2 cissp ® Official Study Guide Eighth Edition

Summary 
569
Going Phishing?
Hyperlink spoofing is not limited to just DNS attacks. In fact, any attack that attempts 
to misdirect legitimate users to malicious websites through the abuse of URLs or 
hyperlinks could be considered hyperlink spoofing. Spoofing is falsifying information, 
which includes falsifying the relationship between a URL and its trusted and original 
destination.
Phishing is another attack that commonly involves hyperlink spoofing. The term means 
fishing for information. Phishing attacks can take many forms, including the use of false 
URLs.
Be wary of any URL or hyperlink in an email, PDF file, or productivity document. If you 
want to visit a site offered as such, go to your web browser and manually type in the 
address, use your own preexisting URL bookmark, or use a trusted search engine to 
find the site. These methods do involve more work on your part, but they will establish 
a pattern of safe behavior that will serve you well. There are too many attackers in the 
world to be casual or lazy about following proffered links and URLs.
An attack related to phishing is 
pretexting
, which is the practice of obtaining your 
personal information under false pretenses. Pretexting is often used to obtain personal 
identity details that are then sold to others who actually perform the abuse of your credit 
and reputation.
Protections against hyperlink spoofing include the same precautions used against DNS 
spoofing as well as keeping your system patched and using the internet with caution.
Summary
Remote access security management requires security system designers to address the hard-
ware and software components of the implementation along with policy issues, work task 
issues, and encryption issues. This includes deployment of secure communication protocols. 
Secure authentication for both local and remote connections is an important foundational 
element of overall security.
Maintaining control over communication pathways is essential to supporting confiden-
tiality, integrity, and availability for network, voice, and other forms of communication. 
Numerous attacks are focused on intercepting, blocking, or otherwise interfering with the 
transfer of data from one location to another. Fortunately, there are also reasonable coun-
termeasures to reduce or even eliminate many of these threats.

570
Chapter 12 
■
Secure Communications and Network Attacks
Tunneling, or encapsulation, is a means by which messages in one protocol can be trans-
ported over another network or communications system using a second protocol. Tunneling 
can be combined with encryption to provide security for the transmitted message. VPNs 
are based on encrypted tunneling.
A VLAN is a hardware-imposed network segmentation created by switches. VLANs are 
used to logically segment a network without altering its physical topology. VLANs are used 
for traffic management.
Telecommuting, or remote connectivity, has become a common feature of business com-
puting. When remote access capabilities are deployed in any environment, security must be 
considered and implemented to provide protection for your private network against remote 
access complications. Remote access users should be stringently authenticated before being 
granted access; this can include the use of RADIUS or TACACS+. Remote access services 
include Voice over IP (VoIP), application streaming, VDI, multimedia collaboration, and 
instant messaging.
NAT is used to hide the internal structure of a private network as well as to enable 
multiple internal clients to gain internet access through a few public IP addresses. NAT is 
often a native feature of border security devices, such as firewalls, routers, gateways, and 
proxies.
In circuit switching, a dedicated physical pathway is created between the two commu-
nicating parties. Packet switching occurs when the message or communication is broken 
up into small segments (usually fixed-length packets, depending on the protocols and tech-
nologies employed) and sent across the intermediary networks to the destination. Within 
packet-switching systems are two types of communication: paths and virtual circuits. 
A virtual circuit is a logical pathway or circuit created over a packet-switched network 
between two specific endpoints. There are two types of virtual circuits: permanent virtual 
circuits (PVCs) and switched virtual circuits (SVCs).
WAN links, or long-distance connection technologies, can be divided into two primary 
categories: dedicated and nondedicated lines. A dedicated line connects two specific end-
points and only those two endpoints. A nondedicated line is one that requires a connection 
to be established before data transmission can occur. A nondedicated line can be used to 
connect with any remote system that uses the same type of nondedicated line. WAN con-
nection technologies include X.25, Frame Relay, ATM, SMDS, SDLC, HDLC, SDH, and 
SONET.
When selecting or deploying security controls for network communications, you need to 
evaluate numerous characteristics in light of your circumstances, capabilities, and security 
policy. Security controls should be transparent to users. Hash totals and CRC checks can 
be used to verify message integrity. Record sequences are used to ensure sequence integrity 
of a transmission. Transmission logging helps detect communication abuses.
Virtualization technology is used to host one or more operating systems within the 
memory of a single host computer. This mechanism allows virtually any OS to operate on 
any hardware. It also allows multiple operating systems to work simultaneously on the 
same hardware. Virtualization offers several benefits, such as being able to launch indi-
vidual instances of servers or services as needed, real-time scalability, and being able to run 
the exact OS version needed for the application.

Exam Essentials 
571
Internet-based email is insecure unless you take steps to secure it. To secure email, you 
should provide for nonrepudiation, restrict access to authorized users, make sure integrity 
is maintained, authenticate the message source, verify delivery, and even classify sensitive 
content. These issues must be addressed in a security policy before they can be implemented 
in a solution. They often take the form of acceptable use policies, access controls, privacy 
declarations, email management procedures, and backup and retention policies.
Email is a common delivery mechanism for malicious code. Filtering attachments, using 
antivirus software, and educating users are effective countermeasures against that kind of 
attack. Email spamming or flooding is a form of denial of service that can be deterred through 
filters and IDSs. Email security can be improved using S/MIME, MOSS, PEM, and PGP.
Fax and voice security can be improved by using encryption to protect the transmission 
of documents and prevent eavesdropping. Training users effectively is a useful countermea-
sure against social engineering attacks.
A security boundary can be the division between one secured area and another secured 
area, or it can be the division between a secured area and an unsecured area. Both must be 
addressed in a security policy.
Communication systems are vulnerable to many attacks, including distributed denial of 
service (DDoS), eavesdropping, impersonation, replay, modification, spoofing, and ARP 
and DNS attacks. Fortunately, effective countermeasures exist for each of these. PBX fraud 
and abuse and phone phreaking are problems that must also be addressed.
Exam Essentials

Download 19,3 Mb.

Do'stlaringiz bilan baham: