CCT 038: Implement Secure Communication Channels According to Design (Domain 4.3)
May 22, 2023CCT 038 - RCR 135 - Implement secure communication channels according to design (D4.3)
[00:00:00] Welcome to the C I S S P Cyber Training Podcast, where we provide you the training and tools you need to pass the C I S S P exam the first time. Hi, my name is Shon Gerber and I'm your host for this action packed informative podcast. Join me each week as I provide the information you need to pass the C I S S P exam and grow your cybersecurity knowledge.
Alright, let's get started. You.
Hey all. This is Shon Gerber with C I S S PS Cyber Training Podcast, and today we are going to be rolling into domain four of the C I S S P exam. So domain four's pretty awesome and uh, you guys are gonna love it because what we're gonna get into is something as it relates to food. Yeah, you're probably asking yourself how does the C I S S P and food work together?
Well, today we're gonna talk about the OSI model and it's seven layers and my concept is is it's [00:01:00] a seven layer burrito, right? We are gonna be getting into the fact that we're gonna get a little Mexican on us and have some burritos for dinner. No, we're gonna get into the seven layer burrito. That's, it ties into the OSI model.
So yes, it's gonna be amazing. You guys will have so much fun. And by the time this is over with, you will be extremely hungry. Yeah, probably, probably not, maybe, maybe not. We'll see. But uh, yeah, so things are great here at C I S S P cyber training. Uh, we are having an awesome, awesome day and, uh, I'm getting ready to go into my.
Children's graduation. I have, uh, one child that's graduating college. I have another one's graduating high school, and then I'm prepping for a wedding that's gonna be occurring here in a few weeks. So life is extremely busy right now, so, and my, my wife is supposed to be heading to Uganda here in the near future.
So it is just nonstop fun. You know, you can't, you just, Just can't even bottle this stuff up and sell it. It's [00:02:00] so much fun. All right, so we're gonna roll into this OSI model and kind of go through how to understand it now. You're gonna get into the, the C I SS P. One of the things that I run into when I took the test and when I talk to people about the C I S S P, is the fact that this, these various terms can get very confusing and then you start adding in these models, uh, the one, the OSI model two we talked about last week, the security models.
You get these different concepts into this overall, the C I S S P exam, and it can be very, Just challenging. It really can. So we're gonna try to do our best to put this in a level that you can understand it, uh, in a way that you'll actually get the information and be able to do something with it. Now, remind you, you go back to C I S P cyber training.
You can actually go to the website and you can sign up. For free, for the basically free content that I have. And then if you want, you can also purchase content that will give you access to all of these Quest, the css, P questions, the videos, the audio, all of that that goes with it. And it's a per, it's a really [00:03:00] good deal actually, if you're looking to take the C I SS P, just because when I took the test, I didn't have anybody to kind of walk me through this process.
The goal is, is that I'm in the process of creating a blueprint that's gonna walk you through step one, step two, step three, step four, and so forth. Because other feedback I get is just the fact that. It's, it's overwhelming what I need to know. And so let's, let's work to help you get that information so that you can be successful.
Okay, so as we get into the OSI model, one of the things to consider is, is the OSI stands for something, right? So you have. When I was in the military, OSI stood for the Office of Special Investigations, which was the Air Force's version of the fbi. Uh, no, we're not talking about the Air Force's version of the fbi.
We are talking about a product called the Open Systems interconnection, otherwise known as osi. Now, the OSI model is gonna ha. Broken into basically seven layers, and we're gonna cover that. We're also gonna cover the trans, the [00:04:00] transmission control protocol and internet protocol. What is that? That's T C P I P.
Now if you've been, have you have any background as it relates to like Networks Plus, uh, which I would recommend if you haven't taken it, I would highly recommend doing networks. Plus is you will talk about TCP ip. Now, I'm not a real super technical person, so we're not gonna get into the gory details around this.
There's. Other folks out there that can probably do a much better, well, I know probably can do a much better job in this space, but we're gonna break it down to a level that I understand, which I try to break into the third grade level. Uh, in the United States, that's probably about tw 10 to 12 years old, just because at that age most people can understand what's going on.
So that's kind of what we're gonna try to do. I might bump up into the high school level, but we're gonna try to work our best to stay at that third grade level. Okay, so the OSI model is a way of describing basically how computer systems communicate with each other, and they needed to [00:05:00] create this system so that you could knew that if there's one computer, talking to another computer, talking to another computer, they will all talk the same language, and that would come down from the language of the ones and zeros to also what is the format in which they would do this.
Okay. Now these layers, they work together to ensure that the data is transmitted accurately and efficiently between these various devices. And each layer is responsible for a specific task, right? So such as formatting the data or checking for errors. Each layer has a specific task that it must go do and for by doing that, it ensures that the data communication between one device and another device are gonna be succinct.
They're gonna be correct. And if you didn't have that, you'd have Dolphin talking to Shark and Shark talking to Stingray, and that just doesn't work. Now maybe they do talk, I don't know, but let's just say hypothetically, they probably don't, you know, you wouldn't want a shark coming in saying, Hey, I'm coming in, I'm ready to eat somebody, I'm hungry.
You probably wouldn't want that. So the [00:06:00] bottom line is, is that they all talk together now. So as an example, we'll give you one is a physical layer is layer one. It deals with the actual transmission of data through the wires or cable. So that's the physical transaction. So you'll, that's the hardware you got wires that are connected to wires.
Uh, that is layer one. Now, when you deal with the application layer, that is where you're working on your office or whatever application that you're working on. That is at layer seven, and that's responsible for the actual content of the message that's being created. So you have various layers from down to the wires and the routers all the way on up to the application, which is where you typically will interface with the device.
Now when you understand these different OSI models, it's gonna be very helpful in understanding how to troubleshoot network platforms or design new architectures. I've had folks mention to me they would like to be a, an architect and they want to go [00:07:00] and do those types of things. Well, that it's, that's great.
But to do that, you need to really kind of understand the foundational aspects of how modern architects or networks work. Now, I say this very loosely in the fact that when I first started, The networks were very different than they are today. So you're gonna have to change over time. And I know in the C I S S P we talk about SD wan, which is your software defined wide area network.
You, when you're dealing with SD wan, when I first got started, there really wasn't an SD wan. Out there, which kind of probably shows I'm old, but it's going to change. Cloud computing was a, was something, but it wasn't to the level that it is today. So it's important to understand these different types of data and how you're going to deal with those and how you're going to manage those.
Because without that and without understanding, continually growing your knowledge base, um, you will, you will struggle. You just really will. Okay, so let's just kind of go over what are each of these different layers of the [00:08:00] seven layer burrito. And we're not gonna get into beans and rice and meat. No. So, no, unfortunately not.
And there's other podcasts that can help you with cooking and with making your Mexican dishes. But when we're gonna be talking about the seven layer burrito as it relates to the OSI model. All right, so layer one is your physical layer. Now this is where it transfer, like we mentioned before, transfers bits of data over the physical medium.
If you have copper wires, you have, uh, Your, I can just lost it. Photo op. I can't even think of it. Oh my gosh, yes. Lights going across wires. Ah, anyway, you have that. You have various ways in which you have wireless communications, right? So all of those aspects that are out there are over the physical medium cables, wireless signals, et cetera.
That is the physical layer. Now, your data link layer, this transfers data frames between. Adjacent or connected nodes over [00:09:00] the physical medium. So again, you've got your physical wires. Right. You've got your fiber optic, remembered it, it came to me, it took me a while. Your fiber optic lines, and then you have your data link layers is, which basically connects those.
That's what connects the two physical mediums and they go through the, what they call the data link layer. The third layer is what we call the network layer. This handles routing of data packets between the various aspects, and we're gonna kind of go deeper into each of these layers, but I'm just kind of giving you an overview of how they're set up.
And then the fourth layer is your transport layer that breaks the large data streams into smaller packets. Uh, it ensures these packets are delivered and ensure they're done to the correct destination. Now, there's different types of protocols that will affect how these packets are delivered, but bottom line is, that's the transport layer is what gets 'em there.
Your session layer is where you have establishment of maintenance, you have termination of the sessions, and it's basically going, instead of having the communication happening all the time, it, the communication can happen [00:10:00] in, in burps basically, and it will start and stop, start and stop your presentation layer.
This is where you will see what it looks like, and this is where it connects in with the application layer. Which is the seventh version, and that's what connects your, your overall application that you're trying to operate. So there's seven TA basic layers, right? Your physical, your data link, network, transport session, presentation, and finally the application layer.
Okay? So these are really important to know just because they, they help you in understanding if there's a problem occurring. So what I, what I mean by that is like, so for an example, if you have a problem with data transmission, If you look at the physical layer there, you can determine real quickly, is there a connection between my two nodes that are part of the data link layer or not?
Do I have a light? If I have a light that's, you know, showing that there's connectivity between the two. Say you have a, a standard router, you have that. You know that potentially then there's [00:11:00] maybe not a break in the line. However, if you look at your information, you see that there's no data transferring across this physical layer at all, then you may have had a situation where a stray backhoe or a stray shovel of some kind went through and just clipped your line.
So those, those are things you're gonna have to work through and, and they, but if you understand the various layers, you then can, in turn, Make sure that you can properly identify and troubleshoot if there is a specific reason. Also when you're troubleshooting ways that you can do is it'll help you isolate the problem.
So once you've identified where the layer is per is at now, you can focus your efforts on that specific layer. This will help save time and effort by avoiding unnecessary troubleshooting. And, and different layers that aren't there. So it's just, it's really important that you do try to understand these various layers so that you can better properly protect your environment.
One, from a security standpoint, [00:12:00] but also so that you understand how to troubleshoot. Many cases when you're working through security, you will start in a position where you're probably more of a, a, a network admin. Or a CIS admin, and if that's the case, you need to understand these different networking troubleshooting techniques because you will be using them at some point in time.
Now you're also analyzing the protocol used in that layer. So each layer of the OSI model uses different protocols to communicate. So one of the protocols would be we, we talked about T C P I P, uh, that is a protocol. U D P is a protocol Now. To, to really complicate things even a little bit more when we talk about the OSI model.
Tcp IP actually has its own model, and we'll get into that here in the near future. But bottom line is, is that there are various protocols that communicate over these different layers, and it's important for you to understand what they are. Because for an example, the tcp uh, tcp i p layer. [00:13:00]Requires a firm connection.
So you do have the integrity of that system and that connectivity between them. However, when you get into udp, which is UDA data, Uni Stream. I can never remember Unicode Unicode data packet something or other. It's just udp. I can't remember. There's a, there's a great acronym for it, but bottom line is it's a broadcast and it's used highly with video.
Um, and it's designed so that if packet loss occurs, it, the stream is still continuing. So you're gonna have to understand the various protocols. Which will help you understand which one is in place and then how you should properly troubleshoot it if there's an issue. You also wanna use tools that will help you map the various OSI model.
Now there are network analysis tools that are designed to map to this OSI model that will help you understand that. One example is wire shark. Uh, I've talked about this in the past with some of my other podcasts when I was. Working as a red teamer, we would definitely use wire shark in various methods and modes, [00:14:00] and it's a great tool that does capture network traffic, uh, and displays this according to the layers of the OSI model.
Uh, it's one of those aspects that you can put it on a span port off of a router and it will provide you a lot of information that you may not have readily available to you. Wire shark, for the most part, is a free tool. There. Obviously, if you wanna do some of the more advanced functions, you will have to pay for it, but it's a good option for you is using the tool called Wire Shark.
Now you also wanna verify the functionality of each layer. By testing each layer in the model, you can ensure all layers are functioning properly. And one of the test questions you may get is talking about this specifically around the OSI model and the various layers and what kind of protocols could you expect to see.
And so with testing and understanding those protocols, you will give you a better insight into what might be one of the questions they may ask you. Now it does help you identify potential issues before they become major problems. I would [00:15:00] say if you, the more testing and the more you know your network, when things do happen, which they will, you will need to understand how to, to manage that.
And you'll need to really understand those issues. And so if you know your network, it's much, much easier to go and, uh, try to resolve the issue quickly. And then lastly, you wanna look at verifying the functionality of each layer. So as you look at each layer and they're how they're operating, if you look at them and determine which wake they can, or if they're working correctly, this will be help you as far as isolating any problems you may have as well.
So again, understanding all of these aspects from identifying it, isolating the problem, analyzing the protocol that's used in that layer, using tools to map the OSI model, verifying the function of each layer, all each of those will be a really good aspect in helping you troubleshoot and analyze issues that as it relates to the OSI model.
And then you're taking the C I S P, you're going, why is this important? Because I guarantee you, they will ask you questions along these [00:16:00] lines because if you had to determine, I, I can see this one coming right at you. Where, what protocol are you using within this specific layer of the OSI model? They will ask you that question because by understanding the model and the understanding of the protocols, the question is relatively straightforward.
However, if you don't understand each of those protocols, I mean, and I, what I'm saying, There's protocols that are like crazy stupid. I mean, they're, they're, they're amazing, I'm sure to somebody, but they're like crazy. The, the thing with the C I SS P is you may get, they may ask you a zinger like that, what, what is the protocol of X, Y, Z?
But for the most part, they're gonna be focused on protocols that you will deal with on a daily basis. Your tcps, your UDPs, tho, those are the kind of protocols they're gonna get into. And they're going to ask you about, uh, they're gonna ask you about dns, they're gonna ask you about aspects where, from a.
A security standpoint you're gonna need to be aware of and that you're gonna be able to have to communicate with individuals and [00:17:00] leaders around them. So now I, I mentioned earlier we have the OSI model and then we have the T C P I P model. So I'm gonna quickly go through what is the TCP i p model. Now it is not a seven layer burrito, it's more like an enchilada.
It's got four layers to it. Okay. I don't know if enchiladas have four layers, but for today they do. So we are going to talk about the four layer enchilada, T C P I P model. Now this is a basis for the internet. And again, most network communications, it provides standard framework for how data is transmitted over the network.
And it was developed in the seventies. Like all good things were developed in the seventies as a way of describing how data should be transmitted over the, the, the time of the internet that they had was called the. Arp. Annette, a r p a n e t. Okay, so it's the predecessor to the modern internet, but they were doing a lot of point to point communications with that.
It was designed to be flexible and adaptable and used in a wide variety of networks. And I'd like [00:18:00] to just use this statement to say it's like magic. It's like FM flipping magic. Uh, it blows my mind that some people thought of this stuff and they back in the seventies and they basically, it's still in operation today.
Obviously it's changed and morphed over time, but it's pretty flipping magical how it works. Now, there's various new network protocols like we talked about. Do you have your tcp i p, but you have smtp. Simple message tell. Transmission protocol. I think that's what it's, uh, file transport, file transport protocol, ftp.
And then you have your standard hypertext transport protocol, uh, htt, T p. So, so there's various protocols that you, that all go over the T C P I P stack now. So let's go through each of the layers with the T C P I P for. Layer enchilada. You have the application layer. Now, this provides a way for the applications to exchange data over the internet over the network, just kind of similar to what we deal with as as we've gone from seven down to four.[00:19:00]
And it includes the protocols of Htt p, ftp S, Mt P, and DN s. Those are all in the application layer, your transport layer. This is responsible for breaking up the large data streams into smaller packets. And these packets would be such as tcp, uh, or u d p, that those are the various packets that are broken down in the transport layer.
Uh, they're that way, they're delivered correctly and also in the specific order in which they need to operate. The internet layer, this is a layer that handles routing of data packets between different networks. Uh, obviously ensures they're delivered to the correct destination. Cause you don't want packets going to the wrong next destination because then you have packet loss and then things don't work well.
Uh, and this does include the IP protocol. So if you're dealing with the TCP slash ip, TCP is in the transport, the internet layer. Is the third layer that deals with ip. So application layer is your standard browser, [00:20:00] ftp, smtp, your transport layer is TCP and udp, and your internet layer is ip. So there's lots of Ps in there.
Okay, so you're gonna, there's a, there's gonna be a test at the end. No, actually you can go to c I P cyber training and you can take a quiz and it will help you with that. And then the last one is the network access layer. This layer deals with the actual transmission of the data. Over the physical medium.
So as you can see, we went from seven down to four. So you got your application, transport, internet layer, and your network access layer. So again, it's important for you to understand the differences between these with the test because they will ask you that. They'll say they, it's very, it's highly likely, I can't say this is actually what it's gonna say, but it's highly likely that they're gonna come to you and they're gonna say, well, so when we deal with the physical link layer of, you know, is the physical link layer part of the tcp ip, a framework and you're gonna have to say new.
It is [00:21:00] not, uh, but there could probably be a little bit more. Uh, I don't know some more word istic in that, where they're not just gonna come out and say it true or false like that. They're gonna play all these flowery words in the test question to make sure that you actually read the question before, so that you don't go, oh yes, glob onto it.
Yes, physical layer is the TCP layer, and actually no, uh, or no, yeah, the physical layer is tcp. And you'll go, yes, that's what it is. And you didn't read the whole question and it was actually part of the OSI model. So you're gonna need to make sure that you take your time. Do not be in a hurry. That's the key around that test.
All right, so seven to four. Now we're gonna get into the T C P I P protocol and some of the different connections between the various devices. So this is where there, there's, when there's a connection between them, the two devices, there's several phases that must occur. And these phases are what determine the data transmissions that are gonna happen.
So U D T is just basically a broadcast, it's just a [00:22:00] stream of data going in. Out. T C P I P is not, and so here are some key things that you're gonna have to know and you will know these for. You have to know these for the test because they're gonna ask you this specifically. We're gonna get into Sin Sinc Act, the data transmission itself.
Fin Finac, and a. Okay, so you're probably just sound like I'm coughing with this hacking and hacking and sinning. But no, we are not sinning like a, uh, what we shouldn't do from a religious standpoint. We are sinning and we are sinking. It's an s y n Sierra Yankee November. Now, the synchronization phase is the first phase when you connect with a TCP connection and it sends a sim packet to the receiving device saying, hello.
Here I am. The SIN Act is basically the receiving device saying, okay, I will acknowledge you so I got your sin and I'm gonna push it back an act. And I got, that's a Sin Act packet is basically what it is, and it responds with that saying, yes, I've got [00:23:00] your acknowledgement. I know you exist. I'm here as well.
Let's have a party. Now the act is, the third step is where the sending device, so you the device that sent the sin, then you went the SIN Act. Now it's going back and it sends back an act and says, all right, let's party, let's go. So it's the three-way communication that's going to occur. And once that happens, you now can have the party and you can communicate between each other.
Now, when the party's over, so you have your data transmission, what? So you have your sin, your sin act, your act, and then you have your data transmission. Once the party's over and the everybody's gotta go home it, we're Finn, we're finished, f i n, Foxtrot, India, November, we are finished. And that is done to terminate the tcp ip.
Connection. Now, once the device wants to terminate the connection, it sends that fin pack out. Pack it out. Well, like it did when it started. It's then a fin act going, okay, I got it. You wanna leave? I gotta go find the keys for the parties. So from the parties so we can leave. [00:24:00] So it's a fin act. Yeah. I'm doing a head nod.
I'm agreeing with you. Yep. Let's go. And then finally the act from the sender goes. Okay, I'm done. I acknowledge it. We're outta here, and then the termination of the connection occurs. So it, it's, it sounds really overwhelming when you just look at it at face, but it's not, it's, it's relatively simple. Your sin is when someone initiates it, your SIN act is going.
Someone go, the receiving party goes, yep, I get ya. Act is okay. Let's party. The data transmission is the party. Your fin is going, I want to go home. I'm tired. I don't have a, I have a headache. Your FIN act goes. Well, that's a bummer. Okay, let's go. And then your act is, we're outta here. Right? So it's that simple.
It's not a hard concept, but you need to kind of put that in your brain as it relates to what are you gonna do. Um, when you're coming to the OSI model, the T C P I P model, you're gonna need to understand each of those concepts as it relates to this. To test. Now I'm gonna go over a few questions for you that you can anticipate to see [00:25:00] in the C I S S P exam, and then we'll be calling it good for a day.
Now you want to go to C I SS P cyber training, go check me out. If you go there, there's some free questions for you and then there's a lot of other, there's some other free stuff that's out there and available for you. Uh, but. The, all the stuff I have available to you to help you with your test. And bottom line is I'm here to give you what you need so that you can be successful in passing your cis s p the first time.
Or unless you're like me the second time, the I don't care. It doesn't matter if you pass it the first or not, at least you pass it. That's all that matters. Okay, so here is a question, one of the questions that I have for you. Okay. So what is the function of the A flag in the TCP three-way handshake? So we just talked about this.
It acknowledges receipt of data, it requests a connection with the remote host. It signals the end of a transmission. It resets the connection. Okay, so when you, [00:26:00] we went through that, it's the function of the act. What is the function of the ACT flag in the TCP three-way handshake, it acknowledges receipts of the data.
It requests the connection of the remote host. It signals the end of the data transmission, and it resets the com connection. Which one of those four? So if you think about that, the act flag, if you can remove a couple of those really quickly. Okay. So the ACT flag is used to acknowledge the receipt of the data during the TCP three-way handshake, as well as indicate the next expected sequence number.
So if you're looking at what the, what the number would be, it would be a right. So the function of the ACT flag for the TCP three-way handshake is A, it acknowledges the receipt of the data. The other three, you could tell real quick resetting, that's not it. It signals the end. That's not it. It request a connection with a remote.
Host, that's not it. Cause that's a sin. So the point of it is, is that if you work through it nice and slow, you will understand those [00:27:00] questions, you'll be able to answer the question. Okay? Another one, which T C P I P layer is responsible for addressing and routing packets. Okay, so T C P I P layer, remember they focus on that, not the, uh, OSI model.
So you're talking four layers, right? So you have the a, the physical layer, which we know is not true. D is the data, or B is the data link layer. Okay. That's not C, the network layer. Oh, that looks familiar. Or D, the transport layer. So if you're looking at which one routes the packets through the network of the T C P I P model, which is the four model, right?
The four layer model you have, the physical layer was a. D data link layer is B, C is the network layer, and D is the transport layer. So the answer is C, the network layer. This is responsible for addressing and routing packets between networks using local addressing and routing. [00:28:00]Protocols. Okay. So again, focus on those key points with the questions is how can you dig out that question?
How can you pull out some of the keywords that are in it? All right. Hope you guys enjoyed this. Next week, we'll, or actually the later this week, you'll have some more T C P I or P P C P I. Key questions? Yeah, I can't even speak. We'll have some more questions around the C I S S P exam and you will be able to go checked out at C I S P cyber training, and I've got more questions that are there for you to ensure that you pass the C I S S P.
The first time or the second time. All right, you guys have a wonderful day. We'll catch you on the flip side. See ya.
CISSP Cyber Training Academy Program!
Are you an ambitious Cybersecurity or IT professional who wants to take your career to a whole new level by achieving the CISSP Certification?
Let CISSP Cyber Training help you pass the CISSP Test the first time!