Скачать презентацию Seguridad en Redes y Telecomunicaciones Telecommunications and Networking Скачать презентацию Seguridad en Redes y Telecomunicaciones Telecommunications and Networking

55069add10288a8b18780a0faf32a87e.ppt

  • Количество слайдов: 118

Seguridad en Redes y Telecomunicaciones (Telecommunications and Networking Security) Certified Information Systems Security Professional Seguridad en Redes y Telecomunicaciones (Telecommunications and Networking Security) Certified Information Systems Security Professional (CISSP) Domain

Conceptos • Telecomunicaciones – es la transmisión eléctrica de datos entre sistemas. • Protocolo Conceptos • Telecomunicaciones – es la transmisión eléctrica de datos entre sistemas. • Protocolo – conjunto estándar de reglas que determinan cómo se lleva a cabo la comunicación entre sistemas. • Organismos: • • • FCC (Federal Communications Commission) ITU (International Telecommunication Union) - CCITT ISO (International Standards Organization) IETF (Internet Engineering Task Force) IEEE (Institute of Electrical and Electronic Engineers) 2

Modelo OSI • En un inicio cada fabricante utilizaba su propio protocolo • OSI Modelo OSI • En un inicio cada fabricante utilizaba su propio protocolo • OSI (Open Systems Interconnect), 1980 s, impulsado por ISO – Modelo jerárquico, modular, dividido en capas con funcionalidades específicas. – Objetivo: proveer un conjunto de estándares de sistema abierto para los fabricantes de equipo para promover interoperabilidad. • Encapsulación - adición de información específica de cada capa a los paquetes 3

Modelo OSI – Capa de Aplicación Presentación Sesión Transporte Red Enlace Física 7 • Modelo OSI – Capa de Aplicación Presentación Sesión Transporte Red Enlace Física 7 • Proporciona interfaz hacia el usuario. • Verifica disponibilidad del otro extremo de la comunicación. • Trabaja directamente con los datos del usuario. • i. e. SMTP, HTTP, LDP, FTP, TFTP, SNMP, X. 400, etc.

Modelo OSI – Capa de Presentación Aplicación Presentación Sesión Transporte Red Enlace Física 6 Modelo OSI – Capa de Presentación Aplicación Presentación Sesión Transporte Red Enlace Física 6 • Formato, sintaxis estandarizada. • Conversión de datos • Compresión (RLE, ZIP, LZH, etc. ) • Cifrado • i. e. ASCII, GIF, TIFF, JPEG, AVI, DOC, EBCDIC, etc.

Modelo OSI – Capa de Sesión • Establece, mantiene y termina conexiones entre aplicaciones. Modelo OSI – Capa de Sesión • Establece, mantiene y termina conexiones entre aplicaciones. • Tipos de comunicación: Aplicación – Simplex – Half duplex – Full duplex Presentación Sesión Transporte Red Enlace Física 5 • Control de diálogo: – Establecimiento – Transferencia de datos – Fin de sesión • i. e. NFS, SQL, RPC, Xwindow, DNA SCP, ASP (Apple. Talk Session Protocol) etc.

Modelo OSI – Capa de Transporte • Aplicación • Presentación • • Sesión • Modelo OSI – Capa de Transporte • Aplicación • Presentación • • Sesión • • Transporte Red Enlace Física 4 • Conectividad de extremo a extremo (end-to-end). Establece conexiones lógicas entre sistemas (circuitos virtuales) Segmentación y reensamblaje. Transferencia confiable y no confiable de información. Detección y corrección de errores. Control de flujo (ventanas y buffering) 3 -way-handshake Mantiene separados los datos de las distintas aplicaciones i. e. UDP, TCP, SPX (Sequenced Packet Exchange), SSL*, etc.

Modelo OSI – Capa de Red Aplicación Presentación Sesión Transporte Red Enlace Física 3 Modelo OSI – Capa de Red Aplicación Presentación Sesión Transporte Red Enlace Física 3 • Direccionamiento lógico • Determinación de la mejor ruta. • Protocolos ruteables (routed): Contienen información del usuario, i. e. IP, IPX, Apple. Talk • Protocolos de ruteo (routing): Contienen información para determinar las rutas, i. e. , RIP, IGRP, EIGRP, OSPF, BGP, IS-IS • Otros: ICMP, IPSEC, GRE, IGMP, etc.

Modelo OSI – Capa de Enlace • Data link • Direccionamiento físico (MAC). • Modelo OSI – Capa de Enlace • Data link • Direccionamiento físico (MAC). • Control de flujo, detección de errores. • Formato de tramas para envío sobre medio físico como una serie de bits. • Subcapas: Aplicación Presentación Sesión – LLC (Logical Link Control) – MAC (Media Access Control) Transporte • i. e. ARP, RARP, SLIP, PPP, L 2 F, L 2 TP, FDDI, ISDN, HDLC, SNA, TR, FR, ATM, Ethernet, etc. Red Enlace Física 2

Modelo OSI – Capa Física • Convierte bits a señales de acuerdo con el Modelo OSI – Capa Física • Convierte bits a señales de acuerdo con el medio de transmisión (voltajes, ondas electromagnéticas, pulsos, etc). • Sincronización, velocidad del medio, ruido. • Cables, conectores, tarjetas, señales. • i. e. HSSI, X. 21, EIA/TIA 232, EIA/TIA-449, V. 90, V. 35, G. 703 Aplicación Presentación Sesión Transporte Red Enlace Física 1

Encapsulación de Datos L 7 – Mensaje Payload Encab. L 4 - Segmento L Encapsulación de Datos L 7 – Mensaje Payload Encab. L 4 - Segmento L 3 - Datagrama L 2 – Trama (Frame) L 1 Encab. Payload L 4 Payload L 3 Payload L 2 FCS / CRC

Modelo OSI ([Enviar]) XXX Aplicación Presentación Sesión Transporte Red Red Enlace Física RED 1 Modelo OSI ([Enviar]) XXX Aplicación Presentación Sesión Transporte Red Red Enlace Física RED 1 E 0 E 1 RED 2

TCP/IP • Conjunto de protocolos ampliamente utilizado para la transferencia de datos entre sistemas. TCP/IP • Conjunto de protocolos ampliamente utilizado para la transferencia de datos entre sistemas. • Creado por el Departamento de Defensa de E. U. OSI TCP/IP Aplicación Proceso ó Aplicación TCP/IP (detalle) Presentación Sesión Proc Transporte Host a Host Proc TCP Proc UDP ICMP Transporte Red Internet o Internetwork Enlace Física Proc Acceso a la Red IP ARP RARP Ethernet, FR, TR, FDDI PPP, SLIP, etc Medio

Tipos de Transmisión • Analógica – señales continuas (ondas electromagnéticas a través de un Tipos de Transmisión • Analógica – señales continuas (ondas electromagnéticas a través de un medio) v t • Digital – pulsos (binarias) • Menor efecto del ruido, confiable en largas distancias v t

Tipos de Transmision • Modulación – señal moduladora modifica parámetros (frecuencia, amplitud, fase) de Tipos de Transmision • Modulación – señal moduladora modifica parámetros (frecuencia, amplitud, fase) de una señal portadora (carrier) • Modem – modulador/demodulador

Tipos de Transmisión • Comunicación Síncrona – sincronización entre los dispositivos (señal de reloj) Tipos de Transmisión • Comunicación Síncrona – sincronización entre los dispositivos (señal de reloj) • Comunicación Asíncrona – sincronización, utiliza delimitadores • Banda Base – la señal es transmitida aplicándola directamente al medio, utilizándo su ancho de banda por completo. • Banda Ancha – divide el medio en canales para transmitir varias señales simultáneamente, y por lo tanto, alcanzar mayores velocidades de transmisión (mayores a 56 kbps). i. e. T 1, E 1, ISDN, ATM, DSL, Cable

Medios de Transmisión • Ancho de banda (bandwidth): máxima frecuencia (rango) que puede transmitir Medios de Transmisión • Ancho de banda (bandwidth): máxima frecuencia (rango) que puede transmitir un medio • Velocidad (data rate, throughput): capacidad de transmisión de datos • Ruido – señales indeseables en una línea debido al ambiente • Atenuación – pérdida de potencia en la señal al ser transmitida, aumenta con distancia y frecuencia. • Crosstalk – mezcla de señales de diferentes cables. • Cable coaxial: resistente a interferencia (EMI), mayor ancho de banda, permite mayores distancias que cobre, pero es caro y díficil de manejar. • Fibra óptica: transmite pulsos luminosos. Mayor velocidad, inmune a EMI, no emite radiación, pero es más caro. Se usa en backbones. A. Sheath B. Conducting layer C. Insulation (PVC, Teflon) D. Conducting core (glass) (kevlar)

Medios de Transmisión • Twisted Pair: par de hilos de cobre, trenzados para minimizar Medios de Transmisión • Twisted Pair: par de hilos de cobre, trenzados para minimizar interferencia y crosstalk. Es barato pero no es bueno para largas distancias – atenuación. – UTP – unshielded, sin blindaje – STP – shielded, con blindaje externo adicional Categoría Características Usos Cat 1 Grado telefónico(voz) Modems, telefonía Cat 2 Datos hasta 4 Mbps Terminales mainframes Cat 3 10 Mbps Eth, 4 Mbps TR 10 Base-T Cat 4 16 Mbps Token Ring Cat 5 100 Mbps, alto trenzado 100 Base-Tx, CDDI, ATM Cat 6 155 Mbps Redes alta velocidad Cat 7 1 Gbps Redes de muy alta velocidad

Topologías de Red Topología Características Problemas Tecnologías Bus Un solo cable al que están Topologías de Red Topología Características Problemas Tecnologías Bus Un solo cable al que están conectados todos. Los problemas en un equipo pueden afectar a los cercanos Ethernet Anillo Todos conectados por un cable, en circuito cerrado. Los problemas de un equipo pueden afectar a los cercanos en el mismo anillo. FDDI Estrella Todos conectados a un dispositivo central. Punto único de falla. Bus lógico (Ethernet) y anillo lógico (Token Ring) Árbol Topología de bus con ramas de cables Malla (Mesh) Computadoras interconectadas entre sí, redundancia. Ethernet Más caro y difícil resolución de problemas. Internet (malla parcial)

Tecnologías LAN • LAN (Local Área Network) – comunicación y recursos compartidos en un Tecnologías LAN • LAN (Local Área Network) – comunicación y recursos compartidos en un área relativamente pequeña (mismo tipo de tecnología de capa de enlace). Implementación Estándar Características Ethernet 802. 3 Medio compartido – acceso al medio en turnos, existen colisiones Utiliza dominios de broadcast y colisión CSMA/CD Coaxial, TP 10 Mbps – 1 Gbps Token Ring 802. 5 Todos los dispositivos se conectan a un MAU central (Multistation Access Unit) Acceso al medio con token 4 – 16 Mbps Monitoreo activo, beaconing FDDI 802. 8 Acceso al medio con token Anillos duales para redundancia 100 Mbps Opera a largas distancias, con altas velocidades – backbones, emplea fibra CDDI utiliza UTP

Ethernet Nombre Distancia Velocidad Descripción Ethernet 10 Base-2, Thin. Net 185 m 10 Mbps Ethernet Nombre Distancia Velocidad Descripción Ethernet 10 Base-2, Thin. Net 185 m 10 Mbps Coaxial, BNC Ethernet 10 Base-5, Thick. Net 500 m 10 Mbps Coaxial, BNC Ethernet 10 Base-T 100 m 10 Mbps UTP/STP, RJ 45 Fast. Ethernet 100 Base-TX 100 m 100 Mbps UTP/STP, RJ 45 Giga. Ethernet 1000 Base-Tx 100 m 1 Gbps UTP/STP, RJ 45 Giga. Ethernet 1000 Base-Fx 2 km-10 km 1 Gbps Fibra • CSMA/CD: Carrier Sense Multiple Access with Collision Detection, monitorean medio para verificar que nadie esté transmitiendo, si hay una colisión, envían una señal para abortar (jam) y esperan un tiempo aleatorio para retransmitir (backoff algorithm). A B D Printer E Collision File G H J Server • CSMA/CA: Collision Avoidance, los equipos indican su intención de transmitir antes de hacerlo.

Token Ring • • • Topología: estrella física, anillo lógico Token: trama de control Token Ring • • • Topología: estrella física, anillo lógico Token: trama de control de 24 bits (encabezado – con direcciones, campo de datos, y trailer) El token va recorriendo el anillo, y sólo el equipo con el token puede transmitir. Active monitor: elimina tramas atrapadas en ciclo (loop) Beaconing: envío de un beacon (trama) para indicar errores B A Printer C D Token MAU G F E File Server

FDDI • Fiber Distributed Data Interface (ANSI) • Utiliza dos anillos, uno en el FDDI • Fiber Distributed Data Interface (ANSI) • Utiliza dos anillos, uno en el sentido de las manecillas del reloj para datos, el otro en sentido contrario para redundancia. • Ring wrap – señal que indica fallo en anillo primario

Conceptos • Dominio de colisión: grupo de equipos que “compiten” por el uso del Conceptos • Dominio de colisión: grupo de equipos que “compiten” por el uso del mismo medio compartido. Separados por dispositivos L 2. • Dominio de broadcast: grupo de equipos que escuchan el mismo tráfico broadcast. Separados por dispositivos L 3. • Tipos de Acceso al Medio: • CSMA • Tokens • Polling: tipo de acceso al medio en el que las estaciones secundarias sólo pueden transmitir si se lo pregunta una primaria. • Métodos de transmisión LAN • Unicast: dirigido a un sólo host • Multicast: dirigido a un grupo de hosts • Broadcast: dirigido a todos los hosts dentro de un segmento de red.

IP • Protocolo no orientado a conexiones • Utiliza direccionamiento lógico (jerárquico) para ruteo IP • Protocolo no orientado a conexiones • Utiliza direccionamiento lógico (jerárquico) para ruteo de paquetes. • IPv 6 – 128 bits • IPv 4 – 32 bits (red/host). • Subnet mask – determina que porción de la dirección es de red y de host. Esta máscara determina la clase de la red. • Clase A: 8 bits para dirección de red, 24 para host • Clase B: 16 bits para dirección de red, 16 bits para host • Clase C: 24 bits para dirección de red, 8 par host 196. 64. 1. 1 255. 0 24 Bits 8 Bits • Direcciones privadas: • 10. 0 (1 Clase A) • 172. 16. 0. 0 a 172. 31. 255 (16 Clases B) • 192. 168. 0. 0 – 192. 168. 255 (256 Clases C)

IP 15 16 0 Version (4 bit) Header Type of Service length (8 -bit) IP 15 16 0 Version (4 bit) Header Type of Service length (8 -bit) (4 bit) Identification 31 Total Length of IP datagram (16 -bit) Fragment Offset (3 bit) (16 -bit) Flags (13 -bit) Time to Live Header Checksum (8 -bit) 28 bytes Protocol (8 -bit) (16 -bit) 20 bytes Source IP address (32 -bit) Destination IP address (32 -bit) IP Options (if any) Upper Layer Data Pad

TCP y UDP • Protocolos de la capa de transporte, se encargan de “transportar” TCP y UDP • Protocolos de la capa de transporte, se encargan de “transportar” los datos entre dos sistemas. TCP UDP Orientado a conexión (circuitos virtuales) No establece conexiones Confiable, solicita confirmación (acknowledgement) Mejor esfuerzo (best effort), sin confirmación Señalización de tres vías (three way handshake) No establece conexión virtual Números de secuencia Sin secuenciamiento Control de flujo (ventana deslizante) Sin control de flujo Requiere mayores recursos Rápido, paquetes con poca información adicional (overhead)

TCP y UDP TCP Source Port UDP Destination Port UDP Msg Length Sequence Number TCP y UDP TCP Source Port UDP Destination Port UDP Msg Length Sequence Number Source Port UDP Checksum Acknowledgment Number HLEN Rsvd Code Window TCP Checksum Urgent Pointer Options (if Any) Padding Data *Code=SYN, ACK, RST, PSH, FIN, URG Data

TCP • Establecimiento de conexiones TCP sigue un 3 -way-handshake Emisor Receptor (Escuchando) Envía TCP • Establecimiento de conexiones TCP sigue un 3 -way-handshake Emisor Receptor (Escuchando) Envía Syn (x) SYN Envía Syn (y), SYN, ACK Ack (x+1) ACK Recibe Ack (x+1) Recibe Ack (y+1) Envía Ack (y+1) Establecida

Números de Puertos y Protocolos • UDP y TCP utilizan puertos para comunicarse con Números de Puertos y Protocolos • UDP y TCP utilizan puertos para comunicarse con las capas superiores y separar las diferentes conexiones. • • • Conocidos (well known): 0 -1023 Registrados (registered): 1024 – 49151 Dinámicos (dynamic/private): 49152 -65535 SNMP DNS TFTP 21/20 L 5 a L 7 HTTP De manera similar, IP utiliza un número de protocolo para identificar lo que corresponde a capas superiores. SMTP • Telnet Socket – puerto y dirección fuente y destino. FTP • 23 25 80 161/162 53 69 Puerto L 4 UDP TCP 6 L 3 17 IP Protocolo

Otros Protocolos TCP/IP • ARP – Address Resolution Protocol, busca obtener una dirección física Otros Protocolos TCP/IP • ARP – Address Resolution Protocol, busca obtener una dirección física (MAC) que corresponde a una lógica (IP) • Susceptible a envenenamiento (ARP poisoning, es decir, colocar información incorrecta en la tabla ARP • RARP – Reverse Address Resolution Protocol, utilizado por terminales sin disco para obtener su dirección IP, conociendo su dirección física. • BOOTP – Boot Protocol, proporciona más información que RARP a estaciones sin disco. • DHCP – Dynamic Host Configuration Protocol, utilizado por equipo con su propio S. O. para obtener una IP • ICMP – Internet Control Message Protocol, entrega mensajes, reporta errores e información de rutina, y se utiliza para probar conectividad y resolución de problemas • Ping – echo request + echo reply • ICMP unreachables – indican que el destino no es alcanzable

Dispositivos de Red • Repetidor - L 1, hardware - Repite y amplifica señales Dispositivos de Red • Repetidor - L 1, hardware - Repite y amplifica señales - “Cable invisible” • Hub - L 1, hardware - Repetidor multipuertos • Switches - L 2, hardware -Puede tener muchos puertos. - Funcionalidad similar a un bridge. - Permite creación de VLANS (LANS virtuales, es decir, segentación en distintos dominios de colisión en un mismo switch, e independiente deubicación física) - Multilayered – combinan funcionalidades de otras capas • Bridges - L 2, software - Segmenta LANs - divide dominios colisión - Tablas de reenvío: -Transparente: Tabla CAM (MAC vs puerto) - Source Routing: los paquetes contienen la información necesaria para ser reenviados. - Spanning Tree – prevención de ciclos infinitos (loops) - Reenvía broadcasts => broadcast storms - Local (una misma LAN), remoto (a través de una WAN) o de traducción (diferentes tecnologías LAN)

Dispositivos de Redes • Routers - L 3, software - Decisiones basadas en IP Dispositivos de Redes • Routers - L 3, software - Decisiones basadas en IP - Interconecta redes - No reenvía broadcasts – divide dominios de broadcast - Si desconoce la dirección destino, no reenvía los paquetes. - Lleva una tabla de ruteo (IP vs interfaz) -Crea un nuevo encabezado L 2 para cada trama. El ruteo se lleva a cabo en base a la dirección destino. • Estático – configurado en el router • Dinámico – la tabla se construye a partir de protocolos de ruteo. • Sistema Autónomo (AS) – red individual manejada por una entidad específica.

Dispositivos de Redes • Gateway: software que interconecta dos ambientes diferentes, actuando como traductor Dispositivos de Redes • Gateway: software que interconecta dos ambientes diferentes, actuando como traductor o restringiendo la interacción entre ellos. Usualmente L 7, pero puede variar. Ejemplos: routers, gateways de correo, gateways de voz • PBX: Private Branch Exchange, conmutador de telefonía privado, proporciona servicios telefónicos, puede ser analógico o digital. Se conecta a la red pública telefónica (PSTN) • Phreaker – hacker telefónico • Local loop – lazo entre usuario y central telefónica • DISA – Direct Inward System Access – código de autorización para acceso a líneas

Firewalls • Filtran tráfico, facilitan segregación. L 3 a L 7. • DMZ (demilitarized Firewalls • Filtran tráfico, facilitan segregación. L 3 a L 7. • DMZ (demilitarized zone): zona de buffer entre redes protegidas y desprotegidas Internet • Dual-homed: equipo con dos tarjetas de red conectadas a diferentes redes con distintos niveles de confianza • Multi-homed: equipo con varias tarjetas de red • Desventajas: punto central de falla, posible bajo desempeño, pueden limitar servicios deseables, no proporcionan protección contra virus y atacantes internos.

Tipos de Firewall • Packet filtering: filtra basado en los paquetes (reglas que evalúan Tipos de Firewall • Packet filtering: filtra basado en los paquetes (reglas que evalúan los encabezados). 1ª generación. • Dynamic: añade puertos dinámicos a reglas temporales para permitir las conexiones de regreso. UDP. 4ª generación. • Stateful inspection: lleva una tabla con el estado de las conversaciones y filtra con base en esto. Analiza todo el paquete, permite seguir protocolos no orientados a conexión. 3ª generación. • Proxy: intermediario, redirige peticiones a su destino. • Application Level: Inspecciona todo el paquete y toma decisiones con base en todo su contenido, específico para cada protocolo. • Circuit Level: crea un circuito entre cliente y servidor; sólo inspecciona los encabezados y puede usarse para varios protocolos. i. e. SOCKS • Kernel Proxy: crea stacks dinámicos personalizados de TCP/IP cuando necesita evaluar un paquete. Examina todo el paquete de acuerdo con protocolo identificado. 5ª generación.

Arquitecturas de Firewall • Bastion Host: sistema configurado de manera “invulnerable”, debido a su Arquitecturas de Firewall • Bastion Host: sistema configurado de manera “invulnerable”, debido a su alta exposición: divide redes confiables y no confiables. • Screened Host: firewall que se comunica directamente con un dispositivo de filtrado previo y con la red interna. Internet • Screened Subnet: El firewall está ubicado entre otros dispositivos que filtren tráfico. Internet • Consideraciones: negar lo no permitido, anti-spoofing, fragmentación, source routing.

Servicios de Red • Network Operating System (NOS): controla acceso a los recursos de Servicios de Red • Network Operating System (NOS): controla acceso a los recursos de red y proporciona los servicios para habilitar la interacción de una computadora con la red. • DNS: Domain Name Service; resuelve nombres de host a direcciones IP • • Las redes se dividen en zonas dentro de un servidor Resource records: archivo que relaciona IPs con nombres Authoritative name server: contiene el listado para una zona. Los servidores se encuentran organizados jerárquicamente, con dominios de diferentes niveles. COM Root AT&T Top Level 2 nd Level MX Uninet

Servicios de Directorio • Contiene una base de datos jerárquica de los usuarios, computadoras, Servicios de Directorio • Contiene una base de datos jerárquica de los usuarios, computadoras, impresoras, recursos y los atributos de cada uno. • Basados en el modelo X. 500 • LDAP (Lightweight Directory Access Protocol) – protocolo para acceso a la base de datos del directorio. • Metadirectories – permiten encontrar información en otros directorios a través de uno de mayor nivel. • Ejemplos: Microsoft Active Directory, Novell Directory Services

NAT • Network Address Translation: traduce de una dirección IP a otra • Static NAT • Network Address Translation: traduce de una dirección IP a otra • Static - Uno a uno • Dynamic - Uno a muchos – permite compartir IPs, stateful, overload • Port translation - Mapeo de puertos (PAT) 10. 2. 0. 0 /24 Internet Global pool 192. 168. 0. 17 -30 192. 168. 0. 3 NAT 10. 0/24 192. 168. 0. 20 Internet PAT 10. 0. 0. 11 Port 2000 192. 168. 0. 20 Port 2001 10. 0. 0. 11 10. 0. 0. 4

Tipos de Redes • Intranet – red interna, privada, que utiliza tecnologías Web. • Tipos de Redes • Intranet – red interna, privada, que utiliza tecnologías Web. • Extranet – red de comunicación entre diferentes compañías • LAN – red local, en zona geográfica pequeña • MAN (Metropolitan Area Network) – backbone que interconecta redes locales, de área amplia e Internet en una zona geográfica grande. Utiliza SONET/SDH ó FDDI (fibra) • WAN (Wide Area Network) – establecen comunicación a través de grandes distancias.

Telecomunicaciones • Multiplexing – combinar múltiples canales de datos sobre un mismo medio de Telecomunicaciones • Multiplexing – combinar múltiples canales de datos sobre un mismo medio de transmisión. • TDM (Time Division Multiplexing) – asigna diferentes espacios de tiempo sobre la línea a cada canal. Escalable. DS-0 DS-1 DS-2 DS-3 DS-4 DS-5 DS-6 6 5 4 3 2 1 0

Telecomunicaciones • Enlace dedicado – enlace punto a punto exclusivo para esa conexión. Costo Telecomunicaciones • Enlace dedicado – enlace punto a punto exclusivo para esa conexión. Costo proporcional a distancia. • Conmutación – establecimiento de conexión solo cuando se necesita. • Circuit switching – establece una conexión virtual que actúa como un enlace dedicado entre dos sistemas. i. e. telefonía • Packet switching – los datos son divididos en paquetes, que pueden seguir diferentes rutas para llegar a un destino. • CSU/DSU (Channel/Data Service Unit) – conversor entre señales digitales y señales apropiadas para las líneas de transmisión. • DTE – Data Terminal Equipment – del usuario • DCE – Data Circuit-terminating Equipment – del Telco, señalización DTE DCE T 1 (Telco) DSU/CSU CSU/DSU

Tecnologías WAN Nombre Tipo Velocidad Características T-Carrier Enlace dedicado T 1 = 24 x. Tecnologías WAN Nombre Tipo Velocidad Características T-Carrier Enlace dedicado T 1 = 24 x. DS 0 = 1. 5 Mbps T 3 = 28 x. T 1 = 45 Mbps Utiliza TDM para combinar canales de voz (64 kbps) sobre un par de cobre. Es posible utilizar T 1 fraccional. Europa: E 1 (2 Mbps), E 3 (34 Mbps) SONET Enlace dedicado OC-1= 52 Mbps OC-3 = 155 Mbps OC-12 = 622 Mbps. . . Utiliza TDM para combinar canales DS 0, T 1, T 3, etc sobre fibra óptica. Europa: SDH (STM-1 a 256) S/WAN Packet switching Depende de la conexión Utiliza túneles VPN (IPSEC) para conexión firewall-firewall. Frame Relay Packet Switching CIR (Committed Info. Rate) Utiliza conmutación de tramas de longitud variable a través de la “nube” para establecer circuitos virtuales, ya sea permanentes (PVC) o conmutados (SVC). X. 25 Packet Switching Variable Antecedente de Frame-Relay, utiliza tramas de longitud fija (128 bytes) y HDLC, poco eficiente ATM Cell Switching Variable. Puede correr sobre SONET. Utiliza conmutación de celdas de 53 bytes para establecer circuitos virtuales (PVCs o SVCs)

Otros Protocolos WAN • SMDS – Switched Multimegabit Data Service – packetswitched, de alta Otros Protocolos WAN • SMDS – Switched Multimegabit Data Service – packetswitched, de alta velocidad para extender LANs. Reemplazada por FR. • SDLC – Synchronous Data Link Control – de IBM, utiliza polling para establecer comunicación en ambientes SNA, entre mainframes y sitios remotos, orientado a bits. • HDLC – High-level Data Link Control – extensión de SDLC para múltiples tipos de conexiones (punto a punto y multipunto). Método de encapsulación para enlaces seriales. Incompatible entre fabricantes. • HSSI – High Speed Serial Interface – interface DTE/DCE utilizada para conectar dispositivos de comunicación a servicios de alta velocidad.

Otros Protocolos • H. 323 – estándar para transmisión de video, audio y datos Otros Protocolos • H. 323 – estándar para transmisión de video, audio y datos sobre redes IP, utilizado en gateways de voz. • Vo. IP – voz sobre IP, transmisión de voz digitalizada sobre redes IP. Problemas: latencia, jitter • MPLS – Multi Protocol Layer Switching, tecnología que asigna etiquetas a las tramas y rutea con base en esas etiquetas. • • • Encapsula otros protocolos de capa 2 y 3 Soporta tecnologías de conmutación de paquetes y circuitos Solución de alta velocidad Soporta VPNs Gran flexibilidad

Acceso Remoto • Dial-up/RAS – conexión a un servidor de acceso (NAS) a través Acceso Remoto • Dial-up/RAS – conexión a un servidor de acceso (NAS) a través de una línea telefónica. • La autenticación puede ser local, mediante RADIUS, y puede utilizar mecanismo de call-back. • Wardialing: escaneo automático de rango telefónico • ISDN – Integrated Services Digital Network. Transmite voz y datos sobre líneas telefónicas, de forma digital. • BRI (Basic Rate Interface) = 2 B (datos) + 1 D (control) = 144 Kbps • PRI (Primary Rate Interface) = 23 B + 1 D = 1544 Kbps • BISDN (Broadband ISDN) – puede manejar muchos servicios, utilizado por carriers de telecomunicaciones. • DSL – Digital Subscriber Line. Usa las líneas telefónicas, alcanza hasta 52 Mbps. • Simétrico – mismo ancho de banda de subida que de bajada • Asimétrico – mayor ancho de banda de bajada • Cable - Utiliza cable coaxial (usualmente de TV) para proporcionar conexiones de hasta 50 Mbps. Ancho de banda compartido entre los usuarios del área local.

Dial-up • PPP (Point-to-Point Protocolo) –Se utiliza para establecer conexiones dial-up. Protocolo de capa Dial-up • PPP (Point-to-Point Protocolo) –Se utiliza para establecer conexiones dial-up. Protocolo de capa 2, encapsula datos de IP y otros protocolos para su transmisión en enlaces seriales. Métodos de autenticación: • PAP – Password Autentication Protocol, transmite la contraseña en texto claro • CHAP – Challenge/Handshake Authentication Protocol, reto/respuesta • EAP – Extensible Authentication Protocol, extensible a otros métodos de autenticación • SLIP (Serial Line Internet Protocol) – Similar a PPP, pero sólo soporta IP, es menos eficiente y requiere el conocimiento de la IP asignada por el proveedor antes de establecer la conexión.

VPN • VPN – conexión privada, segura, a través de una red pública. • VPN • VPN – conexión privada, segura, a través de una red pública. • Túnel - camino virtual a través de una red. Encapsulación. Supplier Business Partner Enterprise Ex tr Service Provider B Remote Office an et mo te ran Int CA DMZ Re Service Provider A et AAA Ac ce ss Regional Office Small Office Mobile User Or Corporate Telecommuter

Túneles • PPTP (Point-to-Point Tunneling Protocol) • Encapsula las tramas de PPP en datagramas Túneles • PPTP (Point-to-Point Tunneling Protocol) • Encapsula las tramas de PPP en datagramas IP, utiliza GRE (Generic Routing Encapsulation). • Permite establecer una VPN cuando el acceso a Internet es por dial-up. • Cifrado – Microsoft Point-to-Point encryption, MS-CHAP ó EAPTLS • Diseñado para conectividad cliente/servidor. • Sólo puede transmitir sobre redes IP. • L 2 F (Layer 2 Forwarding) • • • Protocolo propietario de Cisco Junto con PPTP originó L 2 TP Permite túneles de PPP sobre redes que no son IP Autenticación mutua Sin cifrado

Túneles • L 2 TP (Layer 2 Tunneling Protocol) • • Proviene de L Túneles • L 2 TP (Layer 2 Tunneling Protocol) • • Proviene de L 2 F y PPTP Transmite sobre diversos tipos de redes: IP, FR, ATM, X. 25 Se puede combinar con IPSEC Soporta TACACS+ y RADIUS • IPSEC (IP Security) • Proporciona autenticación y cifrado • Sólo soporta redes IP • Trabaja en la capa de red, a diferencia de PPTP y L 2 TP, que funcionan en la capa de enlace. • Consta de tres protocolos principales • • AH (Authentication Header) ESP (Encapsulating Security Payload) IKE (Internet Key Exchange) Tunnel mode – cifra tanto datos (payload) como encabezado, coloca un encabezado nuevo. • Transport mode – sólo cifra los datos

IPSEC • AH (Authentication Header) • Utiliza MD 5 ó SHA • Garantiza integridad IPSEC • AH (Authentication Header) • Utiliza MD 5 ó SHA • Garantiza integridad y autenticación de origen. • ESP (Encapsulating Security Payload) • Proporciona confidencialidad, cifrado (DES/3 DES/AES) • IKE (Internet Key Exchange) • Híbrido: combinación de ISAKMP, Oakley Key exchange y SKEME. • Define los mecanismos para asociaciones de seguridad e intercambio de llaves de autenticación: pre-shared o RSA • ISAKMP (Internet Security Association and Key Management Protocol) • Define el procedimiento y formato del paquete para establecer, negociar, modificar y borrar asociaciones de seguridad.

Redundancia • UPS: fuente ininterrumpida de energía eléctrica. • RAID (Redundant Array of Inexpensive Redundancia • UPS: fuente ininterrumpida de energía eléctrica. • RAID (Redundant Array of Inexpensive Disks): arreglo de discos, para proporcionar redundancia. • Resistencia a fallos – protege en caso de fallo del disco • Tolerancia a fallos – protege en caso de falla de un solo componente, disponibilidad continua • Tolerancia a desastres – mecanismo en zonas • HSM (Hierarchichal Storage Management) – respaldo continuo en línea. • SAN (Storage Area Network) • Striping – la información es separada en bloques y escrita en discos diferentes • Paridad – mecanismo de identificación y corrección de errores. • Clustering: conjunto de servidores manejados como un solo servidor lógico. Proporciona disponibilidad y escalabilidad. • Respaldos

RAID Nivel Descripción Nombre 0 Se reparte la información en varios discos, sin paridad RAID Nivel Descripción Nombre 0 Se reparte la información en varios discos, sin paridad ni redundancia Striping 1 Se escribe la información en dos discos a la vez (espejos), por lo que hay redundancia. Mirroring 2 Se reparte la información en los discos a nivel de bit. Se utiliza el código Hamming para identificación y corrección de errores. Hamming code parity 3 Se reparte la información en los discos a nivel de bit. Se almacena la información de paridad en un disco de comprobación, a partir del cual se puede recuperar información de los otros discos. Byte-level parity 4 Se reparte la información en varios discos a nivel de bloque. Se almacena la información de paridad en un disco de comprobación, a partir del cual se puede recuperar información de los otros discos. Block-level parity 5 La información se reparte en los discos de todas las unidades. La paridad se escribe en todas las unidades, si un disco falla, se recupera la información a partir de la paridad y datos de los demás. Interleave parity 6 Similar al nivel 5, pero con un segundo conjunto de datos de paridad escrito en todos los discos (unidades separadas) para tolerancia a fallos. Second parity data 10 La información es repartida y espejeada simultáneamente entre varios discos, puede soportar fallas múltiples. Striping and mirroring 15 Añade tolerancia a fallos mediante el espejo al nivel 5. Interleave parity and mirroring

Wireless • Utiliza CSMA/CA para acceso al medio. • Spread Spectrum: técnica de modulación Wireless • Utiliza CSMA/CA para acceso al medio. • Spread Spectrum: técnica de modulación que distribuye la señal a lo largo de TODO el rango de frecuencias disponible. Time 3 Frequency 2 2. 4 GHz Interference Channel 1 Channel 2 1 Direct Sequence 2. 4835 GHz Frequency Hopping Frequency 2. 4 GHz 2. 4835 GHz • Frequency Hopping (FHSS): receptor y emisor brincan constantemente de una a otra frecuencia dentro del rango asignado en una secuencia definida (código) • Direct Sequence (DSSS): Utiliza un código (chipping code) para transformar los datos de forma que aparenten ruido aleatorio, luego se modula a una frecuencia y se transmite. Channel 3

Estándares Wireless Estándar Velocidad Frecuencia 802. 11 1 and 2 Mbps 2. 4 GHz Estándares Wireless Estándar Velocidad Frecuencia 802. 11 1 and 2 Mbps 2. 4 GHz 802. 11 b 11 Mbps 2. 4 GHz 802. 11 a 54 Mbps 5 GHz 802. 11 g 54 Mbps 2. 4 GHz 802. 11 h 54 Mbps 5. 15 (CE) 802. 11 j 3 -17 Mbps 4. 9 GHz, 5 GHz (JP) 802. 11 i Especifica mecanismos de Seguridad para 802. 11 e Soporte de Qo. S y multimedia 802. 11 f Roaming 802. 11 s Mesh WLAN 802. 16 Wireless MAN 802. 15 Wireless Personal Area Network

Wireless • Acces Point – Punto de acceso a la red. • Infrastructure – Wireless • Acces Point – Punto de acceso a la red. • Infrastructure – Se utilizan los APs como bridges entre redes alámbricas e inalámbricas. • Ad hoc – Los dispositivos inalámbricos se comunican entre sí sin AP. • SSID (Service Set ID) – identificador de la WLAN, sirve para segmentar redes inalámbricas. • Cifrado: WEP (40/104 bits) vs WAP (128 bits) • WAP - Wireless Application Protocol – Wireless GAP – traducción de WTLS a SSL • Wardriving: rastreo de redes inalámbricas

Seguridad en Wireless • • • Implementación de WEP o WAP Modificar el SSID Seguridad en Wireless • • • Implementación de WEP o WAP Modificar el SSID default Deshabiitar la opción de SSID broadcast Utilizar otra capa de autenticación (RADIUS, Kerberos) Ubicación física del AP Ubicación lógica del AP (en DMZ) Uso de VPN Configurar control de acceso por MACs Deshabilitar DHCP 802. 1 x Client Access Point RADIUS Server

Finalmente. . Finalmente. .

Preguntas 1. Which one of the following is the Open Systems Interconnection (OSI) protocol Preguntas 1. Which one of the following is the Open Systems Interconnection (OSI) protocol for message handling? A. X. 25 B. X. 400 C. X. 500 D. X. 509 Answer: B An ISO and ITU standard for addressing and transporting e-mail messages. It conforms to layer 7 of the OSI model and supports several types of transport mechanisms, including Ethernet, X. 25, TCP/IP, and dial-up lines. http: //www. webopedia. com/TERM/X/X_400. html

Preguntas 2. Which one of the following attacks is MOST effective against an Internet Preguntas 2. Which one of the following attacks is MOST effective against an Internet Protocol Security (IPSEC) based virtual private network (VPN)? A. Brute force B. Man-in-the-middle C. Traffic analysis D. Replay Answer: B Active attacks find identities by being a man-in-the-middle or by replacing the responder in the negotiation.

Preguntas 3. Which one of the following is defined as the process of distributing Preguntas 3. Which one of the following is defined as the process of distributing incorrect Internet Protocol (IP) addresses/names with the intent of diverting traffic? A. Network aliasing B. Domain Name Server (DNS) poisoning C. Reverse Address Resolution Protocol (ARP) D. Port scanning Answer: B This is how DNS DOS attack can occur. If the actual DNS records are unattainable to the attacker for him to alter in this fashion, which they should be, the attacker can insert this data into the cache of the server instead of replacing the actual records, which is referred to as cache poisoning.

Preguntas 4. Which one of the following instigates a SYN flood attack? A. Generating Preguntas 4. Which one of the following instigates a SYN flood attack? A. Generating excessive broadcast packets. B. Creating a high number of half-open connections. C. Inserting repetitive Internet Relay Chat (IRC) messages. D. A large number of Internet Control Message Protocol (ICMP) traces. Answer: B A SYN attack occurs when an attacker exploits the use of the buffer space during a Transmission Control Protocol (TCP) session initialization handshake. The attacker floods the target system's small "in-process“ queue with connection requests, but it does not respond when a target system replies to those requests. This causes the target system to time out while waiting for the proper response, which makes the system crash or become unusable. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 103

Preguntas 5. Which one of the following could a company implement to help reduce Preguntas 5. Which one of the following could a company implement to help reduce PBX fraud? A. Direct Inward System Access (DISA) B. Call vectoring C. Teleconferencing bridges D. Remote maintenance ports Answer: A The potential for fraud to occur in voice telecommunications equipment is a serious threat. PBX's (Private Branch Exchange) are telephone switches used within state agencies to allow employees to make out-going and receive in- coming phone calls. These PBX's can also provide connections for communications between personal computers and local and wide area networks. Security measures must be taken to avoid the possibility of theft of either phone service or information through the telephone systems. Direct Inward System Access (DISA) is the ability to call into a PBX, either on an 800 number or a local dial-in, and by using an authorization code, gain access to the long distance lines and place long distance calls through the PBX

Preguntas 6. A screening router can perform packet filtering based upon what data? A. Preguntas 6. A screening router can perform packet filtering based upon what data? A. Translated source destination addresses. B. Inverse address resolution. C. Source and destination port number. D. Source and destination addresses and application data. Answer: C A screening router is one of the simplest firewall strategies to implement. This is a popular design because most companies already have the hardware in place to implement it. A screening router is an excellent first line of defense in the creation of your firewall strategy. It's just a router that has filters associated with it to screen outbound and inbound traffic based on IP address and UDP and TCP ports.

Preguntas 7. Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need Preguntas 7. Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a network entity to verify both A. The identity of a remote communicating entity and the authenticity of the source of the data that are received. B. The authenticity of a remote communicating entity and the path through which communications are received. C. The location of a remote communicating entity and the path through which communications are received. D. The identity of a remote communicating entity and the level of security of the path through which data are received. Answer: A OSI model needs to know the source of the data and that it is who it says it is. Path it the data take is not cared about unless source routing is used. The level of security is not cared about inherently by the receiving node (in general) unless configured. A is the best option in this question.

Preguntas 8. Which one of the following threats does NOT rely on packet size Preguntas 8. Which one of the following threats does NOT rely on packet size or large volumes of data? A. SYN flood B. Spam C. Ping of death D. Macro virus Answer: D SPAM - The term describing unwanted email, newsgroup, or discussion forum messages. Spam can be innocuous as an advertisement from a well-meaning vendor or as malignant as floods or unrequested messages with viruses or Trojan horses attached SYN Flood Attack - A type of Do. S. A Syn flood attack is waged by not sending the final ACK packet, which breaks the standard three-way handshake used by TCP/IP to initiate communication sessions. Ping of death attack - A type of Do. S. A ping of death attack employs an oversized ping packet. Using special tools, an attacker can send numerous oversized ping packets to a victim. In many cases, when the victimized system attempts to process the packets, an error occurs causing the system to freeze, crash, or reboot. Macro Viruses - A virus that utilizes crude technologies to infect documents created in the Microsoft Word environment. - Ed Tittle CISSP Study Guide (sybex) pg 550 740, 743, 723, 713

Preguntas 9. Why are hardware security features preferred over software security features? A. They Preguntas 9. Why are hardware security features preferred over software security features? A. They lock in a particular implementation. B. They have a lower meantime to failure. C. Firmware has fewer software bugs. D. They permit higher performance. Answer: D Hardware allows faster performance then software and does not need to utilize an underlying OS to make the security software operate.

Preguntas 10. Which of the following layers supervises the control rate of packet transfers Preguntas 10. Which of the following layers supervises the control rate of packet transfers in an Open Systems Interconnections (OSI) implementation? A. Physical B. Session C. Transport D. Network Answer: C The transport layer defines how to address the physical locations and /or devices on the network, how to make connections between nodes, and how to handle the networking of messages. It is responsible for maintaining the end-to-end integrity and control of the session. Services located in the transport layer both segment and reassemble the data from upper-layer applications and unite it onto the same data stream, which provides end-to-end data transport services and establishes a logical connection between the sending host and destination host on a network. The transport layer is also responsible for providing mechanisms for multiplexing upper-layer applications, session establishment, and the teardown of virtual circuits. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 275 -276

Preguntas 11. What type of wiretapping involves injecting something into the communications? A. Aggressive Preguntas 11. What type of wiretapping involves injecting something into the communications? A. Aggressive B. Captive C. Passive D. Active Answer: D Active wiretapping" attempts to alter the data or otherwise affect the flow; "passive wiretapping" only attempts to observe the flow and gain knowledge of information it contains. (See: active attack, end-to-end encryption, passive attack. )" http: //www. linuxsecurity. com/dictionary/dict-455. html

Preguntas 12. Which one of the following is a technical solution for the quality Preguntas 12. Which one of the following is a technical solution for the quality of service, speed, and security problems facing the Internet? A. Random Early Detection (RED) queuing B. Multi-protocol label-switching (MPLS) C. Public Key Cryptography Standard (PKCS) D. Resource Reservation Protocol (RSVP) Answer: B RED and RSVP are Qo. S protocols, while PKCS is related to security only. MPLS Label Forwarding is performed with a label lookup for an incoming label, which is then swapped with the outgoing label and finally sent to the next hop. Labels are imposed on the packets only once at the edge of the MPLS network and removed at the other end. These labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). Packets belonging to the same FEC get similar treatment. The label is added between the Layer 2 and the Layer 3 header (in a packet environment) or in the virtual path identifier/virtual channel identifier (VPI/VCI) field (in ATM networks). The core network merely reads labels, applies appropriate services, and forwards packets based on the labels. This MPLS lookup and forwarding scheme offers the ability to explicitly control routing based on destination and source addresses, allowing easier introduction of new IP services.

Preguntas 13. Which one of the following is the MOST solid defense against interception Preguntas 13. Which one of the following is the MOST solid defense against interception of a network transmission? A. Frequency hopping B. Optical fiber C. Alternate routing D. Encryption Answer: D Frequency hopping is specific for wireless networks. Optical fiber onl limit interception across a specific path. Encryption is the best defense when a transmission is captured because it is hard to decrypt.

Preguntas 14. Why would an Ethernet LAN in a bus topology have a greater Preguntas 14. Why would an Ethernet LAN in a bus topology have a greater risk of unauthorized disclosure than switched Ethernet in a hub-and-spoke or star topology? A. IEEE 802. 5 protocol for Ethernet cannot support encryption. B. Ethernet is a broadcast technology. C. Hub and spoke connections are highly multiplexed. D. TCP/IP is an insecure protocol. Answer: C Switched environments allow frame forwarding only to the devices they are addressed to. Both switched and non-switched Ethernet LANs forward all broadcast traffic. 802. 5 is Token Ring. Ethernet LANs can transport protocols other than TCP/IP.

Preguntas 15. Which one of the following describes a bastion host? A. A physically Preguntas 15. Which one of the following describes a bastion host? A. A physically shielded computer located in a data center or vault. B. A computer which maintains important data about the network. C. A computer which plays a critical role in a firewall configuration. D. A computer used to monitor the vulnerability of a network. Answer: C A bastion host or screened host is just a firewall system logically positioned between a private network and an untrusted network. - Ed Tittle CISSP Study Guide (sybex) pg 93

Preguntas 16. Firewalls can be used to A. Enforce security policy. B. Protect data Preguntas 16. Firewalls can be used to A. Enforce security policy. B. Protect data confidentiality. C. Protect against protocol redirects. D. Enforce Secure Network Interface addressing. Answer: A A firewall is a device that supports and enforces the company's network security policy. - Shon Harris Allin- One CISSP Certification Guide pg 412

Preguntas 17. In a typical firewall configuration, what is the central host in organization’s Preguntas 17. In a typical firewall configuration, what is the central host in organization’s network security? A. Stateful B. Screen C. Gateway D. Bastion Answer: D Bastion Host: A system that has been hardened to resist attack at some critical point of entry, and which is installed on a network in such a way that it is expected to come under attack. Bastion hosts are often components of firewalls, or may be 'outside" Web servers or public access systems. Generally, a bastion host is running some form of general purpose operating system (e. g. , LNIX, VMS, WNT, etc. ) rather than a ROM-based or firmware operating system.

Preguntas 18. Which of the following defines the key exchange for Internet Protocol Security Preguntas 18. Which of the following defines the key exchange for Internet Protocol Security (IPSEC)? A. Internet Security Association Key Management Protocol (ISAKMP) B. Internet Key Exchange (IKE) C. Security Key Exchange (SKE) D. Internet Communication Messaging Protocol (ICMP) Answer: B Strictly speaking, a combination of three protocols is used to define the key management for IPSEC. These protocols are ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley. When combined and applied to IPSEC, these protocols are called the Internet Key Exchange (IKE) protocol. In general, ISAKMP defines the phases for establishing a secure relationship, SKEME describes a secure exchange mechanism, and Oakley defines the modes of operation needed to establish a secure connection. " -Ronald Krutz The CISSP PREP Guide (gold edition) pg 221 -222

Preguntas 19. On which Open System Interconnection (OSI) Reference Model layer are repeaters used Preguntas 19. On which Open System Interconnection (OSI) Reference Model layer are repeaters used as communications transfer devices? A. Data-link B. Physical C. Network D. Transport Answer: B Hubs are multi port repeaters, and as such they obey the same rules as repeaters (See previous section OSI Operating Layer). They operate at the OSI Model Physical Layer. "

Preguntas 20. Which one of the following is a TRUE statement about the bottom Preguntas 20. Which one of the following is a TRUE statement about the bottom three layers of the Open Systems Interconnection (OSI) Reference Model? A. They generally pertain to the characteristics of the communicating end systems. B. They cover synchronization and error control of network data transmissions. C. They support and manage file transfer and distribute process resources. D. They support components necessary to transmit network messages. Answer: B Data link: error control - A noise burst on the line can destroy a frame completely. In this case, the data link layer software on the source machine must retransmit the frame. However, multiple transmissions of the same frame introduce the possibility of duplicate frames. A duplicate frame could be sent, for example, if the acknowledgment frame from the receiver back to the sender was destroyed. It is up to this layer to solve the problems caused by damaged, list, and duplicate frames.

Preguntas 21. Which of the following is the MOST secure network access control procedure Preguntas 21. Which of the following is the MOST secure network access control procedure to adopt when using a callback device? A. The user enters a userid and PIN, and the device calls back the telephone number that corresponds to the userid. B. The user enters a userid, PIN, and telephone number, and the device calls back the telephone number entered. C. The user enters the telephone number, and the device verifies that the number exists in its database before calling back. D. The user enters the telephone number, and the device responds with a challenge. Answer: A Usually a request for a username and password takes place and the NAS may hang up the call in order to call the user back at a predefined phone number. This is a security activity that is used to try and ensure that only authenticated users are given access to the network and it reverse the long distance charges back to the company. . . However, this security measure can be compromised if someone implements call forwarding. Shon Harris All-in-one CISSP Certification Guide pg 463

Preguntas 22. Which is the MAIN advantage of having an application gateway? A. To Preguntas 22. Which is the MAIN advantage of having an application gateway? A. To perform change control procedures for applications. B. To provide a means for applications to move into production. C. To log and control incoming and outgoing traffic. D. To audit and approve changes to applications. Answer: C "An application-level gateway firewall is also called a proxy firewall. A proxy is a mechanism that copies packets from one network into another; the copy process also changes the source and destination address to protect the identity of the internal or private network. An application-level gateway firewall filters traffic based on the Internet service (i. e. , application) used to transmit or receive the data. " - Shon Harris All-in-one CISSP Certification Guide pg 92

Preguntas 23. Why are packet filtering routers NOT effective against mail bomb attacks? A. Preguntas 23. Why are packet filtering routers NOT effective against mail bomb attacks? A. The bomb code is obscured by the message encoding algorithm. B. Mail bombs are polymorphic and present no consistent signature to filter on. C. Filters do not examine the data portion of a packet. D. The bomb code is hidden in the header and appears as a normal routing information. Answer: C Packet filtering does not examine the data portion of the packet and thus, can’t protect against application specific attacks.

Preguntas 24. Which process on a firewall makes permit/deny forwarding decisions based solely on Preguntas 24. Which process on a firewall makes permit/deny forwarding decisions based solely on address and service port information? A. Circuit Proxy B. Stateful Packet Inspection Proxy C. Application Proxy D. Transparency Proxy Answer: A Circuit-level proxy creates a circuit between the client computer and the server. It does not understand or care about the higher-level issues that an application-level proxy deals with. It knows the source and destinations addresses and makes access decisions based on this information. . . IT looks at the data within the packet header versus the data within the payload of the packet. It does not know if the contents within the packet are actually safe or not. - Shon Harris All-in-one CISSP Certification Guide pg 419 -420

Preguntas 25. What is the purpose of the Encapsulation Security Payload (ESP) in the Preguntas 25. What is the purpose of the Encapsulation Security Payload (ESP) in the Internet Protocol (IP) Security Architecture for Internet Protocol Security? A. To provide non-repudiation and confidentiality for IP transmission. B. To provide integrity and confidentiality for IP transmissions. C. To provide integrity and authentication for IP transmissions. D. To provide key management and key distribution for IP transmissions. Answer: B ESP deals with encriptyon of the payload in IPSEC, providing confidentiality and integrity of data transmissions.

Preguntas 26. Which one of the following data transmission technologies is NOT packet-switch based? Preguntas 26. Which one of the following data transmission technologies is NOT packet-switch based? A. X. 25 B. ATM (Asynchronous Transfer Mode) C. CSMA/CD (Carrier Sense Multiple Access/Collision Detection) D. Frame Relay Answer: C CSMA/CD is the media access protocol used in Ethernet.

Preguntas 27. How does the SOCKS protocol secure Internet Protocol (IP) connections? A. By Preguntas 27. How does the SOCKS protocol secure Internet Protocol (IP) connections? A. By negotiating encryption keys during the connection setup. B. By attaching Authentication Headers (AH) to each packet. C. By distributing encryption keys to SOCKS enabled applications. D. By acting as a connection proxy. Answer: D

Preguntas 28. What technique is used to prevent eavesdropping of digital cellular telephone conversations? Preguntas 28. What technique is used to prevent eavesdropping of digital cellular telephone conversations? A. Encryption B. Authentication C. Call detail suppression D. Time-division multiplexing Answer: A TDMA uses time slots, so it is possible to intercept the signal, but synchronization is required to decode signal. GSM is a form of TDMA with greatly enhanced security. GSM encryption can be cracked, but it is not easy. CDMA uses spread spectrum. A single connection will use a wide variety of different frequencies The specific frequencies, duration and start times at each frequency are carried in in a coded transmission. CDMA is more secure than GSM which is more secure than TDMA (IS-136).

Preguntas 29. Virtual Private Network software typically encrypts all of the following EXCEPT A. Preguntas 29. Virtual Private Network software typically encrypts all of the following EXCEPT A. File transfer protocol B. Data link messaging C. HTTP protocol D. Session information Answer: B VPN software usually works at the network layer, and doesn’t provide encryption of data link messaging.

Preguntas 30. Firewalls filter incoming traffic according to A. The packet composition. B. A Preguntas 30. Firewalls filter incoming traffic according to A. The packet composition. B. A security policy. C. Stateful packet rules. D. A security process. Answer: B Security policies may include packet filtering based on headers, stateful inspection or application-level inspection.

Preguntas 31. Encryption is applicable to all of the following OSI/ISO layers except: A. Preguntas 31. Encryption is applicable to all of the following OSI/ISO layers except: A. Network layer B. Physical layer C. Session layer D. Data link layer Answer: B Encryption is available to all layers in the OSI/ISO model except the physical layer. It is most intrusive at the application layer but provides users the greatest degree of flexibility at this level since the scope and strength of the protection can be tailored to meet the specific needs of the application. At the network and transport layer, encryption, which is transparent to most applications, allows systems to converse over existing insecure Internet lines. This level is costly to encrypt and affects all communications among different systems. Encryption at the data link level is for protecting local traffic (i. e. , on one shared cable), although messages are exposed while passing through other links. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 4: Protection of Information Assets (page 216).

Preguntas 32. Which layer of the TCP/IP protocol model controls the communication flow between Preguntas 32. Which layer of the TCP/IP protocol model controls the communication flow between hosts? A. Internet layer B. Host-to-host transport layer C. Application layer D. Network access layer Answer: A Whereas the host-to-host layer (OSI's transport layer) provides end-to-end data delivery service to the application layer, it is the Internet layer (OSI's Network layer) that handles the routing of packets among multiple networks and controls the communication flow between hosts. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 85). Also: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, Mc. Graw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 344).

Preguntas 33. What is the proper term to refer to a single unit of Preguntas 33. What is the proper term to refer to a single unit of IP data? A. B. C. D. IP segment IP datagram IP frame IP packet Answer: B The proper terms are TCP segment, IP datagram, and Ethernet frame. Source: STEVENS, Richard W. , TCP/IP Illustrated, Volume 1: The Protocols, 1994, Addison-Wesley Pub Co. , pg. 10.

Preguntas 34. Lower Layers (Physical, Link, Network, Transport) are unable to protect against what Preguntas 34. Lower Layers (Physical, Link, Network, Transport) are unable to protect against what kind of attacks? A. Piggy Back Attacks B. Brute Force C. Denial of Service Attacks D. Content Based Attacks Answer: D Lower Layer Protocols do not interact with data contained in the payload. Reference: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4 th Edition, Volume 1, page 163.

Preguntas 35. Which of the following is the core of fiber optic cables made Preguntas 35. Which of the following is the core of fiber optic cables made of? A. PVC B. Glass fibers C. Kevlar D. Teflon Answer: B Fiber optic cables have an outer insulating jacket made of Teflon or PVC, Kevlar fiber, which helps to strengthen the cable and prevent breakage, plastic coatings, used to cushion the fiber center. The center (core) of the cable is made of glass or plastic fibers. Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 3: Telecommunications and Network Security (page 31).

Preguntas 36. Which of the following functions does RAID Level 0 perform? A. It Preguntas 36. Which of the following functions does RAID Level 0 perform? A. It creates one large disk by using several disks. B. It creates several smaller disks from one large disk. C. It recovers one large disk by using several smaller disks. D. It removes one large disk as it creates several smaller disks. Answer: A RAID Level 0 creates one large disk by using several disks. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65.

Preguntas 37. Which of the following is immune to the effects of electromagnetic interference Preguntas 37. Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? A. Fiber Optic cable B. Coaxial cable C. Twisted Pair cable D. Axial cable Answer: A Fiber Optic cable is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length (up to two kilometers in some cases). Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 72.

Preguntas 38. Which of the following, used to extend a network, has a storage Preguntas 38. Which of the following, used to extend a network, has a storage capacity to store frames and act as a store-and-forward device? A. Bridge B. Router C. Repeater D. Gateway Answer: A Bridges are used to connect two separate networks to form a logical network. They must have storage capacity to store frames and act as a store-and-forward device. Bridges operate at the data link layer by examining the media access control header of a data packet. Routers are switching devices that operate at the network layer by examining network addresses. Repeaters work at the physical layer and amplify transmission signals to reach remote devices by taking a signal from a LAN. Gateways provide access paths to foreign networks. Source: Information Systems Audit and Control Association, Certified Information Systems Auditor 2002 review manual, Chapter 3: Technical Infrastructure and Operational Practices (page 127).

Preguntas 39. What is the proper term to refer to a single unit of Preguntas 39. What is the proper term to refer to a single unit of TCP data at the transport layer? A. TCP segment B. TCP datagram C. TCP frame D. TCP packet Answer: A The proper terms is TCP segment. Source: STEVENS, Richard W. , TCP/IP Illustrated, Volume 1: The Protocols, 1994, Addison-Wesley Pub Co. , pg. 10.

Preguntas 40. Which OSI/OSI layer defines the X. 24, V. 35, X. 21 and Preguntas 40. Which OSI/OSI layer defines the X. 24, V. 35, X. 21 and HSSI standard interfaces? A. Transport layer B. Network layer C. Data link layer D. Physical layer Answer: D The physical layer (layer 1) defines the X. 24, V. 35, X. 21 and HSSI standard interfaces. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 83).

Preguntas 41. Which protocol matches an Internet Protocol (IP) address to a known Ethernet Preguntas 41. Which protocol matches an Internet Protocol (IP) address to a known Ethernet address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP). Answer: B The RARP protocol sends out a packet, which includes its MAC address and a request to be informed of the IP address that should be assigned to that MAC address. ARP does the opposite by broadcasting a request to find the Ethernet address that matches a known IP address. ICMP supports packets containing error, control, and informational messages (e. g. PING). UDP runs over IP and is used primarily for broadcasting messages over a network. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 87.

Preguntas 42. Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving Preguntas 42. Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provide following service except: A. Authentication B. Integrity C. Replay resistance and non-repudiations D. Confidentiality Answer: D AH provides integrity, authentication, and non-repudiation. Security Associations (SAs) can be combined into bundles to provide authentication, confidentialility and layered communication. Source: TIPTON, Harold F. & KRAUSE, MICKI, Information Security Management Handbook, 4 th Edition, Volume 2, 2001, CRC Press, NY, page 164.

Preguntas 43. RAID Software can run faster in the operating system because neither use Preguntas 43. RAID Software can run faster in the operating system because neither use the hardware-level parity drives by? • A. Simple striping or mirroring. • B. Hard striping or mirroring. • C. Simple hamming code parity or mirroring. • D. Simple striping or hamming code parity. Answer: A This is true, if we do not use parity in our RAID implementation, like RAID 1 (Mirroring) or RAID 0 (Stripping) we can improve performance because the CPU does not need waste cycles to make the parity calculations. For example this can be achieved in Windows 2000 server through the use of RAID 0 (No fault tolerance, just stripping in 64 kb chunks) or RAID 1 (Mirroring through a file system driver). This is not the case of RAID 5 that actually uses parity to provide fault tolerance.

Preguntas 44. Which of the following is a problem evidenced with Raid Level 0? Preguntas 44. Which of the following is a problem evidenced with Raid Level 0? A. It lessens the fault tolerance of the disk system. B. It reduces the performance of the disk system. C. It reduces the capacity of the disk system. D. It complicates the recovery of the disk system. Answer: A Tne problem with RAID Level 0 is that it actually lessens the fault tolerance of the disk system rather than increasing it-the entire data volume is unusable if one drive in the set fails. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 65.

Preguntas 45. Which of the following firewall rules is less likely to be found Preguntas 45. Which of the following firewall rules is less likely to be found on a firewall installed between an organization's internal network and the Internet? A. Permit all traffic to and from local host. B. Permit all inbound ssh traffic. C. Permit all inbound tcp connections. D. Permit all syslog traffic to log-server. abc. org. Answer: C Any opening of an internal network to the Internet is susceptible of creating a new vulnerability. Of the given rules, the one that permits all inbound tcp connections is the most dangerous since it amounts to almost having no firewall at all, tcp being widely used on the Internet. Source: ALLEN, Julia H. , The CERT Guide to System and Network Security Practices, Addison-Wesley, 2001, Appendix B, Practice-Level Policy Considerations (page 409).

Preguntas 46. A variation of RAID 5 wherein the array functions as a single Preguntas 46. A variation of RAID 5 wherein the array functions as a single virtual disk in the hardware is which of the following? A. RAID Level 7 B. RAID Level 6 C. RAID Levels 3 and 4 D. RAID Level 2 Answer: A RAID Level 7 is a variation of RAID 5 wherein the array functions as a single virtual disk in the hardware. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 66.

Preguntas 47. In which LAN transmission method a source packet is copied and sent Preguntas 47. In which LAN transmission method a source packet is copied and sent to specific multiple destinations on the network? A. Overcast B. Unicast C. Multicast D. Broadcast Answer: C With multicast, a source packet is copied and sent to specific multiple destinations on the network. Unicast sends a packet from a single source to a single destination. In a broadcast, a packet is copied and then sent to all the stations on a network. Overcast is not a defined LAN transmission method. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 104).

Preguntas 48. Unshielded (UTP) comes in several categories. The category is based on: A. Preguntas 48. Unshielded (UTP) comes in several categories. The category is based on: A. how tightly the copper cable is wound within the shielding. B. how thick the shielding is. C. several factors. D. the diameter of the copper. Answer: A UTP comes in several categories, determined by how tightly the copper cable is wound within the shielding. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 101.

Preguntas 49. Which of the following NAT firewall translation modes is required to make Preguntas 49. Which of the following NAT firewall translation modes is required to make internal hosts available for connection from external hosts? A. Dynamic translation B. Load balancing translation C. Static translation D. Network redundancy translation Answer: C With static translation (also called port forwarding), a specific internal network resource (usually a server) has a fixed translation that never changes. Static NAT is required to make internal hosts available for connection from external hosts. In dynamic translation (also called Automatic, Hide Mode, or IP Masquerade), a large group of internal clients share a single or small group of internal IP addresses for the purpose of hiding their identities or expanding the internal network address space. Load Balancing Translation is used to translate a single IP address and port to a pool of identically configured servers so that a single public address can be served by a number of servers. In Network Redundancy Translation, multiple Internet connections are attached to a single NAT firewall that it chooses and uses based on load and availability. Source: STREBE, Matthew and PERKINS, Charles, Firewalls 24 seven, Sybex 2000, Chapter 7: Network Address Translation.

Preguntas 50. When is implementing WLAN a feasible option for your environment? A. When Preguntas 50. When is implementing WLAN a feasible option for your environment? A. When you have a proper security policy B. When you have no concerns about attacks from competitors looking for secret information C. When you have properly secured your access points (AP) D. When your have identified probable threats Answer: B Reference: The real deal on wireless article (info security mag, Aug 02), available at http: //www. infosecuritymag. com/2002/aug/justthebasics. shtml.

Preguntas 51. Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is Preguntas 51. Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false? A. It can be used for voice B. it can be used for data C. It carries various sizes of packets D. It can be used for video Answer: C ATM is an example of a fast packet-switching network that can be used for either data, voice or video, but packets are of fixed size. Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, Mc. Graw-Hill/Osborne, 2002, chapter 7: Telecommunications and Network Security (page 455).

Preguntas 52. Which of the following would best define the Preguntas 52. Which of the following would best define the "Wap Gap" security issue? A. The processing capability gap between wireless devices and PCs. B. The fact that WTLS transmissions have to be decrypted at the carrier's WAP gateway to be re-encrypted with SSL for use over wired networks. C. The fact that Wireless communications are far easier to intercept than wired communications. D. The inability of wireless devices to implement strong encryption algorithms. Answer: B The WAP GAP is a specific security issue associated with WAP results from the requirement to change security protocols at the carrier's WAP gateway from the wireless WTLS to SSL for use over the wired network. At the WAP gateway, the transmission, which is protected by WTLS, is decrypted and then re-encrypted for transmission using SSL, leaving data temporarily in the clear on the gateway. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 173).

Preguntas 53. Which of the following statements pertaining to VPN protocol standards is false? Preguntas 53. Which of the following statements pertaining to VPN protocol standards is false? A. L 2 TP is a combination of PPTP and L 2 F. B. L 2 TP and PPTP were designed for single point-to-point client to server communication. C. L 2 TP operates at the network layer. D. PPTP uses native PPP authentication and encryption services. Answer: C L 2 TP and PPTP were both designed for individual client to server connections; they enable only a single point-to-point connection per session. Both L 2 TP and PPTP operate at the data link layer (layer 2) of the OSI model. PPTP uses native PPP authentication and encryption services and L 2 TP is a combination of PPTP and Layer 2 Forwarding protocol (L 2 F). Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 95).

Preguntas 54. What is defined as the manner in which the network devices are Preguntas 54. What is defined as the manner in which the network devices are organized to facilitate communications? A. LAN transmission methods B. LAN topologies C. LAN transmission protocols D. LAN media access methods Answer: B A network topology defines the manner in which the network devices are organized to facilitate communications. Common LAN technologies are bus, ring, star or meshed. LAN transmission methods refer to the way packets are sent on the network and are either unicast, multicast or broadcast. LAN transmission protocols are the rules for communicating between computers on a LAN. Common LAN transmission protocols are CSMA/CD, polling, token-passing. LAN media access methods control the use of a network (physical and data link layers). They can be Ethernet, ARCnet, Token ring and FDDI. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 105).

Preguntas 55. Which of the following best defines source routing? A. The packets hold Preguntas 55. Which of the following best defines source routing? A. The packets hold the forwarding information so they don't need bridges and routers to find their way to the destination. B. The packets hold source information in a fashion that source address cannot be forged. C. The packets are encapsulated to conceal source information. D. The packets hold information about redundant paths in order to provide a higher reliability. Answer: A With source routing, the packets hold the forwarding information so that they can find their way to the destination themselves without bridges and routers dictating their paths. Source: WALLHOFF, John, CISSP Summary 2002, April 2002, CBK#2 Telecommunications and Network Security (page 5), available at http: //www. cccure. org/Documents/CISSP_Summary_2002/index. html.

Preguntas 56. What is also known as 10 Base 5? A. Thinnet B. Thicknet Preguntas 56. What is also known as 10 Base 5? A. Thinnet B. Thicknet C. ARCnet D. UTP Answer: B Thicknet is a coaxial cable with segments of up to 500 meters, also known as 10 Base 5. Thinnet is a coaxial cable with segments of up to 185 meters. Unshielded twisted pair (UTP) has three variations: 10 Mbps (10 Base. T), 100 Mbps (100 Base. T) or 1 Gbps (1000 Base. T). ARCnet is a LAN media access method. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 3: Telecommunications and Network Security (page 108).

Preguntas 57. Which of the following offers security to wireless communications? A. S-WAP B. Preguntas 57. Which of the following offers security to wireless communications? A. S-WAP B. WTLS C. WSP D. WDP Answer: B Wireless Transport Layer Security (WTLS) is a communication protocol that allows wireless devices to send and receive encrypted information over the Internet. S-WAP is not defined. WSP (Wireless Session Protocol) and WDP (Wireless Datagram Protocol) are part of Wireless Access Protocol (WAP). Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 173).

Preguntas 58. Why is infrared generally considered to be more secure to eavesdropping than Preguntas 58. Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions? A. Because infrared eavesdropping requires more sophisticated equipment. B. Because infrared operates only over short distances. C. Because infrared requires direct line-of-sight paths. D. Because infrared operates at extra-low frequencies (ELF). Answer: C Infrared is generally considered to be more secure to eavesdropping than multidirectional radio transmissions because infrared requires direct line -of-sight paths. Source: KRUTZ, Ronald L. & VINES, Russel D. , The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4: Cryptography (page 173).

Preguntas 59. What is the 802. 11 i standard related to? A. Public Key Preguntas 59. What is the 802. 11 i standard related to? A. Public Key Infrastructures (PKI) B. Wireless network communications C. Packet-switching technology D. Wireless network security Answer: D 802. 11 refers to a family of specifications developed by the IEEE for Wireless LAN technology. 802. 11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. There are several specifications in the 802. 11 family: -802. 11 i – describes security extensions for 802. 11 Source: 802. 11 Planet's web site.