Chapter 7. Telecommunications and Network Security

This chapter presents the following:

• OSI model

• TCP/IP and many other protocols

• LAN, WAN, MAN, intranet, and extranet technologies

• Cable types and data transmission types

• Network devices and services

• Communications security management

• Telecommunications devices

• Remote access methods and technologies

• Wireless technologies

Telecommunications and networking use various mechanisms, devices, software, and protocols that are interrelated and integrated. Networking is one of the more complex topics in the computer field, mainly because so many technologies and concepts are involved. A network administrator or engineer must know how to configure networking software, protocols and services, and devices; deal with interoperability issues; install, configure, and interface with telecommunications software and devices; and troubleshoot effectively. A security professional must understand these issues and be able to analyze them a few levels deeper to recognize fully where vulnerabilities can arise within networks. This can be an overwhelming and challenging task. However, if you are someone who enjoys challenges and appreciates the intricacies of technology, then maintaining security and networking infrastructures may be more fun than work.

As a security professional, you cannot advise others on how to secure an environment if you do not fully understand how to do so yourself. To secure an application that contains a buffer overflow, for example, you must understand what a buffer overflow is, what the outcome of the exploit is, how to identify a buffer overflow properly, and possibly how to write program code to remove this weakness from the program. To secure a network architecture, you must understand the various networking platforms involved, network devices, and how data flows through a network. You must understand how various protocols work, their purposes, their interactions with other protocols, how they may provide exploitable vulnerabilities, and how to choose and implement the appropriate types of protocols in a given environment. You must also understand the different types of firewalls, routers, switches, and bridges, when one is more appropriate than the other, where they are to be placed, their interactions with other devices, and the degree of security each provides.

The many different types of devices, protocols, and security mechanisms within an environment provide different functionality, but they also provide a layered approach to security. Layers within security are important, so that if an attacker is able to bypass one layer, another layer stands in the way to protect the internal network. Many networks have routers, firewalls, intrusion detection systems (IDSs), antivirus software, and more. Each specializes in a certain piece of security, but they all should work in concert to provide a layered approach to security.

Although networking and telecommunications are complicated topics to understand, it is that complexity that makes it the most fun for those who truly enjoy these fields. However, complexity can be the enemy of security. It is important to understand the components within an environment and their relationships to other components that make up the environment as a whole. This chapter addresses several of the telecommunications and networking aspects included in many networks.

Telecommunications is the electrical transmission of data among systems, whether through analog, digital, or wireless transmission types. The data can flow across copper wires, coaxial cable, fiber, or airwaves, the telephone company’s public-switched telephone network (PSTN), or a service provider’s fiber cables, switches, and routers. Definitive lines exist between the media used for transmission, the technologies, the protocols, and whose equipment is being used. However, the definitive lines get blurry when one follows how data created on a user’s workstation flows within seconds through a complex path of Ethernet cables, to a router that divides the company’s network and the rest of the world, through the Asynchronous Transfer Mode (ATM) switch provided by the service provider, to the many switches the packets transverse throughout the ATM cloud, on to another company’s network, through its router, and to another user’s workstation. Each piece is interesting, but when they are all integrated and work together, it is awesome.

Telecommunications usually refers to telephone systems, service providers, and carrier services. Most telecommunications systems are regulated by governments and international organizations. In the United States, telecommunications systems are regulated by the Federal Communications Commission (FCC), which includes voice and data transmissions. In Canada, agreements are managed through Spectrum, Information Technologies and Telecommunications (SITT), Industry Canada. Globally, organizations develop policies, recommend standards, and work together to provide standardization and the capability for different technologies to properly interact.

The main standards organizations are the International Telecommunication Union (ITU) and the International Standards Organization (ISO). Their models and standards have shaped our technology today, and the technological issues governed by these organizations are addressed throughout this chapter.

Note

Do not get overwhelmed with the size of this chapter and the amount of information within it. This chapter, as well as the others, attempts to teach you the concepts and meanings behind the definitions and answers you will need for the CISSP exam. This book is not intended to give you one-liners to remember for the exam, but rather it teaches you the meaning behind the answers. The “Quick Tips” section at the end of the chapter, as well as the questions, help you zero in on the most important concepts for the exam itself.