CCT 182: Multilayer Protocols and Advanced Networking for the CISSP (Domain 4)

Unlock the secrets of cybersecurity mastery with Sean Gerber as we embark on a journey through Domain 4 of the CISSP exam. Ever wondered how AI could transform the chaotic world of Security Operations Centers (SOCs)? Discover the potential of artificial intelligence to streamline alert management and enhance detection efficiency, a much-needed solution for the 60% of SOC professionals swamped by alert overload. Stay ahead of the curve by understanding the rapid rise of AI startups and the strategic importance of future investments in SOC capabilities.

Venture into the realm of Voice over IP (VoIP) and unravel the intricacies of RTP and SRTP protocols that power real-time communication. Learn how these protocols ensure optimal data transmission while safeguarding against common threats like phishing and session hijacking. Dive into the revolutionary shift from traditional PSTN to VoIP, and explore the role of converged protocols like MPLS that simplify network integration. With a focus on security enhancements, this episode offers vital insights into maintaining robust communication systems in the face of evolving threats.

Explore advanced networking concepts like Software-Defined Networking (SDN) and network virtualization, which are reshaping data transfer efficiency. Delve into wireless encryption protocols, including the transformative WPA3, and emerging technologies such as Li-Fi and Zigbee. Addressing cellular network encryption challenges with LTE communications, we provide a comprehensive guide to navigating the ever-evolving landscape of wireless standards. Wrap up your cybersecurity education with a spotlight on CISSP Cyber Training resources, designed to support your certification journey and contribute to a meaningful cause.

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

TRANSCRIPT

Speaker 1: 0:00 

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. Alright, let's get started. Let's go cybersecurity knowledge.

Speaker 2: 0:28 

All right, let's get started, hey all Sean Gerber, with CISSP Cyber Training, and hope you all are having an awesome, blessed day today. Today is what we're going to be talking about some great things that are going to be in domain 4. Domain 4.3, right, we're going to be getting into 4.3, or actually 4.1.3 on down to 4.1.9, and these are going to be going into secure protocols, converged protocols, micro segmentation, wireless networks, cellular networks and CDNs. Yeah, so it's going to be fun. We're going to have a lot of great things to talk about today that are just going to make you just enjoy your commute into work to a point where you're just going to be like this is amazing, I just want to stay in the car and listen because there's so much great stuff here. Yeah Well, but we're going to also get into some fun things around with some news articles that I saw today in the news, actually the news. Yeah, I just did a double news thing there. Yeah, you can tell I'm not a professional at what I'm doing. It's very obvious, but real quick. Before we get into the news, one thing that was really neat. I think it's, and I appreciate you all for this the CISSP podcast that are provided here is just had over 100,000 downloads. Actually, we're approaching about 120,000 downloads right now, which is pretty amazing. I mean just for operating this out of my, basically in my bedroom and above my garage, and we have a great, great group of people that are listening, so we're pretty excited about that. But I hope you all are passing your CISSP. I hope the product here is providing you value, because that's the ultimate goal, right?

Speaker 2: 1:57 

So what is the article? Well, the article was they're saying cybersecurity professionals are turning to AI as more lose control of detection tools. Now, I've seen this when I was in a SOC. You can see how all the alerts were coming in, all the data that was coming in. It is extremely overwhelming. And this was, you know, I was leading a SOC about 10 years ago, 11 years ago no, it was longer than that, it was back in 2013-ish. So that's like, yeah, 10 years ago, 10 to 11 years ago, so that's pretty impressive. Where it's come today, and as in some of my contracts I'm dealing with now as a consultant, I'm seeing the same challenge with these socks and this article is pretty apropos. It's very appropriate for what I've been seeing in various other places as well, and what they're basically coming down to and saying is they're losing control of the trust in their current detection tools because there's just so much coming in.

Speaker 2: 2:52 

And it's one of the comments that says 60% of professionals that are in the SOC see them being flooded with pointless alerts. And that is true. There's a lot of alerts and there's a lot of tuning and tweaking to these systems. That takes a lot of opportunity cost from your people to be able to do that. And so they're trying to turn to AI, which I've made this comment in this podcast numerous times that the AI can be one of the saving graces to the security field if they can get it right, because there is so much data coming in that it's almost impossible to manage it all. Basically, they said 52% said their security tools actually add to their workload rather than reduce it. Yeah, I believe that totally. And then some saw 81% said they spend more than two hours a day sieving, sorting through the triaging and security events, and you know that's just mind-numbingly painful. It just truly is.

Speaker 2: 3:49 

So how to get AI? Now I was reading in here a little bit. Gartner had a good post in here about AI. I'm trying to find it, but it talked about, 85% of the AI startups are actually going to be out of business because they just think they're going to pop up and go away. So that's going to happen through acquisitions. They're just not going to meet the need and then they're eventually going to go someplace else.

Speaker 2: 4:13 

But the point of it is is that when someone finds the sweet spot, so a lot of these big vendors are coming out and just buying up some sort of AI, thinking, hey, if I can throw AI on top of my current SOC, I'm going to be a winner. That's something they need to consider is that that's not necessarily going to be the case. But, all that being said, it's really truly understandable that a lot of security practitioners are becoming more and more frustrated with their SOCs and their SIMs just because of the fact that they don't have the ability and don't have visibility into their environment. So I would highly recommend that, if you are in the SOC right now, try to start looking at some of the AI options that are out there for you. I know money is tight and there's ways that people are just kind of determining if they want to make some sort of investment at this point or not, but it might be something for you to at least to start looking into the different AI models before your SOC One, not so that you go out and purchase something, but that you start getting smart on what you may need for your company. It's going to come Eventually. They're going to find something that's going to be very valuable, but until then, you're just going to have to sort through a lot of this stuff, unfortunately, and it's going to be a bit of a painful process. So again, great article. I thought it was just. I mean, it's a very quick read. It's about three and a half minutes long, but it's talking about how people are turning to AI more for detection tools. So again, get smart on AI stuff, just so that you can help be part of the conversation and you can help decide the tools you're getting, rather than having them decided upon you. So something to consider there. Okay, let's get started into what we're going to talk about today Implications of a multi-layer protocol.

Speaker 2: 5:53 

Okay, so TCP uses gobs of protocols and the TCP IP is a multi-layer protocol, so it does various levels of encapsulation. So if you're looking at this slide or if you're just listening to this on one of my podcasts, one of the things you'll hear is that it's basically you start off with Ethernet and then you've got IP, you got TCP and you have HTTP. So that's how it is. The overall encapsulation process is working. Your Ethernet piece of this is encapsulated, your IP part is encapsulated, your TCP part is encapsulated and then finally, your HTTPS aspect is encapsulated as well. Now, when you go down this path, you can also incorporate various different pieces. So you can incorporate IPsec, you can incorporate SSL. All of those pieces can be added into this as they're encapsulated along this process.

Speaker 2: 6:46 

But again, anytime you think of this, if you encapsulate something and you encrypt it, you're going to have to decapsulate it at another point. So it adds, when you're doing those aspects, it will add more complexity, it adds more potential challenges for processing power and so forth. So that's the overall encapsulation and decapsulation piece can happen with almost any protocol, but it really works well with TCP. But just know that the more encryption you add to it, the more drama. I like to say that just in the fact that you have to decapsulate and you have to unencrypt all this information.

Speaker 2: 7:22 

Now the benefits of a multilayer protocol. This will vary in ranges of protocols that can be used. Encryption can be used at various levels. It's flexible, it's resilient in various complex networks. So again, there's a lot of benefits of a multi-layer protocol and these will range in different places. But bottom line is that you want to consider how do you use these multi-layer protocols within your organization?

Speaker 2: 7:47 

Now what are the drawbacks of using a multi-layer protocol? Now it does, it adds overhead, like I mentioned, you has your own header and tailor trailer to the data. It increases, increases the overall size of the transmitted packets. It does add overhead to it. It does add complexity. The more layers you do can make it difficult to troubleshoot and diagnose. So it's a challenge you got to work through. It does hit you with the performance right. So if you got to have a very good system and older systems will struggle, and if they struggle, well then now you start running into having to spend money on upgrading different devices. So again, those are just some aspects of it. Again, tcp overhead is reliable. It adds significant overhead due to its flow control, the OSI model complexity. Again, the more complex you make this it does add some challenges. And then routing protocol complexity can be intense and you really need to invest on large networks can be a challenge.

Speaker 2: 8:38 

So what are the security drawbacks of a multilayer protocol? Covert channels is one where attacker might be able to use a delay between packets to transmit messages, known as covert timing channels. So they can basically send that out as communications going out. It can add it in, slide it in between. An attacker might also use a VPN to tunnel traffic through firewalls, obviously bypassing your restrictions. That's a kind of a filters bypass and then overstep segmentation. An attacker might use a vulnerability in a shared service, such as a file server, and then they gain access to multiple segments of your network. So there's some drawbacks of having multi-layer protocols and having the ability to do that, but they also are very helpful within an organization.

Speaker 2: 9:21 

Okay, so voice over IP. So it's just as the protocol says it's your voice over the internet protocols over voice over IP. So there's different types of transport protocols within voice over IP, and so you have real-time transport protocols and you have secure real-time transport protocols. So SRTP and RTP. So the difference between these is that they're really important for when you're dealing with video conferencing, streaming media and so forth, and you've got payload. That are some of the key features that deal with the RTPs. You have payload, packet header, transport layer and then quality of service. So the payload this carries the actual data to be transmitted, your audio and video samples. Your packet header contains information about the packet, such as the number, timestamp, payload and so forth. So if you're payload, you have your packet header telling you what's in there and then you have your transport layer.

Speaker 2: 10:09 

Now when you're dealing with voice over IP, it typically uses UDP, which is user datagram protocol, which is a connectionless in nature, which more or less it's just blasts everything and it's suitable for real-time type applications. But it also adds what they call a QoS, which is quality of service, and this offers it to basically control the quality of the data feeds that are going through there. And it helps avoid jitter and that where you're starting to get pixelation you get all those kind of fun things. Qos will kind of buffer that piece of this and as long as your QoS is set to a level that allow it, it will continue to run the application. Now if you have your QoS set to low, where you're allowing a lot of issues, then it will start dropping the video feeds. So QoS is an important part of any sort of video or voice over IP communication, secure real-time transport protocol.

Speaker 2: 11:03 

Again, this is where you're dealing with encryption, authentication, key management and security profiles, just like you're dealing with any sort of security aspect. You have a level of encryption and there's the algorithms that are there to provide unauthorized access. In many cases, voice over IP is unencrypted. Now it depends on the situation. I know they're moving more towards an encrypted environment, but in the past it's been very unencrypted. But when you move to the secure real-time protocol, it does authenticate, so it does prevent some of the tampering and replay attacks that could occur. It does manage your crypto keys to ensure you actually have a secure communication between the two, and it has secure profiles, which again different profiles based on the specific requirements of the two, and it has secure profiles, which again different profiles, based on the specific requirements of the role.

Speaker 2: 11:50 

Now, some key differences. Obviously, srtp provides additional security over RTP. Srtp obviously is more complex because you're adding in that level of authentication and encryption that you don't have with RTP. And then performance SRTP can do overhead, which then could potentially affect your overall capability, and it increases your bandwidth as well. So there's benefits to it, right, there's obviously. Anytime you add security, you're gonna have a great bit of benefits to it. But you're also gonna have some losses that come out of it that you have to be prepared for.

Speaker 2: 12:23 

What are some different attack vectors when you're dealing with voice over IP Phishing attacks right, people will do that, tricking people into clicking malicious links and obviously downloading it. But you can do this with VoIP accounts and their credentials that go along with it. Man in the middle attacks right, you can intercept and modify VoIP traffic to the sender and receiver. You can eavesdrop on these, I, you can eavesdrop on these. I've done that myself. It's not hard to do. Call bombing you can overwhelm the voice over IP system with lots of calls. Again, this is kind of like a DDoS type situation where they call it call bombing. Sip flooding SIP this is where you send messages to your VoIP server, again, taking resource exhaustion and causing a service disruption. Simpler to a DDoS attack Session hijacking, where you establish a voice over IP session allowing attackers to eavesdrop or inject malicious content into your environment. And then a standard botnet attack, which would be a network launching VoIP attacks against an organization. Again, it impacts the attack and makes it harder to trace, and the botnets can overwhelm your resources as well. So there's a lot of different Phishing, man-in-the-middle call bombing, sip flooding session, hijacking, botnet. Now, when you're dealing with the CISSP, one thing to consider is you go all this stuff I've got to remember, think of the concepts. Think of the concepts. You know what a man-in-the-middle attack is. Then pull that back on a VoIP attack, call bombing. What does it sound like? Okay, it sounds like you're dropping bombs on something, which means like a DDoS attack. Those are the kind of things you'll just have to go work through.

Speaker 2: 13:51 

Converged protocol. So what is a converged protocol? It's a merging of protocols within standard protocols, so specialty protocols with standard protocols. So this allows for integration without the need for special hardware. So some ideas or some examples of this would be your multi-protocol label switching or MPLS. So MPLS deals a lot with enterprises and you'll have various networks that are communicating that may be geographically separated, but they're like their own little mini network and it utilizes labels instead of long network addresses, and that's where the MPLS piece comes in instead of long network addresses. And that's where the MPLS piece comes in. It's very effective, used it a lot within the enterprises and MPLS is an awesome, awesome capability. Voice over IP does allow voice and data over TCP networks. It also does replace the PSTN which is your standard telephone network. I can't remember what the P was for, but it does replace your standard telephone network, your voice network, and the more and more voice over IP is occurring, pretty much everything we do is over some level of voice over IP.

Speaker 2: 14:54 

Some other examples SDN, software-defined networking. Now this utilizes software to assist with the overall networking capability. It's vendor neutral and it does allow for networking from a central location, so the software defined it doesn't have to have so many switches and hardware to make all the networking piece work. It's working utilizing software defined aspects. Network virtualization is a good part of the software defined networking or SDN.

Speaker 2: 15:20 

Another one is fiber channel over ethernet or FCOE. Its form of a network data storage allows for high speed file transfers up to 128 gigabits per second, designed to be operated over fiber optic cables but can support copper, so you can do the standard Ethernet cabling. But it's primarily designed obviously for fiber optic, hence in the name. It's used to encapsulate fiber channel communications over Ethernet networks and I've seen the use of fiber FCOE protocols numerous times and it's a really good protocol that works well.

Speaker 2: 15:53 

Internet Small Computer System Interface or iSCSI I don't really ever hear anybody saying I'm using the Internet Small Computer Systems Interface. No, they don't say that. But they say iSCSI. That's what you will hear people say and this is a network storage based protocol based on IP and it does operate on layer three, which we talked about. Layer three is IP based and it's often considered a low cost alternative for a fiber channel. Iscsi communications work very, very well and we've had to deal with that, especially when you're dealing with a data center. But the iSCSI is again layer three and it's based on IP and it's a replacement for fiber.

Speaker 2: 16:34 

Software-defined area network. So now wide area network. So you got your software-defined network and it's SD-WAN or SDN and then you have SD-WAN. Sd-wan is designed for a large area that you're trying to go for like I had this in China a lot. Sd-wan it allows a company to build high-performance WAN across low-cost commercial internet and it's using the software-defined network to be able to give you the capability you would need over a standard internet that may not be as expensive as going out and paying for a complete circuit and all those wonderful things. It enhances and replaces traditional routers. It's got application level policies and it's got physical and virtual appliances that are tied to it as well. Sd-wan works like a champ and I love it. It works very, very well for, especially for large organizations in low bandwidth areas. But it does take into account network bandwidth for routing of traffic. So, depending on the bandwidth that you have, it will route it to help maximize it. Now, that doesn't mean it's going to overcome bandwidth challenges that you may have within your network, but it's a really good way. If you haven't considered it, especially a dispersed organization, sd-wan is very, very good. It's very good. Now you just got to find someone who can help put it in for you.

Speaker 2: 17:49 

Another one is VXLAN. I have never dealt with VXLAN, but it obviously works well for people. The encapsulation protocol enables VLANs to be stretched across subnets and geographic distances. Vlans are typically restricted to layer two, which then don't include members from other networks. This allows you to open up to 16 million virtual networks. I did not even know this was even something out there that people would use, so I'm sure it works really, really well. It's defined by RFC 737348, and it's called a virtual extensible local area network. Again, encapsulation, providing VLANs to be stretched across subnets and geographic distances. Wireless networks we got Wi-Fi, wi-fi, zigbee and satellite, so these are all areas that you will deal with.

Speaker 2: 18:41 

You probably are dealing with on a day-to-day basis, and you may not even know it. So these are extremely popular for home and office. They subject to all the vulnerabilities with other networks, but they do meet Tempest standards by the US government. So what does this mean? Tempest standards are a shielding and eavesdropping capability the US government put in place and the design that, if you have wires that are in a wall and you put listening devices up against the wall and they're not shielded properly, you can actually pull data off of those wires, and these are the tempest standards. When you're dealing with classified information, you have to meet the tempest standards, and this would help avoid any eavesdropping or interception of the information. So, if you're in the government space yeah, maybe that's what you want when you're dealing with wireless networks, you have to make sure that they meet those standards as well.

Speaker 2: 19:31 

So, secure wireless this goes beyond expectations. This is really pretty cool where this has gone. I call this FM as well flipping magic, because it allows you to have wireless capability pretty much everywhere and you're able to communicate. The nice part about when you're dealing with wireless, though, is you have different protocols that you have to go through, and each of these will vary in the throughput in which they will come out. With 802.11, you get your A, b, g and A C I think there's probably some more that are out there now that are coming out but bottom line is, there's multiple protocols, there's multiple standards, and you can get up to two megabits, to one gigabit per second just off the wireless piece, so it has a lot of great capability within it when you're dealing with wireless.

Speaker 2: 20:13 

We got secure SSID Now. This SSID stands for service set identifier, and this service set identifier this provides the identification of the access point in which you're using. So when you go in and you get your wireless access point at your house and you say I want to call it Gerber 1, then that is, your SSID is tied to Gerber 1, so you can see it. If you want to be crazy, you can obfuscate it. You can hide your SSID so that only your devices know. You can do all kinds of crazy stuff, but what you can do, though, is by adding more layers of obfuscation, you're just actually adding more complexity, and therefore you potentially could add more risk to your organization.

Speaker 2: 20:51 

It's broadcasted for ease of discovery. A common tactic obviously is you can do is stop broadcasting it so that people don't see it. But if you know what people know, they can figure out and scan your network anyway and they can find it. You utilize this encryption. Obviously there's WEP, wpa, wpa2.

Speaker 2: 21:08 

I think WPA and WEP should be avoided at all costs at this point and you need to be focused on other pre-shared key type of encryption protocols for wireless besides those. But again, you can add encryption to it. Highly recommend you do that at this point. So again, what is WEP? Now, the reason we're going to talk about WEP, even though they don't recommend it and same with WPA, is because you still will see it and it may be on your test, because you need to be aware of what it is and what does it do. So wired equivalent privacy is WEP. This provides some protection around packet captures. It's predefined shared secret key and it's been around for since I know. Find shared secret key and it's been around since I know and it is not secure at all. It needs to go away, but unfortunately they're still running. People will use these types of devices in various methods because they don't want to get rid of their technology and it is still out there. So you need to make sure that if you find WEP, you get rid of it as fast as you possibly can.

Speaker 2: 22:02 

Wi-fi protected access. This is WPA. It was designed to replace WEP and it should now not be replaced as well. These are used in many devices except low-end hardware. It does have a static passphrase which is not so good. It doesn't allow you for any sort of changing of your passphrase. But the bottom line is WPA was designed to replace WEP. So again, time goes on and things get outdated.

Speaker 2: 22:27 

Wi-fi protected access to WPA2. This is a current method for securing and it's based on AES encryption. There's actually another protocol against WPA3 is out now as well. But bottom line is you need to focus on what are the levels of encryption you can add to your wireless environment. There's others that are available. You have Protected Extensive Authentication Protocol, which is PEEP, p-e-a-p, lightweight Extensible Authentication Protocol, which is LEAP okay, and PEEP deals with TLS tunneling and LEAP is T-K-I-P. This is your address. You issue it with your T-K-I-P piece of this.

Speaker 2: 23:05 

Mac filtering obviously is a good security mechanism. You can add to limit MAC filtering, just basically limits to any communications come from specific MACs, which is a great way to limit who can connect to your networks, and then temporal key integrity protocol. This was a replacement of WEP. I have not seen much of this myself and I think I've only seen it maybe once or twice, but for the most part it was designed to replace WEP. But then WPA came in and took care of a lot of that. But again, mac filtering we come back to that. It's a great way to limit access who can get to your network but on the flip side of it it's like anything else, it's more complexity you add into your network.

Speaker 2: 23:46 

So we're going to get a li-fi and zigbee, so li-fi, this is where wireless communication method used for light to transmit um. It's wireless communication using light, so light, to transmit data position between devices. So it's just basically instead of wi-fi, where it's your wireless type bandwidth, that bandwidth spectrum, your wireless spectrum. It's using light to do that. It transmits at high speeds over visual light, ultraviolet and infrared. It can get up to transmit up to 100 gigabits per second. So it's pretty, pretty cool and it can get into play. It's really good for places where electromagnetic interfaces could be a challenge, ie a power plant. Yeah, you could have all kinds of electromagnetic issues that would cause issues with your Wi-Fi. So Li-Fi might be an aspect that you might want to consider. They recommend one of the examples are aircraft cabins, hospitals and so forth. So again, li-fi using light to transmit data.

Speaker 2: 24:38 

Zigbee Zigbee you get a lot in the IoT space. It works at the 2.4 gigahertz which, when I was younger was the phones that were working at 2.4 gigahertz was like oh, this is awesome, I have a wireless phone. Yes, we used to have wired phones. It is an alternative to Z-Wave. Zigbee and Z-Wave work kind of similarly. I've got that within my IoT environment in my house Standard wireless protocol used with many manufacturers provides mesh networking capability, which is awesome, and it's based on 128 AES encryption with low power usage and battery life and it works really really well. Ranges about 10 to 20 meters, so about 30 to 60 feet is where it can go. I see it out in my when I'm out mowing. I can see that out in my front yard, so it's got a lot of capability in many different places. It's used a lot in cyber physical systems, which are your iot type devices, within cars, within manufacturing and so forth anything that deals in that iot type space.

Speaker 2: 25:36 

Zigbee is a one that's used a lot zigbee or z-wave cellular networks. You got 4g, 5g and so forth and they continue to grow. I think there's like a 6G out or something. I don't know. Actually, I don't think so yet, not yet, but they're working on it. It's communication technology that's used in many mobile providers.

Speaker 2: 25:53 

Encryptions usually only occur when the data is being transmitted to a tower and normally it isn't then right, especially if you have the LTE. That piece really was never, ever encrypted. Communications from the tower over the network are unencrypted in many cases. Now maybe that has changed, but in the past, when I evaluated this, your communication from your cell phone to the tower is encrypted, but the moment it goes from your tower through into the network, it is an unencrypted communication. I'm sure that has probably changed since the last time I looked at this, but you will run into that. Potentially Important to use VPNs or TLS type encryption when using cellular technology. Again, when you're dealing with cellular, if you're going to be communicating with anything, you want it to be encrypted. Especially, it's important for vehicles that are sending data feeds back to the mothership consistently in a cellular network. That can be something that they would want to have security and some sort of encryption around it.

Speaker 2: 26:48 

4g is used since the early 2000s. Most cellular devices are 4G based and it uses IP based communications on both data and voice. Speeds are around 100 mips per second, so megabits per second, and so it's pretty good, right? 4g works well. It'll pretty much give you everything you need from a video and voice capability. Transmission methods will start with 4G and then transition to a WiMAX, which is a wide area network, and that depends on the company and how they have it set up. But that's how their cellular towers are normally set up, with a WiMAX kind of capability, but 4G, it works well.

Speaker 2: 27:23 

Now, 5g is the latest technology and it's been around for a few years now, but it's more and more within cellular devices, pretty much the standard at this point. Ics and IoT devices may have 5G embedded in their systems, and so something to consider if you can get 5G within your industrial control or IoT space, that's an important piece. Speeds are around 10 gigabits per second, but distance is specifically reduced again because you're dealing with 5g and a higher wavelength. It's microwave more or less. In some respects it will have a shorter wavelength and therefore you're limited on your distance. So when you get away too far away from some cell towers. Obviously it'll switch from 5g to 4g uh communicate again.

Speaker 2: 28:06 

Communications over cell networks are not always secure, so wireless sniffing capabilities allow for people to have potentially eavesdrop, depending on the situation. Doesn't happen all the time, but they can do it. Uh, using cell phones to bridge networks can and does it cause some level of con security concerns? Uh, depending upon your environment. So like if you use your cell phone as a hotspot in some cases, that's great, but if you use it as your main source, it could cause some level of security challenges again, especially if the communications are not encrypted to the cell tower.

Speaker 2: 28:40 

Okay, cdn, what is a CDN? So we're going to get into content distribution networks, a CDN. This helps provide multimedia experience, typically for global distribution. The basics are it caches media through various hosts. It provides content quickly, so it's already staged, it's already there, it's already available and reduces latency of the content being served up. Now CDN providers are such as Cloudflare, amazon, cloudfront and there's many, many more that are out there. But the ultimate goal is a cached data so that when it's served up to you as a consumer, you are much happier with it because it's right there in your face and you're ready to go, client-based CDNs. This is like a peer-to-peer type capability such as BitTorrent, right? So if you have a server and a server and they all communicate together, they act like a hive type of aspect. That would be a client-based CDN and that would be what we call peer-to-peer BitTorrent has a lot of great potential.

Speaker 2: 29:34 

I've only used it when I was doing the hacking stuff. Haven't really dealt with it since then, but you just need to use it as you see fit. And then, lastly this is a long section, man, isn't it? Holy cow? This is a long one Security implications of the CDNs.

Speaker 2: 29:50 

Now, there's different aspects that roll into CDNs. One is data privacy, so they're storing the data within that environment and so transmitting it, storing it. All of those aspects are security challenges when you're dealing with CDNs, and so encryption and data protection measures need to be ensured that they're properly deployed and in place. And so you as a person, a security person, thinking of using a CDN, that is an aspect you need to be aware of. Data integrity, tampering and manipulation of content can occur within the CDN, depending upon the situation, and so, because of that, you need to have the ability to verify and ensure there's integrity checks within it, availability and reliability.

Speaker 2: 30:29 

Ddos attacks and service disruptions can cause challenges with CDN. We've seen this time and again with Cloudflare. Cloudflare's got a great system, awesome system, they do very well, but they can only do so much and sometimes there's been denial of service attacks that they've had to mitigate and thwart and actually they're probably thwarting them on a day-to-day basis. They have availability and failover mechanisms need to be a key factor within whatever CDN you're looking at, especially if you're from a security perspective Access, control and authorization. Whoever has access to the CDN? Is there authorized access? How is it managed? How is the policies and authentication managed as well? Those are all key factors when you're considering a CDN, malware and phishing.

Speaker 2: 31:14 

So CDN again, all they are is they're just sending out data so they can distribute malicious content, depending upon the situation. Now, I know the CDNs work very hard to pull that stuff down. If they have any sort of reports on it, they kill it as fast as they can. But there can be attacks or there can be malicious software that is propagated through a CDN, as well as phishing attacks through CDN hosted websites. It can happen as well. So you got to understand all that is doing. All CDN is doing is just caching everything up, putting it out there, and it makes it available to you in a much quicker form and fashion.

Speaker 2: 31:48 

And then regulatory requirements or compliance Adherence to data privacy laws and regulations is an important factor and data localization requirements, specifically for the CDN, as an example. So if you're in the EU, they may have data localization requirements that if you're going to be sharing anything within EU employees or EU people, it has to stay within the EU, which means the CDN would have to stay within the EU. Now, that doesn't mean me from America can't touch that CDN in the EU, however. What it does say, though, is that they can't move that data specifically. I'm just using this as an example. It doesn't mean they can't, but I'm just saying as an example. They may have requirements that that CDN data cannot move to the United States and it can only be hosted in the EU. It can't be hosted here in the US. So there's data localization requirements that could be a factor when you're dealing with a content distribution network.

Speaker 2: 32:44 

Thanks again for joining today at CISSP Cyber Training. All I ask is head on over to CISSP Cyber Training. Look for any sort of help you need around the CISSP and studying for it. Look at the products that are there and available to you on CISSP Cyber Trainingcom. Again, all proceeds from any purchases that are on CISSP Cyber Training all go to the nonprofit for adoptive families. So again, I ain't taking any of it. It's all getting passed on to somebody else. So if the training is there, it's outstanding. We're constantly updating it and getting it out there for you so it's better and you guys can just go have fun. So have a great day, have an awesome week and we will catch you on the flip side.