Learn about PPP. Point-to-Point Protocol (PPP) is an encapsulation protocol designed to support the transmission of IP traffic over dial-up or point-to-point links. The original PPP options for authentication are PAP, CHAP, and EAP.
PAP, CHAP and EAP definitions. PAP transmits usernames and passwords in clear text. CHAP performs authentication using a challenge-response conversation that cannot be replayed. EAP allows for custom authentication security solutions.
Can provide examples of EAP. There are approximately 40+ EAP definitions, including LEAP, PEAP, EAP-SIM, EAP-FAST, EAP-MDS, EAP-POTP, EAP-TLS and EAP-TTLS.
Understanding IEEE 802.1X • IEEE 802.1x defines the use of encapsulated EAP to support a wide range of identities over LAN connections
Authentication options. The IEEE802.1X standard is officially named "Port-based Network Access Control".
Learn about port security. Port security can refer to physical control of all connection points, such as RJ-45 wall jacks or device ports. Port security is the management of TCP and User Datagram Protocol (UDP) ports. Port security can also refer to the need to authenticate a port before allowing communication through or across the port (i.e. IEEE 802.1X).
Understand voice communications security. Voice communications are vulnerable to a variety of attacks, especially as voice communications become an important part of network services. By using encrypted communications, confidentiality can be improved. Some technical measures are needed to prevent interception, listening, tapping and other types of attacks. Familiarity with topics related to voice communications such as POTS, PSTN, PBX A VolP.
Learn about the threats associated with PBX systems and what to do about PBX spoofing. The measures to protect against PBX fraud and abuse are largely the same as those used to protect computer networks: logical controls, technical controls, administrative controls, and physical controls.
Understand the security issues related to XoIP. Security risks faced by XoIP include: caller ID fraud, voice phishing, dialing management software/firmware attacks, phone hardware attacks, DoS, MITM/path, spoofing and switch hopping attacks.
Understand the content of phishing attacks. Phreaking is a specific type of attack that uses a variety of techniques to trick functionality provided by a phone system in order to make free long-distance calls, change the functionality of a phone service, abuse specialized services, or directly Cause the service to crash. A phreak is a person who performs a phreak attack.
Understand the issues of return access security management. Remote access security management requires security system designers to select hardware and software components based on security policies, work tasks, and encryption requirements.
Learn about various issues related to remote access security. Familiarity with remote access, dial-up connections, screen capturers, virtual applications/desktops, and general remote working security priorities.
Learn about multimedia collaboration. Multimedia collaboration refers to the utilization of various multimedia-enabled communication solutions to enhance remote collaboration and communication.
Understand the purpose of a load balancer. The purpose of load balancing is to obtain more optimized infrastructure utilization, minimize response time, maximize throughput, reduce overload and eliminate bottlenecks. Load balancers are used to spread/distribute network load across multiple network links or network devices.
Learn about active-active systems. An active-active system is a form of load balancing that uses all available paths or systems during normal operations, but has reduced capacity during adverse conditions.
Understand active-passive systems. An active-passive system is a form of load balancing that puts certain paths or systems to sleep unused during normal operations and is able to maintain consistent capacity during abnormal conditions.
Understand how email security works. Internet mail is based on the SMTP, POP3 and IAP protocols. It is inherently unsafe. In order to make email secure, some security measures need to be added to the security policy. Technologies that address email security include: SMIME, PGP, DKIM, SPF, DMARC, STARTTLS, and Implicit SMTPS.
Learn how to secure data communications. Protection measures should include implementing secure VoIP, VPN, VLAN and NAT.
Learn about virtualized networking. Virtualized networking or network virtualization refers to the combination of hardware and software network components into a single integrated entity. Examples include: software-defined networking (SAN), VIAN, VPN, virtual switch, virtual SAN, guest operating system, port isolation, and NAT.
Define tunnel. Tunneling refers to encapsulating messages of one transport protocol using a second protocol. The second protocol often utilizes encryption to protect message content.
Understand VPNs. VPNs are based on encrypted tunnels. It can provide point-to-point connections with identity authentication and data protection functions. Common VPN protocols are PPTP, L2TP, SSH, TLS, and Psec.
Learn about split tunneling vs. full tunneling. Split tunneling is a VPN configuration that allows a VPN-connected client system (i.e., a remote node) to access an organization's network directly through both the VPN and the Internet. Full tunnel is another VPN configuration in which all traffic from the client is sent over the VPN link to the organization network, and then any traffic destined for the Internet is routed from the organization network's proxy or firewall interface to the Internet.
Be able to explain what NAT is. NAT provides an addressing scheme for private networks, allowing the use of private addresses and enabling multiple internal users to access the Internet through fewer public addresses. Many security border devices support NAT, such as firewalls, routers, gateways, WAPs, and proxy servers.
Learn about third-party connections. Most organizations interact with external third-party providers. Most external entities do not need to interact directly with the organization's IT/IS, however, although rarely, the risks and consequences must still be considered. This includes partnerships, cloud services and remote workers.
Understand the differences between packet switching and circuit switching. In circuit switching, a dedicated physical path is established between communicating parties. In packet switching, a message or communication content is divided into many small segments and then transmitted to the destination through an intermediate network. Packet switching systems have two communication paths or virtual circuits: permanent virtual circuits (PVC) and switched virtual circuits (SVC).
Understand cyber attacks of various types and countermeasures related to communication security. Communications systems are vulnerable to a variety of attacks, including distributed denial of service (DDoS), snooping, impersonation, replay, tampering, spoofing, ARP attacks, and DNS attacks. Be able to propose effective countermeasures for each attack.
Wondershare EdrawMind
