3.12. Exam Essentials

Be able to describe the various components and the purpose of an infrastructure.

Your network's infrastructure is the backbone of your systems and network operations. The infrastructure includes all the hardware, software, physical security, and operational security methods in place. The key components of your infrastructure include devices such as routers, firewalls, switches, modems, telecommunications systems, and the other devices used in the network.

Know the characteristics of the connectivity technologies available to you and the security capabilities associated with each.

Remote access, PPP, tunneling protocols, and VPNs are your primary tools. PPTP and L2TP are two of the most common protocols used for tunneling. IPSec, although not a tunneling protocol, provides encryption to tunneling protocols; it's often used to enhance tunnel security.

Familiarize yourself with the technologies used by TCP/IP and the Internet.

IP addresses and port numbers are combined to create an interface called a socket. Most TCP and UDP protocols communicate using this socket as the primary interface mechanism. Clients and servers communicate using ports. Ports can be changed to enhance security. Web services use HTML and other technologies to allow rich and animated websites. These technologies potentially create security problems because they may have individual vulnerabilities. Verify the problems that exist from a security perspective before enabling these technologies on your systems.

Be able to describe the two primary methods used for network monitoring.

The primary methods used for network monitoring are sniffers and IDSs. Sniffers are passive and can provide real-time displays of network traffic. They're intended to be used primarily for troubleshooting purposes, but they're one of the tools used by attackers to determine what protocols and systems you're running. IDSs are active devices that operate to alert administrators of attacks and unusual events. This is accomplished by automatically reviewing log files and system traffic and by applying rules that dictate how to react to events. An IDS, when used in conjunction with firewalls, can provide excellent security for a network.

Understand the various types and capabilities of the media used in a network.

Network media is wire, fiber, or wireless based. Each type of media presents challenges to security that must be evaluated. Never assume that a wireless connection is secure.

Be able to describe the vulnerabilities of removable media and what steps must be taken to minimize the risks.

Removable media are used for backup, archives, and working storage. The capacity and capabilities of these types of devices have increased dramatically over the last few years. Most removable media is small and easily hidden, so physical security measures are necessary to keep someone from walking off with them. In addition, media can be copied to other systems, presenting confidentiality issues. Make sure you know how to safeguard this technology.