SDH (STM-1 a 256) S/WAN Packet switching Depende de la conexión Utiliza túneles VPN (IPSEC) para conexión firewall-firewall. Frame Relay Packet Switching CIR (Committed Info. Rate) Utiliza conmutación de tramas de longitud variable a través de la “nube” para establecer circuitos virtuales, ya sea permanentes (PVC) o conmutados (SVC). X.25 Packet Switching Variable Antecedente de Frame-Relay, utiliza tramas de longitud fija (128bytes) y HDLC, poco eficiente ATM Cell Switching Variable. Puede correr sobre SONET. Utiliza conmutación de celdas de 53 bytes para establecer circuitos virtuales (PVCs o SVCs)

45 Otros Protocolos WAN SMDS – Switched Multimegabit Data Service – packet- switched, de alta velocidad para extender LANs. Reemplazada por FR. SDLC – Synchronous Data Link Control – de IBM, utiliza polling para establecer comunicación en ambientes SNA, entre mainframes y sitios remotos, orientado a bits. HDLC – High-level Data Link Control – extensión de SDLC para múltiples tipos de conexiones (punto a punto y multipunto). Método de encapsulación para enlaces seriales. Incompatible entre fabricantes. HSSI – High Speed Serial Interface – interface DTE/DCE utilizada para conectar dispositivos de comunicación a servicios de alta velocidad.

46 Otros Protocolos H.323 – estándar para transmisión de video, audio y datos sobre redes IP, utilizado en gateways de voz. VoIP – voz sobre IP, transmisión de voz digitalizada sobre redes IP. Problemas: latencia, jitter MPLS – Multi Protocol Layer Switching, tecnología que asigna etiquetas a las tramas y rutea con base en esas etiquetas. Encapsula otros protocolos de capa 2 y 3 Soporta tecnologías de conmutación de paquetes y circuitos Solución de alta velocidad Soporta VPNs Gran flexibilidad

47 Acceso Remoto Dial-up/RAS – conexión a un servidor de acceso (NAS) a través de una línea telefónica. La autenticación puede ser local, mediante RADIUS, y puede utilizar mecanismo de call-back. Wardialing: escaneo automático de rango telefónico ISDN – Integrated Services Digital Network. Transmite voz y datos sobre líneas telefónicas, de forma digital. BRI (Basic Rate Interface) = 2B (datos) + 1D (control) = 144Kbps PRI (Primary Rate Interface) = 23B + 1D = 1544Kbps BISDN (Broadband ISDN) – puede manejar muchos servicios, utilizado por carriers de telecomunicaciones. DSL – Digital Subscriber Line. Usa las líneas telefónicas, alcanza hasta 52Mbps. Simétrico – mismo ancho de banda de subida que de bajada Asimétrico – mayor ancho de banda de bajada Cable - Utiliza cable coaxial (usualmente de TV) para proporcionar conexiones de hasta 50Mbps. Ancho de banda compartido entre los usuarios del área local.

48 Dial-up PPP (Point-to-Point Protocolo) –Se utiliza para establecer conexiones dial-up. Protocolo de capa 2, encapsula datos de IP y otros protocolos para su transmisión en enlaces seriales. Métodos de autenticación: PAP – Password Autentication Protocol, transmite la contraseña en texto claro CHAP – Challenge/Handshake Authentication Protocol, reto/respuesta EAP – Extensible Authentication Protocol, extensible a otros métodos de autenticación SLIP (Serial Line Internet Protocol) – Similar a PPP, pero sólo soporta IP, es menos eficiente y requiere el conocimiento de la IP asignada por el proveedor antes de establecer la conexión.

49 VPN VPN – conexión privada, segura, a través de una red pública.
Túnel - camino virtual a través de una red. Encapsulación. Enterprise DMZ AAA CA Supplier Business Partner Remote Office Service Provider A Service Provider B Regional Office Small Office Mobile User Or Corporate Telecommuter Extranet Intranet Remote Access

50 Túneles PPTP (Point-to-Point Tunneling Protocol)
Encapsula las tramas de PPP en datagramas IP, utiliza GRE (Generic Routing Encapsulation). Permite establecer una VPN cuando el acceso a Internet es por dial-up. Cifrado – Microsoft Point-to-Point encryption, MS-CHAP ó EAP- TLS Diseñado para conectividad cliente/servidor. Sólo puede transmitir sobre redes IP. L2F (Layer 2 Forwarding) Protocolo propietario de Cisco Junto con PPTP originó L2TP Permite túneles de PPP sobre redes que no son IP Autenticación mutua Sin cifrado

51 Túneles L2TP (Layer 2 Tunneling Protocol) IPSEC (IP Security)
Proviene de L2F y PPTP Transmite sobre diversos tipos de redes: IP, FR, ATM, X.25 Se puede combinar con IPSEC Soporta TACACS+ y RADIUS IPSEC (IP Security) Proporciona autenticación y cifrado Sólo soporta redes IP Trabaja en la capa de red, a diferencia de PPTP y L2TP, que funcionan en la capa de enlace. Consta de tres protocolos principales AH (Authentication Header) ESP (Encapsulating Security Payload) IKE (Internet Key Exchange) Tunnel mode – cifra tanto datos (payload) como encabezado, coloca un encabezado nuevo. Transport mode – sólo cifra los datos

52 IPSEC AH (Authentication Header) ESP (Encapsulating Security Payload)
Utiliza MD5 ó SHA Garantiza integridad y autenticación de origen. ESP (Encapsulating Security Payload) Proporciona confidencialidad, cifrado (DES/3DES/AES) IKE (Internet Key Exchange) Híbrido: combinación de ISAKMP, Oakley Key exchange y SKEME. Define los mecanismos para asociaciones de seguridad e intercambio de llaves de autenticación: pre-shared o RSA ISAKMP (Internet Security Association and Key Management Protocol) Define el procedimiento y formato del paquete para establecer, negociar, modificar y borrar asociaciones de seguridad.

53 Redundancia UPS: fuente ininterrumpida de energía eléctrica.
RAID (Redundant Array of Inexpensive Disks): arreglo de discos, para proporcionar redundancia. Resistencia a fallos – protege en caso de fallo del disco Tolerancia a fallos – protege en caso de falla de un solo componente, disponibilidad continua Tolerancia a desastres – mecanismo en zonas HSM (Hierarchichal Storage Management) – respaldo continuo en línea. SAN (Storage Area Network) Striping – la información es separada en bloques y escrita en discos diferentes Paridad – mecanismo de identificación y corrección de errores. Clustering: conjunto de servidores manejados como un solo servidor lógico. Proporciona disponibilidad y escalabilidad. Respaldos

54 RAID Nivel Descripción Nombre
Se reparte la información en varios discos, sin paridad ni redundancia Striping 1 Se escribe la información en dos discos a la vez (espejos), por lo que hay redundancia. Mirroring 2 Se reparte la información en los discos a nivel de bit. Se utiliza el código Hamming para identificación y corrección de errores. Hamming code parity 3 Se reparte la información en los discos a nivel de bit. Se almacena la información de paridad en un disco de comprobación, a partir del cual se puede recuperar información de los otros discos. Byte-level parity 4 Se reparte la información en varios discos a nivel de bloque. Se almacena la información de paridad en un disco de comprobación, a partir del cual se puede recuperar información de los otros discos. Block-level parity 5 La información se reparte en los discos de todas las unidades. La paridad se escribe en todas las unidades, si un disco falla, se recupera la información a partir de la paridad y datos de los demás. Interleave parity 6 Similar al nivel 5, pero con un segundo conjunto de datos de paridad escrito en todos los discos (unidades separadas) para tolerancia a fallos. Second parity data 10 La información es repartida y espejeada simultáneamente entre varios discos, puede soportar fallas múltiples. Striping and mirroring 15 Añade tolerancia a fallos mediante el espejo al nivel 5. Interleave parity and mirroring

55 Wireless Utiliza CSMA/CA para acceso al medio.
Spread Spectrum: técnica de modulación que distribuye la señal a lo largo de TODO el rango de frecuencias disponible. Frequency Hopping (FHSS): receptor y emisor brincan constantemente de una a otra frecuencia dentro del rango asignado en una secuencia definida (código) Direct Sequence (DSSS): Utiliza un código (chipping code) para transformar los datos de forma que aparenten ruido aleatorio, luego se modula a una frecuencia y se transmite. Frequency 2.4 GHz GHz Time 1 2 3 Frequency Hopping Direct Sequence Channel 1 Channel 3 Channel 2 Interference

56 Especifica mecanismos de Seguridad para 802.11
Estándares Wireless Estándar Velocidad Frecuencia 802.11 1 and 2 Mbps 2.4GHz 802.11b 11 Mbps 802.11a 54 Mbps 5GHz 802.11g 802.11h 5.15 (CE) 802.11j 3-17Mbps 4.9GHz, 5GHz (JP) 802.11i Especifica mecanismos de Seguridad para 802.11e Soporte de QoS y multimedia 802.11f Roaming 802.11s Mesh WLAN 802.16 Wireless MAN 802.15 Wireless Personal Area Network

57 Wireless Acces Point – Punto de acceso a la red.
Infrastructure – Se utilizan los APs como bridges entre redes alámbricas e inalámbricas. Ad hoc – Los dispositivos inalámbricos se comunican entre sí sin AP. SSID (Service Set ID) – identificador de la WLAN, sirve para segmentar redes inalámbricas. Cifrado: WEP (40/104 bits) vs WAP (128bits) WAP - Wireless Application Protocol – Wireless GAP – traducción de WTLS a SSL Wardriving: rastreo de redes inalámbricas

58 Seguridad en Wireless Implementación de WEP o WAP
Modificar el SSID default Deshabiitar la opción de SSID broadcast Utilizar otra capa de autenticación (RADIUS, Kerberos) Ubicación física del AP Ubicación lógica del AP (en DMZ) Uso de VPN Configurar control de acceso por MACs Deshabilitar DHCP 802.1x Access Point RADIUS Server Client

59 Finalmente....

60 Preguntas 1. Which one of the following is the Open Systems Interconnection (OSI) protocol for message handling? A. X.25 B. X.400 C. X.500 D. X.509 Answer: B An ISO and ITU standard for addressing and transporting messages. It conforms to layer 7 of the OSI model and supports several types of transport mechanisms, including Ethernet, X.25, TCP/IP, and dial-up lines.

61 Preguntas 2. Which one of the following attacks is MOST effective against an Internet Protocol Security (IPSEC) based virtual private network (VPN)? A. Brute force B. Man-in-the-middle C. Traffic analysis D. Replay Answer: B Active attacks find identities by being a man-in-the-middle or by replacing the responder in the negotiation.

62 Preguntas 3. Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic? A. Network aliasing B. Domain Name Server (DNS) poisoning C. Reverse Address Resolution Protocol (ARP) D. Port scanning Answer: B This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of the server instead of replacing the actual records, which is referred to as cache poisoning.

63 Preguntas 4. Which one of the following instigates a SYN flood attack?
A. Generating excessive broadcast packets. B. Creating a high number of half-open connections. C. Inserting repetitive Internet Relay Chat (IRC) messages. D. A large number of Internet Control Message Protocol (ICMP) traces. Answer: B A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system's small "in-process“ queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 103

64 Preguntas 5. Which one of the following could a company implement to help reduce PBX fraud? A. Direct Inward System Access (DISA) B. Call vectoring C. Teleconferencing bridges D. Remote maintenance ports Answer: A The potential for fraud to occur in voice telecommunications equipment is a serious threat. PBX's (Private Branch Exchange) are telephone switches used within state agencies to allow employees to make out-going and receive in- coming phone calls. These PBX's can also provide connections for communications between personal computers and local and wide area networks. Security measures must be taken to avoid the possibility of theft of either phone service or information through the telephone systems. Direct Inward System Access (DISA) is the ability to call into a PBX, either on an 800 number or a local dial-in, and by using an authorization code, gain access to the long distance lines and place long distance calls through the PBX

65 Preguntas 6. A screening router can perform packet filtering based upon what data? A. Translated source destination addresses. B. Inverse address resolution. C. Source and destination port number. D. Source and destination addresses and application data. Answer: C A screening router is one of the simplest firewall strategies to implement. This is a popular design because most companies already have the hardware in place to implement it. A screening router is an excellent first line of defense in the creation of your firewall strategy. It's just a router that has filters associated with it to screen outbound and inbound traffic based on IP address and UDP and TCP ports.

66 Preguntas 7. Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a network entity to verify both A. The identity of a remote communicating entity and the authenticity of the source of the data that are received. B. The authenticity of a remote communicating entity and the path through which communications are received. C. The location of a remote communicating entity and the path through which communications are received. D. The identity of a remote communicating entity and the level of security of the path through which data are received. Answer: A OSI model needs to know the source of the data and that it is who it says it is. Path it the data take is not cared about unless source routing is used. The level of security is not cared about inherently by the receiving node (in general) unless configured. A is the best option in this question.

67 Preguntas 8. Which one of the following threats does NOT rely on packet size or large volumes of data? A. SYN flood B. Spam C. Ping of death D. Macro virus Answer: D SPAM - The term describing unwanted , newsgroup, or discussion forum messages. Spam can be innocuous as an advertisement from a well-meaning vendor or as malignant as floods or unrequested messages with viruses or Trojan horses attached SYN Flood Attack - A type of DoS. A Syn flood attack is waged by not sending the final ACK packet, which breaks the standard three-way handshake used by TCP/IP to initiate communication sessions. Ping of death attack - A type of DoS. A ping of death attack employs an oversized ping packet. Using special tools, an attacker can send numerous oversized ping packets to a victim. In many cases, when the victimized system attempts to process the packets, an error occurs causing the system to freeze, crash, or reboot. Macro Viruses - A virus that utilizes crude technologies to infect documents created in the Microsoft Word environment. - Ed Tittle CISSP Study Guide (sybex) pg , 743, 723, 713

68 Preguntas 9. Why are hardware security features preferred over software security features? A. They lock in a particular implementation. B. They have a lower meantime to failure. C. Firmware has fewer software bugs. D. They permit higher performance. Answer: D Hardware allows faster performance then software and does not need to utilize an underlying OS to make the security software operate.

69 Preguntas 10. Which of the following layers supervises the control rate of packet transfers in an Open Systems Interconnections (OSI) implementation? A. Physical B. Session C. Transport D. Network Answer: C The transport layer defines how to address the physical locations and /or devices on the network, how to make connections between nodes, and how to handle the networking of messages. It is responsible for maintaining the end-to-end integrity and control of the session. Services located in the transport layer both segment and reassemble the data from upper-layer applications and unite it onto the same data stream, which provides end-to-end data transport services and establishes a logical connection between the sending host and destination host on a network. The transport layer is also responsible for providing mechanisms for multiplexing upper-layer applications, session establishment, and the teardown of virtual circuits. -Ronald Krutz The CISSP PREP Guide (gold edition) pg

70 Preguntas 11. What type of wiretapping involves injecting something into the communications? A. Aggressive B. Captive C. Passive D. Active Answer: D Active wiretapping" attempts to alter the data or otherwise affect the flow; "passive wiretapping" only attempts to observe the flow and gain knowledge of information it contains. (See: active attack, end-to-end encryption, passive attack.)"

71 Preguntas 12. Which one of the following is a technical solution for the quality of service, speed, and security problems facing the Internet? A. Random Early Detection (RED) queuing B. Multi-protocol label-switching (MPLS) C. Public Key Cryptography Standard (PKCS) D. Resource Reservation Protocol (RSVP) Answer: B RED and RSVP are QoS protocols, while PKCS is related to security only. MPLS Label Forwarding is performed with a label lookup for an incoming label, which is then swapped with the outgoing label and finally sent to the next hop. Labels are imposed on the packets only once at the edge of the MPLS network and removed at the other end. These labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). Packets belonging to the same FEC get similar treatment. The label is added between the Layer 2 and the Layer 3 header (in a packet environment) or in the virtual path identifier/virtual channel identifier (VPI/VCI) field (in ATM networks). The core network merely reads labels, applies appropriate services, and forwards packets based on the labels. This MPLS lookup and forwarding scheme offers the ability to explicitly control routing based on destination and source addresses, allowing easier introduction of new IP services.

72 Preguntas 13. Which one of the following is the MOST solid defense against interception of a network transmission? A. Frequency hopping B. Optical fiber C. Alternate routing D. Encryption Answer: D Frequency hopping is specific for wireless networks. Optical fiber onl limit interception across a specific path. Encryption is the best defense when a transmission is captured because it is hard to decrypt.

73 Preguntas 14. Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched Ethernet in a hub-and-spoke or star topology? A. IEEE protocol for Ethernet cannot support encryption. B. Ethernet is a broadcast technology. C. Hub and spoke connections are highly multiplexed. D. TCP/IP is an insecure protocol. Answer: C Switched environments allow frame forwarding only to the devices they are addressed to. Both switched and non-switched Ethernet LANs forward all broadcast traffic is Token Ring. Ethernet LANs can transport protocols other than TCP/IP.

74 Preguntas 15. Which one of the following describes a bastion host? A. A physically shielded computer located in a data center or vault. B. A computer which maintains important data about the network. C. A computer which plays a critical role in a firewall configuration. D. A computer used to monitor the vulnerability of a network. Answer: C A bastion host or screened host is just a firewall system logically positioned between a private network and an untrusted network. - Ed Tittle CISSP Study Guide (sybex) pg 93

75 Preguntas 16. Firewalls can be used to A. Enforce security policy.
B. Protect data confidentiality. C. Protect against protocol redirects. D. Enforce Secure Network Interface addressing. Answer: A A firewall is a device that supports and enforces the company's network security policy. - Shon Harris Allin- One CISSP Certification Guide pg 412

76 Preguntas 17. In a typical firewall configuration, what is the central host in organization’s network security? A. Stateful B. Screen C. Gateway D. Bastion Answer: D Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be 'outside" Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e.g., LNIX, VMS, WNT, etc.) rather than a ROM-based or firmware operating system.

77 Preguntas 18. Which of the following defines the key exchange for Internet Protocol Security (IPSEC)? A. Internet Security Association Key Management Protocol (ISAKMP) B. Internet Key Exchange (IKE) C. Security Key Exchange (SKE) D. Internet Communication Messaging Protocol (ICMP) Answer: B Strictly speaking, a combination of three protocols is used to define the key management for IPSEC. These protocols are ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley. When combined and applied to IPSEC, these protocols are called the Internet Key Exchange (IKE) protocol. In general, ISAKMP defines the phases for establishing a secure relationship, SKEME describes a secure exchange mechanism, and Oakley defines the modes of operation needed to establish a secure connection." -Ronald Krutz The CISSP PREP Guide (gold edition) pg

78 Preguntas 19. On which Open System Interconnection (OSI) Reference Model layer are repeaters used as communications transfer devices? A. Data-link B. Physical C. Network D. Transport Answer: B Hubs are multi port repeaters, and as such they obey the same rules as repeaters (See previous section OSI Operating Layer). They operate at the OSI Model Physical Layer."

79 Preguntas 20. Which one of the following is a TRUE statement about the bottom three layers of the Open Systems Interconnection (OSI) Reference Model? A. They generally pertain to the characteristics of the communicating end systems. B. They cover synchronization and error control of network data transmissions. C. They support and manage file transfer and distribute process resources. D. They support components necessary to transmit network messages. Answer: B Data link: error control - A noise burst on the line can destroy a frame completely. In this case, the data link layer software on the source machine must retransmit the frame. However, multiple transmissions of the same frame introduce the possibility of duplicate frames. A duplicate frame could be sent, for example, if the acknowledgment frame from the receiver back to the sender was destroyed. It is up to this layer to solve the problems caused by damaged, list, and duplicate frames.

80 Preguntas 21. Which of the following is the MOST secure network access control procedure to adopt when using a callback device? A. The user enters a userid and PIN, and the device calls back the telephone number that corresponds to the userid. B. The user enters a userid, PIN, and telephone number, and the device calls back the telephone number entered. C. The user enters the telephone number, and the device verifies that the number exists in its database before calling back. D. The user enters the telephone number, and the device responds with a challenge. Answer: A Usually a request for a username and password takes place and the NAS may hang up the call in order to call the user back at a predefined phone number. This is a security activity that is used to try and ensure that only authenticated users are given access to the network and it reverse the long distance charges back to the company...However, this security measure can be compromised if someone implements call forwarding. - Shon Harris All-in-one CISSP Certification Guide pg 463

81 Preguntas 22. Which is the MAIN advantage of having an application gateway? A. To perform change control procedures for applications. B. To provide a means for applications to move into production. C. To log and control incoming and outgoing traffic. D. To audit and approve changes to applications. Answer: C "An application-level gateway firewall is also called a proxy firewall. A proxy is a mechanism that copies packets from one network into another; the copy process also changes the source and destination address to protect the identity of the internal or private network. An application-level gateway firewall filters traffic based on the Internet service (i.e., application) used to transmit or receive the data." - Shon Harris All-in-one CISSP Certification Guide pg 92

82 Preguntas 23. Why are packet filtering routers NOT effective against mail bomb attacks? A. The bomb code is obscured by the message encoding algorithm. B. Mail bombs are polymorphic and present no consistent signature to filter on. C. Filters do not examine the data portion of a packet. D. The bomb code is hidden in the header and appears as a normal routing information. Answer: C Packet filtering does not examine the data portion of the packet and thus, can’t protect against application specific attacks.

83 Preguntas 24. Which process on a firewall makes permit/deny forwarding decisions based solely on address and service port information? A. Circuit Proxy B. Stateful Packet Inspection Proxy C. Application Proxy D. Transparency Proxy Answer: A Circuit-level proxy creates a circuit between the client computer and the server. It does not understand or care about the higher-level issues that an application-level proxy deals with. It knows the source and destinations addresses and makes access decisions based on this information...IT looks at the data within the packet header versus the data within the payload of the packet. It does not know if the contents within the packet are actually safe or not. - Shon Harris All-in-one CISSP Certification Guide pg

84 Preguntas 25. What is the purpose of the Encapsulation Security Payload (ESP) in the Internet Protocol (IP) Security Architecture for Internet Protocol Security? A. To provide non-repudiation and confidentiality for IP transmission. B. To provide integrity and confidentiality for IP transmissions. C. To provide integrity and authentication for IP transmissions. D. To provide key management and key distribution for IP transmissions. Answer: B ESP deals with encriptyon of the payload in IPSEC, providing confidentiality and integrity of data transmissions.

85 Preguntas 26. Which one of the following data transmission technologies is NOT packet-switch based? A. X.25 B. ATM (Asynchronous Transfer Mode) C. CSMA/CD (Carrier Sense Multiple Access/Collision Detection) D. Frame Relay Answer: C CSMA/CD is the media access protocol used in Ethernet.

86 Preguntas 27. How does the SOCKS protocol secure Internet Protocol (IP) connections? A. By negotiating encryption keys during the connection setup. B. By attaching Authentication Headers (AH) to each packet. C. By distributing encryption keys to SOCKS enabled applications. D. By acting as a connection proxy. Answer: D

87 Preguntas 28. What technique is used to prevent eavesdropping of digital cellular telephone conversations? A. Encryption B. Authentication C. Call detail suppression D. Time-division multiplexing Answer: A TDMA uses time slots, so it is possible to intercept the signal, but synchronization is required to decode signal. GSM is a form of TDMA with greatly enhanced security. GSM encryption can be cracked, but it is not easy. CDMA uses spread spectrum. A single connection will use a wide variety of different frequencies The specific frequencies, duration and start times at each frequency are carried in in a coded transmission. CDMA is more secure than GSM which is more secure than TDMA (IS-136).

88 Preguntas 29. Virtual Private Network software typically encrypts all of the following EXCEPT A. File transfer protocol B. Data link messaging C. HTTP protocol D. Session information Answer: B VPN software usually works at the network layer, and doesn’t provide encryption of data link messaging.

89 Preguntas 30. Firewalls filter incoming traffic according to
A. The packet composition. B. A security policy. C. Stateful packet rules. D. A security process. Answer: B Security policies may include packet filtering based on headers, stateful inspection or application-level inspection.

90 Preguntas 31. Encryption is applicable to all of the following OSI/ISO layers except:  A. Network layer B. Physical layer  C. Session layer  D. Data link layer Answer: B Encryption is available to all layers in the OSI/ISO model except the physical layer. It is most intrusive at the application layer but provides users the greatest degree of flexibility at this level since the scope and strength of the protection can be tailored to meet the specific needs of the application. At the network and transport layer, encryption, which is transparent to most applications, allows systems to converse over existing insecure Internet lines. This level is costly to encrypt and affects all communications among different systems. Encryption at the data link level is for protecting local traffic (i.e., on one shared cable), although messages are exposed while passing through other links. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 216).

91 Preguntas 32. Which layer of the TCP/IP protocol model controls the communication flow between hosts? Internet layer  Host-to-host transport layer  Application layer  Network access layer Answer: A Whereas the host-to-host layer (OSI's transport layer) provides end-to-end data delivery service to the application layer, it is the Internet layer (OSI's Network layer) that handles the routing of packets among multiple networks and controls the communication flow between hosts. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 85). Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 344).

92 Preguntas 33. What is the proper term to refer to a single unit of IP data?  IP segment IP datagram  IP frame  IP packet Answer: B The proper terms are TCP segment, IP datagram, and Ethernet frame. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, Addison-Wesley Pub Co., pg. 10.

93 Preguntas 34. Lower Layers (Physical, Link, Network, Transport) are unable to protect against what kind of attacks?  Piggy Back Attacks  Brute Force  Denial of Service Attacks Content Based Attacks Answer: D Lower Layer Protocols do not interact with data contained in the payload. Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 1, page 163.

94 Preguntas 35. Which of the following is the core of fiber optic cables made of?  PVC Glass fibers  Kevlar  Teflon Answer: B Fiber optic cables have an outer insulating jacket made of Teflon or PVC, Kevlar fiber, which helps to strengthen the cable and prevent breakage, plastic coatings, used to cushion the fiber center. The center (core) of the cable is made of glass or plastic fibers. Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 3: Telecommunications and Network Security (page 31).

95 Preguntas 36. Which of the following functions does RAID Level 0 perform? It creates one large disk by using several disks.  It creates several smaller disks from one large disk.  It recovers one large disk by using several smaller disks.  It removes one large disk as it creates several smaller disks. Answer: A RAID Level 0 creates one large disk by using several disks. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65.

96 Preguntas 37. Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? Fiber Optic cable  Coaxial cable  Twisted Pair cable  Axial cable Answer: A Fiber Optic cable is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length (up to two kilometers in some cases). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 72.

97 Preguntas 38. Which of the following, used to extend a network, has a storage capacity to store frames and act as a store-and-forward device? Bridge  Router  Repeater  Gateway Answer: A Bridges are used to connect two separate networks to form a logical network. They must have storage capacity to store frames and act as a store-and-forward device. Bridges operate at the data link layer by examining the media access control header of a data packet. Routers are switching devices that operate at the network layer by examining network addresses. Repeaters work at the physical layer and amplify transmission signals to reach remote devices by taking a signal from a LAN. Gateways provide access paths to foreign networks. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 127).

98 Preguntas 39. What is the proper term to refer to a single unit of TCP data at the transport layer? TCP segment  TCP datagram  TCP frame  TCP packet Answer: A The proper terms is TCP segment. Source: STEVENS, Richard W., TCP/IP Illustrated, Volume 1: The Protocols, 1994, Addison-Wesley Pub Co., pg. 10.

99 Preguntas 40. Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces?  Transport layer  Network layer  Data link layer Physical layer Answer: D The physical layer (layer 1) defines the X.24, V.35, X.21 and HSSI standard interfaces. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 83).

100 Preguntas 41. Which protocol matches an Internet Protocol (IP) address to a known Ethernet address?  Address Resolution Protocol (ARP). Reverse Address Resolution Protocol (RARP).  Internet Control Message protocol (ICMP).  User Datagram Protocol (UDP). Answer: B The RARP protocol sends out a packet, which includes its MAC address and a request to be informed of the IP address that should be assigned to that MAC address. ARP does the opposite by broadcasting a request to find the Ethernet address that matches a known IP address. ICMP supports packets containing error, control, and informational messages (e.g. PING). UDP runs over IP and is used primarily for broadcasting messages over a network. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 87.

101 Preguntas 42. Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provide following service except:  Authentication  Integrity  Replay resistance and non-repudiations Confidentiality Answer: D AH provides integrity, authentication, and non-repudiation. Security Associations (SAs) can be combined into bundles to provide authentication, confidentialility and layered communication. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4th Edition, Volume 2, 2001, CRC Press, NY, page 164.

102 Preguntas 43. RAID Software can run faster in the operating system because neither use the hardware-level parity drives by? A. Simple striping or mirroring. B. Hard striping or mirroring. C. Simple hamming code parity or mirroring. D. Simple striping or hamming code parity. Answer: A This is true, if we do not use parity in our RAID implementation, like RAID 1 (Mirroring) or RAID 0 (Stripping) we can improve performance because the CPU does not need waste cycles to make the parity calculations. For example this can be achieved in Windows 2000 server through the use of RAID 0 (No fault tolerance, just stripping in 64kb chunks) or RAID 1 (Mirroring through a file system driver). This is not the case of RAID 5 that actually uses parity to provide fault tolerance.

103 Preguntas 44. Which of the following is a problem evidenced with Raid Level 0? It lessens the fault tolerance of the disk system.  It reduces the performance of the disk system.  It reduces the capacity of the disk system.  It complicates the recovery of the disk system. Answer: A Tne problem with RAID Level 0 is that it actually lessens the fault tolerance of the disk system rather than increasing it-the entire data volume is unusable if one drive in the set fails. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65.

104 Preguntas 45. Which of the following firewall rules is less likely to be found on a firewall installed between an organization's internal network and the Internet?  Permit all traffic to and from local host.  Permit all inbound ssh traffic. Permit all inbound tcp connections.  Permit all syslog traffic to log-server.abc.org. Answer: C Any opening of an internal network to the Internet is susceptible of creating a new vulnerability. Of the given rules, the one that permits all inbound tcp connections is the most dangerous since it amounts to almost having no firewall at all, tcp being widely used on the Internet. Source: ALLEN, Julia H., The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations (page 409).

105 Preguntas 46. A variation of RAID 5 wherein the array functions as a single virtual disk in the hardware is which of the following? RAID Level 7  RAID Level 6  RAID Levels 3 and 4  RAID Level 2 Answer: A RAID Level 7 is a variation of RAID 5 wherein the array functions as a single virtual disk in the hardware. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 66.

106 Preguntas 47. In which LAN transmission method a source packet is copied and sent to specific multiple destinations on the network?  Overcast  Unicast Multicast  Broadcast Answer: C With multicast, a source packet is copied and sent to specific multiple destinations on the network. Unicast sends a packet from a single source to a single destination. In a broadcast, a packet is copied and then sent to all the stations on a network. Overcast is not a defined LAN transmission method. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 104).

107 Preguntas 48. Unshielded (UTP) comes in several categories. The category is based on: how tightly the copper cable is wound within the shielding.  how thick the shielding is.  several factors.  the diameter of the copper. Answer: A UTP comes in several categories, determined by how tightly the copper cable is wound within the shielding. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 101.

108 Preguntas 49. Which of the following NAT firewall translation modes is required to make internal hosts available for connection from external hosts?  Dynamic translation  Load balancing translation Static translation  Network redundancy translation Answer: C With static translation (also called port forwarding), a specific internal network resource (usually a server) has a fixed translation that never changes. Static NAT is required to make internal hosts available for connection from external hosts. In dynamic translation (also called Automatic, Hide Mode, or IP Masquerade), a large group of internal clients share a single or small group of internal IP addresses for the purpose of hiding their identities or expanding the internal network address space. Load Balancing Translation is used to translate a single IP address and port to a pool of identically configured servers so that a single public address can be served by a number of servers. In Network Redundancy Translation, multiple Internet connections are attached to a single NAT firewall that it chooses and uses based on load and availability. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24seven, Sybex 2000, Chapter 7: Network Address Translation.

109 Preguntas 50. When is implementing WLAN a feasible option for your environment?  When you have a proper security policy When you have no concerns about attacks from competitors looking for secret information  When you have properly secured your access points (AP)  When your have identified probable threats Answer: B Reference: The real deal on wireless article (info security mag, Aug 02), available at

110 Preguntas 51. Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false?  It can be used for voice  it can be used for data It carries various sizes of packets  It can be used for video Answer: C ATM is an example of a fast packet-switching network that can be used for either data, voice or video, but packets are of fixed size. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 455).

111 Preguntas 52. Which of the following would best define the "Wap Gap" security issue?  The processing capability gap between wireless devices and PCs. The fact that WTLS transmissions have to be decrypted at the carrier's WAP gateway to be re-encrypted with SSL for use over wired networks.  The fact that Wireless communications are far easier to intercept than wired communications.  The inability of wireless devices to implement strong encryption algorithms. Answer: B The WAP GAP is a specific security issue associated with WAP results from the requirement to change security protocols at the carrier's WAP gateway from the wireless WTLS to SSL for use over the wired network. At the WAP gateway, the transmission, which is protected by WTLS, is decrypted and then re-encrypted for transmission using SSL, leaving data temporarily in the clear on the gateway. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 173).

112 Preguntas 53. Which of the following statements pertaining to VPN protocol standards is false?  L2TP is a combination of PPTP and L2F.  L2TP and PPTP were designed for single point-to-point client to server communication. L2TP operates at the network layer.  PPTP uses native PPP authentication and encryption services. Answer: C L2TP and PPTP were both designed for individual client to server connections; they enable only a single point-to-point connection per session. Both L2TP and PPTP operate at the data link layer (layer 2) of the OSI model. PPTP uses native PPP authentication and encryption services and L2TP is a combination of PPTP and Layer 2 Forwarding protocol (L2F). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 95).

113 Preguntas 54. What is defined as the manner in which the network devices are organized to facilitate communications?  LAN transmission methods LAN topologies  LAN transmission protocols  LAN media access methods Answer: B A network topology defines the manner in which the network devices are organized to facilitate communications. Common LAN technologies are bus, ring, star or meshed. LAN transmission methods refer to the way packets are sent on the network and are either unicast, multicast or broadcast. LAN transmission protocols are the rules for communicating between computers on a LAN. Common LAN transmission protocols are CSMA/CD, polling, token-passing. LAN media access methods control the use of a network (physical and data link layers). They can be Ethernet, ARCnet, Token ring and FDDI. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 105).

114 Preguntas 55. Which of the following best defines source routing? The packets hold the forwarding information so they don't need bridges and routers to find their way to the destination.  The packets hold source information in a fashion that source address cannot be forged.  The packets are encapsulated to conceal source information.  The packets hold information about redundant paths in order to provide a higher reliability. Answer: A With source routing, the packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths. Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#2 Telecommunications and Network Security (page 5), available at

115 Preguntas Answer: B 56. What is also known as 10Base5? Thinnet
Thicknet  ARCnet  UTP Answer: B Thicknet is a coaxial cable with segments of up to 500 meters, also known as 10Base5. Thinnet is a coaxial cable with segments of up to 185 meters. Unshielded twisted pair (UTP) has three variations: 10 Mbps (10BaseT), 100 Mbps (100BaseT) or 1 Gbps (1000BaseT). ARCnet is a LAN media access method. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 108).

116 Preguntas 57. Which of the following offers security to wireless communications?  S-WAP WTLS  WSP  WDP Answer: B Wireless Transport Layer Security (WTLS) is a communication protocol that allows wireless devices to send and receive encrypted information over the Internet. S-WAP is not defined. WSP (Wireless Session Protocol) and WDP (Wireless Datagram Protocol) are part of Wireless Access Protocol (WAP). Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 173).

117 Preguntas 58. Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions?  Because infrared eavesdropping requires more sophisticated equipment.  Because infrared operates only over short distances. Because infrared requires direct line-of-sight paths.  Because infrared operates at extra-low frequencies (ELF). Answer: C Infrared is generally considered to be more secure to eavesdropping than multidirectional radio transmissions because infrared requires direct line-of-sight paths. Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 173).

118 Preguntas 59. What is the 802.11i standard related to?
Public Key Infrastructures (PKI) Wireless network communications  Packet-switching technology  Wireless network security Answer: D refers to a family of specifications developed by the IEEE for Wireless LAN technology specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in There are several specifications in the family: 802.11i – describes security extensions for Source: Planet's web site.