#MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION ONE

INTRODUCTION

2024
Class # 7 – Domain #4 PT2
Christophe Foulon
Founder CPF Coaching & vCISO
Fractional CISO @ Nexigen

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 1
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM –

FRSECURE CISSP MENTOR PROGRAM LIVE

STREAM THANK YOU!
Quick housekeeping reminder.
• The online/live chat that’s provided while live streaming on YouTube
is for constructive, respectful, and relevant (about course content)
discussion ONLY.
• At NO TIME is the online chat permitted to be used for disrespectful,
offensive, obscene, indecent, or profane remarks or content.
• Please do not comment about controversial subjects, and please NO
DISCUSSION OF POLITICS OR RELIGION.
• Failure to abide by the rules may result in disabling chat for you.
• DO NOT share or post copywritten materials. (pdf of book)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 1
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM

SCHEDULE Class
Number
Date Topic
Lead
Mentor
[Our plan] 1 4/08/24 Introduction Evan
2 4/10/24 Domain 1: Security & Risk Management Chris
3 4/15/24 Domain 7: Security Operations (p1) Brad
4 4/17/24 Domain 7: Security Operations (p2) & Domain 2: Asset Security Evan
4/22/24 BREAK – Optional Study Group
5 4/24/24 Domain 6: Security Assessment and Testing Ron
6 4/29/24 Domain 4: Communication and Network Security (p1) Ron
7 5/1/24 Domain 4: Communication and Network Security (p2) Chris
8 5/6/24 Domain 5: Identity and Access Management Brad
5/8/24 BREAK – Optional Study Group
9 5/13/24 Domain 3: Security Architecture and Engineering (p1) Ron
10 5/15/24 Domain 3: Security Architecture and Engineering (p2) Ryan
11 5/20/24 Domain 3: SA&E (p3) & Domain 8: Software Development Security Ron
12 5/22/24 Review & Exam Preparation ALL
5/27/24 BREAK
13 5/29/24 Final Exam Preparation ALL

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 2
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

INTRODUCTION
Agenda –
• Welcome, Reminders, & Introduction
• Questions
• Review
• Domain 4 PT 2

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 3
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – LEAD MENTOR INTRO

WHOAMI
Christophe Foulon
Founder CPF Coaching & vCISO
https://www.linkedin.com/in/christophefoulon/

@Chris_Foulon

Founder / vCISO
Educational Non-Profit I
help Found and Support

Fractional CISO

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 4
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SIX

WHO I AM?
I love Baby Yoda
Outside of being a security practitioner focused on helping businesses tackle their
cybersecurity risks while minimizing friction resulting in increased resiliency and helping
to secure people and processes with a solid understanding of the technology involved.

I am a dad, dog dad and career coach. I love helping other to achieve their best.
Through this channel, I help veterans with their transitions and others via non-profits like
Whole Cyber Human Initiative, Boots2Books and others.

I give back by producing a podcast focused on helping people who are “Breaking into
Cybersecurity” by sharing the stories of those who have done it in the past 5 years to
inspire those looking to do it now.

Co-authored:
“Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level”
“Hack the Cybersecurity Interview: A complete interview preparation guide for
jumpstarting your cybersecurity career”
And advised on “Understand, Manage, and Measure Cyber Risk”
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 5
CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

GETTING GOING…
Managing Risk!

Studythrough
We’re Tips: Chapters 1, 2, 3, and part way into Chapter
4!• Study in small amounts frequently (20-30 min)
••Check-in.
Flash card and practice test apps help
••How many
Take napshave read
after Chapter
heavy 1, 2(aka
topics & 3?Security Models)
Write things down, say them out loud
••Questions?
• Use the Slack Discord Channels
• Exercise or get fresh air in between study sessions

Let’s get going!

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 6
CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

GETTING GOING…
Great job last week! We’re through [add whatever was covered last session]

• Shout Out to Ron for Monday!

• Every week goes so fast, it’s easy to forget what

happened. Same for you all?
• Everyone get some study time in?
• Check-in – Last Session’s Domain
• How many have read Domain 4-pt 1?
• Questions?

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 7
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

QUESTIONS.
The most common questions:
Check your email for links
• Discord Slack channel
Use it for more in-depth questions /
discussions
• Live session links & Recording
• Instructor slide deck
• Other Resources

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 8
Do not share electronic versions of the book!

9
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

INTRODUCTION
Before we get too deep into this.
How about a dumb dad joke?

What kind of cars takes you to a Jedi?

A toyoda!!!!!
😂😂😂
Yeah, I know.
That’s dumb.

Let’s get to it…

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 10
CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

DOMAIN 4 REVIEW You read Domain 4,

right?
Ben connected his laptop to his tablet PC using an
802.11ac connection. What wireless network mode
has he used to connect these devices?

A. Standalone Mode
B. Ad-hoc Mode Answer:

C. Wired extension Mode Ad-hoc can be used to connect these

two clients together.
D. Infrastructure mode

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 11
CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

DOMAIN 4 REVIEW You read Domain 4,

right?

Alice’s company has implemented MFA using SMS messages to

provide a numeric code. What is the primary security concern that
Alice might may want to express about this design?

A. SMS messages can be spoofed by senders

B. SMS messages may be stored on the receiving device
C. SMS messages may be received by more than one device
D. SMS messages are not encrypted Answer:

The primary concern is that since the

messages are not encrypted, they
could be sniffed and captured.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 12
CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

DOMAIN 4 REVIEW You read Domain 4,

right?
Which of the following is not an example of a
converged protocol?

A. iSCSI
B. MIME
C. FCoE Answer:

D. VoIP MIME - Multipurpose Internet Mail Extension is not a

converged Protocol

FCoE - Fibre Channel over Ethernet

iSCSI - Internet Small Computer Systems Interface
VoIP - Voice over Internet Protocol

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 13
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

pp. 334 - Kindle

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY

Secure Network Components

An introduction to the key concepts associated

with operating network hardware, followed by
coverage of network transmission media and
network components (such as firewalls, routers,
and switches), ending with some foundational
coverage of endpoint security.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 15
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
To securely implement and use/operate network equipment, we
must account for (at a minimum):
• Policy, Standards, Guidelines, and Procedures.
• Personnel must be enabled to perform; they must be
trained.
• We can’t secure what we can’t control – Change control is
fundamental.
• What we can’t prevent, we must be able to detect –
Monitoring is also fundamental.
• Other considerations include inventory, redundancy,
maintenance, etc.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 16
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls

Sort of…

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 17
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls

Ingress

Egress

Do NOT forget
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 18
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls
• Stop unwanted (or unauthorized network traffic)
based upon rules.
• Creates a “boundary”.
• Perimeter firewalls (between public/private) and
internal firewalls (between various security domains).
• A “default deny” approach is most secure, but also the
most work.
• Must be maintained just like any other piece of
hardware running software (access control, change
control, patching, etc.).
• Critical events should be logged (and monitored).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 19
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.
• Application-level firewall.
• Stateful inspection firewall.
• Circuit-level firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 20
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 21
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Static packet filtering firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 22
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.
• Also called a “screening router”
• Very fast, simple, easiest to bypass/least secure.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 23
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.
• “screening router”
• Very fast, simple, easiest to bypass/least secure.
• Application-level firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 24
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Static packet filtering firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 25
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.
• “screening router”
• Very fast, simple, easiest to bypass/least secure.
• Application-level firewall.
• “gateway” or “proxy”
• Slow, complex, very secure.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 26
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.
• “screening router”
• Very fast, simple, easiest to bypass/least secure.
• Application-level firewall.
• “gateway” or “proxy”
• Slow, complex, very secure.
• Stateful inspection firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 27
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Static packet filtering firewall. Stateful inspection firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 28
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.
• “screening router”
• Very fast, simple, easiest to bypass/least secure.
• Application-level firewall.
• “gateway” or “proxy”
• Slow, complex, very secure.
• Stateful inspection firewall.
• Like a static packet filtering firewall but maintains “state”.
• Fast, harder to bypass, doesn’t see data.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 29
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.
• “screening router”
• Very fast, simple, easiest to bypass/least secure.
• Application-level firewall.
• “gateway” or “proxy”
• Slow, complex, very secure.
• Stateful inspection firewall.
• Like a static packet filtering firewall but maintains “state”.
• Fast, harder to bypass, doesn’t see data.
• Circuit-level firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 30
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Circuit-level firewall.

Static packet filtering firewall. Stateful inspection firewall.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 31
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall.
• “screening router”
• Very fast, simple, easiest to bypass/least secure.
• Application-level firewall.
• “gateway” or “proxy”
• Slow, complex, very secure.
• Stateful inspection firewall.
• Like a static packet filtering firewall but maintains “state”.
• Fast, harder to bypass, doesn’t see data.
• Circuit-level firewall.
• Operates like a stateful inspection firewall.
• No data inspection, semi-proxy (traffic appears as though it comes from the
gateway).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 32
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Four (basic) Types
• Static packet filtering firewall. Next-gen firewalls (NGFW)
• “screening router” • “advanced” features.
• Very fast, simple, easiest to bypass/least secure. • Intrusion detection (IDS)
• Application-level firewall. • Intrusion prevention (IPS)
• “gateway” or “proxy” • Can operate at all/different levels
• Slow, complex, very secure. of OSI
• Stateful inspection firewall.
• Like a static packet filtering firewall but maintains “state”.
• Fast, harder to bypass, doesn’t see data.
• Circuit-level firewall.
• Operates like a stateful inspection firewall.
• No data inspection, semi-proxy (traffic appears as though it comes from the
gateway).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 33
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewalls
• More than one network interface
• Application-level firewall.
• “gateway” or “proxy”
• Slow, complex, very secure.
• Stateful inspection firewall.
• Like a static packet filtering firewall but maintains “state”.
• Fast, harder to bypass, doesn’t see data.
• Circuit-level firewall.
• Operates like a stateful inspection firewall.
• No data inspection, semi-proxy (traffic appears as though it comes from the
gateway).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 34
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewall
• More than one network interface

External

DMZ

Internal

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 35
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewall
• More than one network interface
• Bastion Host/Screened Host
• Sometimes referred to as “jump box”.
• A proxy, limited number of applications.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 36
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewall
• More than one network interface
• Bastion Host/Screened Host
• Sometimes referred to as “jump box”.
• A proxy, limited number of applications.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 37
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewall
• More than one network interface
• Bastion Host/Screened Host
• Sometimes referred to as “jump box”.
• A proxy, limited number of applications.
• Screened Subnet
• Combination of bastion hosts (but not always).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 38
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewall
• More than one network interface
• Bastion Host/Screened Host
• Sometimes referred to as “jump box”.
• A proxy, limited number of applications.
• Screened Subnet
• Combination of bastion hosts (but not always).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 39
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures “In today's complex computing
environment, a single firewall in line
• Multihomed Firewall between the untrusted and the private
• More than one network interface
networks is almost always insufficient.”
• Bastion Host/Screened Host
• Sometimes referred to as “jump box”.
• A proxy, limited number of applications.
• Screened Subnet
• Combination of bastion hosts (but not always).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 40
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewall
• More than one network interface
• Bastion Host/Screened Host
• Sometimes referred to as “jump box”.
• A proxy, limited number of applications.
• Screened Subnet
• Combination of bastion hosts (but not always).
• “Other”
• AWS “security groups”, Virtual Private Cloud (VPC)
• Firewall as a service (FWaaS)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 41
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewall
• More than one network interface
• Bastion Host/Screened Host
• Sometimes referred to as “jump box”.
• A proxy, limited number of applications.
• Screened Subnet
• Combination of bastion hosts (but not always).
• “Other”
• AWS “security groups”, Virtual Private Cloud (VPC)
• Firewall as a service (FWaaS)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 42
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Firewalls – Architectures
• Multihomed Firewall
• More than one network interface
• Bastion Host/Screened Host
• Sometimes referred to as “jump box”.
• A proxy, limited number of applications.
• Screened Subnet
• Combination of bastion hosts (but not always).
• “Other”
• AWS “security groups”, Virtual Private Cloud (VPC)
Switching gears, back to the OSI Model…
• Firewall as a service (FWaaS)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 43
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Circuit-level firewall.

Static packet filtering firewall. Stateful inspection firewall.

Repeater
This work is licensed under a Creative Commons Attribution-ShareAlike and Hub
4.0 International License. 44
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Smarter Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Circuit-level firewall.

Static packet filtering firewall. Stateful inspection firewall.

Dumber
Repeater
This work is licensed under a Creative Commons Attribution-ShareAlike and Hub
4.0 International License. 45
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Repeaters, Concentrators, and Amplifiers
• Operate at the Physical Layer (Layer 1)
• Connect two networks of the same kind together.
• Repeat/regenerate the signal (takes care of attenuation).
• Same collision domain, collision domains are segmented at
Layer 2 (coming up).
• A hub is a multiport repeater.
• NO traffic filtering, what comes in one port goes out the
other(s).
• No more than four repeaters in a row (RoT), 5-4-3 rule (5
segments, 4 repeaters, 3 have additional connections.
• A hub is a security risk.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 46
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Repeaters, Concentrators, and Amplifiers
• Operate at the Physical Layer (Layer 1)
• Connect two networks of the same kind together.
• Repeat/regenerate the signal (takes care of attenuation).
• Same collision domain, collision domains are segmented at
Layer 2 (coming up).
• A hub is a multiport repeater.
• NO traffic filtering, what comes in one port goes out the
other(s).
• No more than four repeaters in a row (RoT), 5-4-3 rule (5
segments, 4 repeaters, 3 have additional connections.
• A hub is a security risk.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 47
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Smarter Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Circuit-level firewall.

Static packet filtering firewall. Stateful inspection firewall.

Dumber
Repeater
This work is licensed under a Creative Commons Attribution-ShareAlike and Hub
4.0 International License. 48
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Smarter Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Circuit-level firewall.

Static packet filtering firewall. Stateful inspection firewall.

Bridge and Switch

Dumber
Repeater
This work is licensed under a Creative Commons Attribution-ShareAlike and Hub
4.0 International License. 49
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Bridges and Switches
• Operate at the Data Link Layer (Layer 2)
• Connect two networks of the same protocol together, can
connect different physical types & speeds.
• Repeat/regenerate the signal (takes care of attenuation).
• Filters traffic based on MAC address (aka physical address).
• Breaks the collision domain, but broadcast domain remains
(Layer 3).
• A switch is a multiport bridge.
• Spanning Tree Algorithm (STA) - blocks forwarding on
redundant links by setting up one preferred link between
switches in the LAN.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 50
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Bridges and Switches
• Operate at the Data Link Layer (Layer 2)
• Connect two networks of the same protocol together, can
connect different physical types & speeds.
• Repeat/regenerate the signal (takes care of attenuation).
• Filters traffic based on MAC address.
• Breaks the collision domain, but broadcast domain remains
(Layer 3).
• A switch is a multiport bridge.
• Spanning Tree Algorithm (STA) - blocks forwarding on
redundant links by setting up one preferred link between
switches in the LAN.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 51
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Bridges and Switches
• Operate at the Data Link Layer (Layer 2)
• Connect two networks of the same protocol together, can
connect different physical types & speeds.
• Repeat/regenerate the signal (takes care of attenuation).
• Filters traffic based on MAC address.
• Breaks the collision domain, but broadcast domain remains
(Layer 3).
• A switch is a multiport bridge.
• Spanning Tree Algorithm (STA) - blocks forwarding on
redundant links by setting up one preferred link between
switches in the LAN.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 52
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Bridges and Switches
• Operate at the Data Link Layer (Layer 2)
• Connect two networks of the same protocol together, can
connect different physical types & speeds.
• Repeat/regenerate the signal (takes care of attenuation).
• Filters traffic based on MAC address.
• Breaks the collision domain, but broadcast domain remains
(Layer 3).
• A switch is a multiport bridge.
• Spanning Tree Algorithm (STA) - blocks forwarding on
redundant links by setting up one preferred link between
switches in the LAN.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 53
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Bridges and Switches
• Operate at the Data Link Layer (Layer 2)
• Connect two networks of the same protocol together, can
connect different physical types & speeds.
• Repeat/regenerate the signal (takes care of attenuation).
• Filters traffic based on MAC address.
• Breaks the collision domain, but broadcast domain remains
(Layer 3).
• A switch is a multiport bridge.
• Spanning Tree Algorithm (STA) - blocks forwarding on
redundant links by setting up one preferred link between
switches in the LAN.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 54
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Bridges and Switches
• Operate at the Data Link Layer (Layer 2)
• Connect two networks of the same protocol together, can
connect different physical types & speeds.
• Repeat/regenerate the signal (takes care of attenuation).
• Filters traffic based on MAC address.
• Breaks the collision domain, but broadcast domain remains
(Layer 3).
• A switch is a multiport bridge.
• Spanning Tree Algorithm (STA) - blocks forwarding on
redundant links by setting up one preferred link between
switches in the LAN.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 55
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Switches
• Operate a Layer 2 and there are NO ROUTING capabilities.
• Switches can segment networks using VLANs but cannot
route between VLANs without a router.
• VLANs are created by “tagging” ports in the switch.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 56
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Smarter Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Our pal, the OSI Model.

Circuit-level firewall.

Static packet filtering firewall. Stateful inspection firewall.

Router

Bridge and Switch

Dumber
Repeater
This work is licensed under a Creative Commons Attribution-ShareAlike and Hub
4.0 International License. 57
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Routers
• Operate at the Network Layer (Layer 3)
• Connect two networks of the same protocol together, can
connect different physical types, speeds, and layer 2
technologies (Ethernet, Token Ring, etc.).
• Repeat/regenerate the signal (takes care of attenuation).
• Filters traffic based on IP address (aka logical address).
• Breaks the collision domain and the broadcast domain.
• Determines the best route (path) through a network.
• Routing table built manually or with a routing protocol (BGP,
OSPF, IGRP, EIGRP, RIP, etc.)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 58
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Routers
• Operate at the Network Layer (Layer 3)
• Connect two networks of the same protocol together, can
connect different physical types, speeds, and layer 2
technologies (Ethernet, Token Ring, etc.).
• Repeat/regenerate the signal (takes care of attenuation).
• Filters traffic based on IP address (aka logical address).
• Breaks the collision domain and the broadcast domain.
• Determines the best route (path) through a network.
• Routing table built manually or with a routing protocol (BGP,
OSPF, IGRP, EIGRP, RIP, etc.)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 59
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

Smarter Application-level firewall.
DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Gateway
Secure Network Components
Our pal, the OSI Model.

Circuit-level firewall.

Static packet filtering firewall. Stateful inspection firewall.

Router

Bridge and Switch

Dumber
Repeater
This work is licensed under a Creative Commons Attribution-ShareAlike and Hub
4.0 International License. 60
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Gateways
• Can operate at all Layers (1 – 7).
• Connect two networks of different protocols together.
• Also called “protocol translators”.
• Repeat/regenerate the signal (takes care of attenuation).
• Many types, including data, mail, application, internet, etc.
• Breaks the collision domain and the broadcast domain.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 61
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
Proxies
• A type of gateway.
• Can operate at all Layers (1 – 7).
• Proxies DO NOT translate protocols.
• Acts on behalf of a host/hosts.
• Network Address Translation (NAT) server.
• Breaks the collision domain and the broadcast domain.
SOCKS, which stands for Socket Secure, is a network protocol that facilitates communication
with servers through a firewall by routing network traffic to the actual server on behalf of a
client. SOCKS is designed to route any type of traffic generated by any protocol or program.

SOCKS is a layer 5 protocol

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 62
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
LAN Extender
• Also called a “network extender” or “Ethernet extender.
• Any device used to extend an Ethernet or network segment
beyond its inherent distance limitation which is approximately
100 meters (328 ft).
• Work at Layer 2, like a Layer 2 repeater.
Wireless Access Points
• Operate a Layer 2.
• Discussed last week in more detail.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 63
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Secure Network Components
LAN Extender
• Also called a “network extender” or “Ethernet extender.
• Any device used to extend an Ethernet or network segment
beyond its inherent distance limitation which is approximately
100 meters (328 ft).
• Work at Layer 2, like a Layer 2 repeater.
Wireless Access Points
• Operate a Layer 2.
• Discussed last week in more detail.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 64
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Local Area Network Technologies - Ethernet
• IEEE 802.3
• Most common LAN technology in use.
• Usually, a Star or Bus topology.
• Two-way, full-duplex communication.
• Ethernet is a Layer 2 technology, also works down (at Layer 1).
• The PDU for Ethernet is a “Frame”.
• Carrier Sense Multiple Access – Collision Detect (CSMA-CD).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 65
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Local Area Network
Technologies - Ethernet
• Fast Ethernet – data transfer up to
100 Mbps.
• Gigabit Ethernet – data transfer
up to 1,000 Mbps (~1 Gbps)
• 10 Gigabit Ethernet – data
transfer up to 10 Gbps (~10,000
Mbps).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 66
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Wireless Local Area Network Technologies – Wi-Fi
• IEEE 802.11
• Two modes of operation (mostly):
• Infrastructure Mode – client/server, clients connect to
Wireless Access Points (WAPs).
• Ad hoc Mode – Peer-to-peer connections.
• No physical media, transmission over radio waves.
• Carrier Sense Multiple Access – Collision Avoidance (CSMA-CA).

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 67
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Cabling – Coaxial Cable
• Also known as “coax”.
• Center core of copper wire as an inner conductor surrounded
by an insulating layer, surrounded by a conducting shield
• Two-way communication; the center copper core and the
braided shielding layer.
• Well resistant to electromagnetic interference (EMI) and less
susceptible to leakage
• Longer distance than twisted pair.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 68
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Cabling – Coaxial Cable
• Also known as “coax”.
• Center core of copper wire as an inner conductor surrounded
by an insulating layer, surrounded by a conducting shield
• Two-way communication; the center copper core and the
braided shielding layer.
• Well resistant to electromagnetic interference (EMI) and less
susceptible to leakage
• Longer distance than twisted pair.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 69
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Cabling – Coaxial Cable
• Also known as “coax”.
• Center core of copper wire as an inner conductor surrounded
by an insulating layer, surrounded by a conducting shield
• Two-way communication; the center copper core and the
braided shielding layer.
• Well resistant to electromagnetic interference (EMI) and less
susceptible to leakage
• Longer distance than twisted pair.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 70
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Cabling – Twisted Pair

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 71
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Cabling – Twisted Pair

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 72
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Cabling – Twisted Pair

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 73
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Cabling – Twisted Pair

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 74
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Topologies - Ring
• A physical star, logical ring.
• No data collisions.
• Token-passing is the most common technology.
• Token Ring (IEEE 802.5)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 75
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Topologies - Ring
• A physical star, logical ring.
• Token-passing is the most common technology.
• Token Ring (IEEE 802.5)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 76
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Topologies - Bus
• Connected by a single line or backbone cable.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 77
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Topologies - Bus
• Connected by a single line or backbone cable.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 78
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Topologies – Star
• All devices connect to a central
system/controller.
• Usually a hub, switch, etc.
• Single point of failure is limited
to a central system/controller.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 79
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Topologies – Mesh
• Full – everything is connected
to everything. Highly resilient,
but very expensive.
• Partial – some things are
connected to some things.
Good for HA systems.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 80
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Transmission Media
Network Topologies – Hybrid

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 81
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Network Access Control
• Also referred to as NAC.
• Support network visibility and access management
through policy enforcement on devices and users of
corporate networks.
• Deny network access to noncompliant devices, place
them in a quarantined area, or give them only
restricted access to computing resources.

Two types of NAC, including the following:

• Pre-admission - evaluates access attempts and only allows entry to
authorized devices and users.
• Post-admission - re-authenticates users trying to enter a different part of
the network; also restricts lateral movement to limit the damage
from cyber attacks.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 82
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Network Access Control
Agent versus agentless

Out-of-band versus inline

Remediation

Quarantine

Captive portals

There are 1,000s of ways to

implement NAC.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 83
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice - Private Branch Exchange (PBX)
• Enterprise-class phone system
• Internal switching network and a controller
• Uses embedded, proprietary software that contains
customer-specified data and translations for routing
voice, data, and video transmissions.

https://www.giac.org/paper/gsec/671/securing-system-basic-pbx-functionality-vulnerabilitie
s/101135#:~:text=However%2C%20a%20review%20of%20PBX,forwarding%2C%20and%20thr
u%2Ddialing.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 84
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice - Private Branch Exchange (PBX)
Common Threats To PBXs and Voice Mail Systems
• Theft of Service - The common motive for attackers, Toll Fraud.
• Disclosure of information - The disclosure of confidential and/or proprietary
information, including conversations and system configuration data.
• Data modification - The illegal modification of system configuration data or
records.
• Unprivileged access - Access by unauthorized users to gain control of
system resources or privileges.
• Denial of service - Attacks that lead to the deterioration of service or
suspension of functionality.
• Traffic analysis - A passive attack that allows phreakers to view calling
patterns and make conclusions based on the source and destination of calls.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 85
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice - Private Branch Exchange (PBX)
Common Vulnerabilities
• Physical Security - Switchroom Security, System Printouts/Documentation,
etc.
• Remote Access - most PBX and voice mail systems allow system
administrators and/or switch vendors to remotely access system resources for
administrative and maintenance functions.
• Direct Inward System Access (DISA) - most commonly abused system
feature. DISA offers a convenient means for offsite employees to place calls to
internal extensions, private network locations, and external numbers by
accessing the PBX
• Call Forwarding
• Thru-dialing

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 86
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice - Private Branch Exchange (PBX)
Common Vulnerabilities
• Physical Security - Switchroom Security, System Printouts/Documentation,
etc.
• Remote Access - most PBX and voice mail systems allow system
administrators and/or switch vendors to remotely access system resources for
administrative and maintenance functions.
• Direct Inward System Access (DISA) - most commonly abused system
feature. DISA offers a convenient means for offsite employees to place calls to
internal extensions, private network locations, and external numbers by
accessing the PBX
• Call Forwarding
• Thru-dialing

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 87
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice – Plain Old Telephone Service (POTS)
• Residential networks and some businesses
• Carry human voice over a bidirectional analog telephone
interface
• Voice communications are vulnerable to interception,
eavesdropping, tapping, and other exploitations

POTS and PBX security controls rely heavily on

physical controls

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 88
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice – Voice over Internet Protocol (VoIP)
• Encapsulate voice communications and multimedia
sessions over IP networks
• When configured correctly VoIP is generally more
secure than landlines.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 89
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice – Voice over Internet Protocol (VoIP)
• Encapsulate voice communications and multimedia
sessions over IP networks
• When configured correctly VoIP is generally more
secure than landlines.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 90
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice – Voice over Internet Protocol (VoIP)
• Encapsulate voice communications and multimedia
sessions over IP networks
• When configured correctly VoIP is generally more
secure than landlines.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 91
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice – Voice over Internet Protocol (VoIP)
• When voice data packets are transferred from the sender to
the recipient, they use an IP transport protocol called
the SRTP (Secure Real-Time Transport Protocol.)
• SRTP is a cryptographic protocol that applies the Advanced
Encryption Standard (AES) to data packets, provides
message authentication, and offers additional protection
against potential replay attacks.
• In addition to SRTP, VoIP providers use another form of
encryption called Transport Layer Security (TLS) or SIP over
TLS to protect additional call information.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 92
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
IMPLEMENT SECURE COMMUNICATION CHANNELS
ACCORDING TO DESIGN
Voice – Voice over Internet Protocol (VoIP)
• Packet Sniffing and Black Hole Attacks
• DDoS Attacks
• Vishing
• Malware and Viruses
• Phreaking Attack - a type of fraud where the VoIP system is
used to make long-distance calls, change calling plans, add
more account credits, and make any additional phone calls
they want — all on the victim’s dime.
• SPIT, or Spam over IP Telephony
• Voice over Misconfigured Internet Telephones, or VOMIT,
(gross, we know) is a VoIP hacking tool.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 93
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Meeting
Common examples of threats or risks include the following:
• Threats to privacy, identification, or Personally Identifiable
Information (PII)
• Risks to data from data theft or breaches
• Risks to confidential business or corporate information or
intellectual property
• Meeting hijackings
• Access to confidential meeting recordings

https://www.cisa.gov/sites/default/files/publications/CISA_Guidance_for_Securing_Video_C
onferencing_S508C.pdf

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 94
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Meeting
Common examples of threats or risks include the following:
• Threats to privacy, identification, or Personally Identifiable
Information (PII)
• Risks to data from data theft or breaches
• Risks to confidential business or corporate information or
intellectual property
• Meeting hijackings
• Access to confidential meeting recordings

https://www.cisa.gov/sites/default/files/publications/CISA_Guidance_for_Securing_Video_C
onferencing_S508C.pdf

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 95
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Zoombombing – an unwanted/uninvited
Remote Meeting
Common
person examples
enters of conference.
a video threats or risks include the following:
• Threats to privacy, identification, or Personally Identifiable
Information (PII)
• Risks to data from data theft or breaches
• Risks to confidential business or corporate information or
intellectual property
• Meeting hijackings
• Access to confidential meeting recordings

https://www.cisa.gov/sites/default/files/publications/CISA_Guidance_for_Securing_Video_C
onferencing_S508C.pdf

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 96
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Instant Messaging
Top Risks (https://www.networkworld.com/article/2323048/top-5-im-security-risks.html)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 97
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Instant Messaging
Top Risks (https://www.networkworld.com/article/2323048/top-5-im-security-risks.html)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 98
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Instant Messaging
Top Risks (https://www.networkworld.com/article/2323048/top-5-im-security-risks.html)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 99
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Instant Messaging
Top Risks (https://www.networkworld.com/article/2323048/top-5-im-security-risks.html)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 100
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Instant Messaging
Top Risks (https://www.networkworld.com/article/2323048/top-5-im-security-risks.html)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 101
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Email
• Arguably the #1 entry point into corporate networks (as the
beginning of the attack “vector”).
• Social engineer’s paradise and an easy way to get files into
an organization.
• SMTP (TCP 25, sometime TCP 587), a store and forward protocol for
sending email.
• POP3 (TCP 110, TCP 995 for SSL/TLS) - mail protocol used to retrieve
mail from a remote server to a local email client. POP3 copies the
mail from the remote server into the local mail client.
• IMAP (TCP 143, TCP 993 for SSL/TLS) - mail protocol used to access a
mailbox on a remote server from a local email client. IMAP can be
more complex but provide more convenience for syncing across
multiple devices.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 102
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Email
• Sendmail, Exchange, Office 365, Gmail, etc.
• Attacks are sometimes focused on the server/service itself,
and the client(s).
• Vulnerabilities typically come from:
• Poor configuration.
• Unpatched (or outdated) systems.
• User (admin and/or end) mistakes.
• Ensure server is not an open relay, require authentication
and DNS protections.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 103
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Email – start with policy…
• Acceptable use: These are general guidelines for what email
can be used for, which may (or may not) include minimal
personal use.
• Access control: Access should be restricted to individual
inboxes and archives.
• Privacy: Users of a corporate email system should generally
be accustomed to having no expectation of privacy.
• Email backup and retention policies: Backups and archives
are needed for data recovery, legal proceedings, and many
audits.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 104
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Email – start with policy…
• Acceptable use: These are general guidelines requirements
for what email can be used for, which may (or may not)
include minimal personal use.
• Access control: Access should be restricted to individual
inboxes and archives.
• Privacy: Users of a corporate email system should generally
be accustomed to having no expectation of privacy.
• Email backup and retention policies: Backups and archives
are needed for data recovery, legal proceedings, and many
audits.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 105
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Email – (some) other considerations
Secure Multipurpose Internet Mail Extensions (S/MIME)
• Widely accepted protocol for sending digitally signed and encrypted messages.
• Uses public key encryption and digital signatures to enable authentication and
confidentiality for emails
• X.509 digital certificates are used to provide authentication
• Public Key Cryptography Standard (PKCS) encryption is used to provide privacy.

Two types of messages can be formed using S/MIME:

• Signed messages: To provide integrity, sender authentication, and
nonrepudiation of the sender
• Enveloped messages: To provide integrity, sender authentication, and
confidentiality

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 106
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Email – (some) other considerations
MIME Object Security Services (MOSS)
• Authentication, confidentiality, integrity and nonrepudiation services for
email messages
• Uses Message Digest 2 (MD2) and MD5 algorithms; Rivest, Shamir, and
Adelman (RSA) public key; and Data Encryption Standard (DES) to
provide authentication and encryption services.

Privacy Enhanced Mail (PEM)

• Provides authentication, integrity, confidentiality, and nonrepudiation.
• Also uses RSA, DES, and X.509.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 107
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Email – (some) other considerations
DomainKeys Identified Mail (DKIM)
• Validates mail was sent by an organization through verification of
domain name identity.
• Relies on public keys and digital signing

Pretty Good Privacy (PGP)

• Public-private key system that uses a variety of encryption algorithms to
encrypt email messages
• Used for signing, encrypting, and decrypting texts, e-mails, files,
directories, and whole disk partitions and to increase the security of
e-mail communications.
• Developed by Phil Zimmerman in 1991
• Not a standard.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 108
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Access
Many types of “remote access”
• Service specific - Outlook Web Access (OWA), various
terminal services, time and attendance applications, etc.
• Remote control – Remote Desktop Protocol (RDP, TCP
3389), Windows Terminal Server, and numerous other
applications.
• Screen scraping – the ability to copy data off the screen,
from one application into another. Great risk of unauthorized
disclosure of sensitive information.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 109
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Access Security Management
• A strong authentication system is required; multifactor
authentication is the standard to protect sensitive information.
• Limit remote access to only those who need it and who
routinely use it.
• Implement encryption for data in transit, to include one or
more of these examples: VPNs, SSL, TLS, SSH, and IPSec.
• Understand that a VPN is not a complete security solution;
end users who can authenticate and establish a VPN may be
accessing the network with an infected computer or mobile
device.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 110
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Access Security Management
• A strong authentication system is required; multifactor
authentication is the standard to protect sensitive information.
• Limit remote access to only those who need it and who
routinely use it.
• Implement encryption for data in transit, to include one or
more of these examples: VPNs, SSL, TLS, SSH, and IPSec.
• Understand that a VPN is not a complete security solution;
end users who can authenticate and establish a VPN may be
accessing the network with an infected computer or mobile
device.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 111
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Access Authentication
Centralized Remote Authentication Services - Remote
Authentication Dial-In User Service or “RADIUS”
• A RADIUS Client (or Network Access Server) is a networking device (like a
VPN concentrator, router, switch) that is used to authenticate users.
• A RADIUS Server is a background process that runs on a UNIX or Windows
server. It lets you maintain user profiles in a central database. Hence, if you
have a RADIUS Server, you have control over who can connect with your
network.
• All servers have AAA capabilities (Authentication, Authorization, and
Accounting)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 112
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Access Authentication
Centralized Remote Authentication Services - Remote
Authentication Dial-In User Service or “RADIUS”
• A RADIUS Client (or Network Access Server) is a networking device (like a
VPN concentrator, router, switch) that is used to authenticate users.
• A RADIUS Server is a background process that runs on a UNIX or Windows
server. It lets you maintain user profiles in a central database. Hence, if you
have a RADIUS Server, you have control over who can connect with your
network.
• All servers have AAA capabilities (Authentication, Authorization, and
Accounting)

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 113
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Access Authentication
Centralized Remote Authentication Services - Diameter
Evolved from RADIUS

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 114
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Access Authentication
Centralized Remote Authentication Services - TACACS
• Three versions: TACACS, Extended TACACS (XTACACS), and
TACACS+
• TACACS integrates the authentication and authorization
processes. XTACACS keeps the authentication,
authorization, and accounting processes separate. TACACS+
improves XTACACS by adding two-factor authentication.
TACACS+ is the most current and relevant version of this
product line.
• Developed by Cisco, but an open standard.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 115
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Remote Access Authentication
Centralized Remote Authentication Services - TACACS
• Three versions: TACACS, Extended TACACS (XTACACS), and
TACACS+
• TACACS integrates the authentication and authorization
processes. XTACACS keeps the authentication,
authorization, and accounting processes separate. TACACS+
improves XTACACS by adding two-factor authentication.
TACACS+ is the most current and relevant version of this
product line.
• Developed by Cisco, but an open standard.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 116
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Virtual Private Network - Point-to-Point Tunneling
Protocol (PPTP)
• Data link layer (layer 2) used on IP networks.
• One of the oldest protocols still being used by VPNs today,
developed by Microsoft and released with Windows 95.
• Easy to configure, requiring only a username, password, and
server address to connect to the server.
• Fast because of its low encryption level, but one of the least
secure protocols.
• Known vulnerabilities dating as far back as 1998, and the
absence of strong encryption – government agencies like
the NSA have been able to compromise.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 117
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Virtual Private Network - Point-to-Point Tunneling
Protocol (PPTP)
• Developed from the dial-up protocol called Point-to-Point
Protocol (PPP)
• Same authentication protocols supported by PPP:
• Microsoft Challenge Handshake Authentication Protocol
(MS-CHAP)
• CHAP
• PAP
• EAP
• Shiva Password Authentication Protocol (SPAP)
• Session establishment for PTPP is not encrypted.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 118
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Multimedia Collaboration
Virtual Private Network - Secure Socket Tunneling
Protocol (SSTP)
• Transport internet data through the Secure Sockets Layer or
SSL, is supported natively on Windows

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 119
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Data Communications
Frame Relay
• Packet switched wide area networking, connecting
networks operating at physical and data link layers.
• Often serves to connect LANs with major backbones.
• Connects separate WANs and private network
environments with leased lines over T-1 connections.
• Started as an extension of ISDN, integrating a
packet-switched networking over circuit-switched
technology.
• Devices performing frame relay services are called data
circuit-terminating equipment (DCE). Devices that
connect to the frame relay DCEs are called data terminal
equipment (DTE).
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 120
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Data Communications
Frame Relay
• Packet switched wide area networking, connecting
networks operating at physical and data link layers.
• Often serves to connect LANs with major backbones.
• Connects separate WANs and private network
environments with leased lines over T-1 connections.
• Started as an extension of ISDN, integrating a
packet-switched networking over circuit-switched
technology.
• Devices performing frame relay services are called data
circuit-terminating equipment (DCE). Devices that
connect to the frame relay DCEs are called data terminal
equipment (DTE).
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 121
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Data Communications
Asynchronous Transfer Mode (ATM)
• High-speed standard supporting voice and data.
• Designed to integrate telecommunication and computer
networks.
• Normally used by ISPs on their private long- distance
networks.
• Operates mostly at the data link layer (layer 2) and runs over
fiber or twisted-pair cable.
• No routing, uses special-purpose hardware called ATM
switches to establish point-to-point connections.
• ATM “cells” are 53-bytes.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 122
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Data Communications
Asynchronous Transfer Mode (ATM)
• High-speed standard supporting voice and data.
• Designed to integrate telecommunication and computer
networks.
• Normally used by ISPs on their private long- distance
networks.
• Operates mostly at the data link layer (layer 2) and runs over
fiber or twisted-pair cable.
• No routing, uses special-purpose hardware called ATM
switches to establish point-to-point connections.
• ATM “cells” are 53-bytes.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 123
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Data Communications
Asynchronous Transfer Mode (ATM)
• Performance often expressed in the form of optical carrier
(OC) levels, written as “OC-xxx.”
• OC-192, 10 Gbps
• OC-3 (more common), 155 Mbps
• OC-12, 622 Mbps
• Quality of Service (QoS). There are four basic types:
• Constant bit rate (CBR): A peak cell rate (PCR) is specified, which is
constant.
• Variable bit rate (VBR): An average or sustainable cell rate (SCR) is specified,
which can peak at a certain level, a PCR, for a maximum interval before
being problematic.
• Available bit rate (ABR): A minimum guaranteed rate is specified.
• Unspecified bit rate (UBR): Allocation to remaining transmission capacity.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 124
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION SEVEN

DOMAIN 4: COMMUNICATION AND NETWORK SECURITY
Data Communications
Asynchronous Transfer Mode (ATM)
• Performance often expressed in the form of optical carrier
(OC) levels, written as “OC-xxx.”
• OC-192, 10 Gbps
• OC-3 (more common), 155 Mbps
• OC-12, 622 Mbps
• Quality of Service (QoS). There are four basic types:
• Constant bit rate (CBR): A peak cell rate (PCR) is specified, which is
constant.
• Variable bit rate (VBR): An average or sustainable cell rate (SCR) is specified,
which can peak at a certain level, a PCR, for a maximum interval before
being problematic.
• Available bit rate (ABR): A minimum guaranteed rate is specified.
• Unspecified bit rate (UBR): Allocation to remaining transmission capacity.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 125
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

SESSION 7 Domain 4 Pt. 2 - FIN

We made it!
Next Session (add date here) -
Domain 5: Identity and Access Management – Brad

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 126
 #MissionBeforeMoney

CISSP® MENTOR PROGRAM – SESSION 7 Domain 4 Pt. 2

SESSION 7 Domain 4 Pt. 2 - FIN

Homework:
• Review previous domains.
• Take practice tests.
• Review at least two of the references we provided in this
class (download for later use).
• Post at least one question/answer in the Discord
Channel.

See you Next Time!

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 127
 #MissionBeforeMoney
CISSP® MENTOR PROGRAM – SESSION ONE

INTRODUCTION

2024
Class # 7 – Domain #4 PT2
Christophe Foulon
Founder CPF Coaching & vCISO
Fractional CISO @ Nexigen

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. 1