CISSP Cram Sheet:
Compiled by: Jason Robinett, Ascend Solutions
Last Updated 4/10/02
This guide does not replace in any way the outstanding value of the ISC2 CISSP CBK Seminar,
nor the fact that you must have been directly involved in the security
field or one of the 10
domains of expertise for at least 3 years if you intend to take the CISSP exam. This booklet
simply intends to make your life easier and to provide you with a centralized and compiled list of
resources for this particular domain of
expertise. Instead of a list of headings, we will attempt to
give you the headings along with the information to supplement the headings.
As with any security related topic, this is a living document that will and must evolve as other
people read it and
technology evolves. Please feel free to send comments and input to be added
to this document. Any comments, typo correction, etc… are most welcome and can be sent
Telecommunications & Network Security
Telecommunications and Network Security domain encompasses the structures, transmission
methods, transport formats, and security measures used to provide integrity, availability,
authentication, and confidentiality for transmission over private and public communications
networks and media.
The candidate is expected to demonstrate an understanding of communications and network
security as it relates to voice communications; data c
ommunications in terms of local area, wide
area, and remote access; Internet/Intranet/Extranet in terms of Firewalls, Routers, and TCP/IP;
and communications security management and techniques in terms of preventive, detective and
Is the standard model for network communications (
Please Do Not
Throw Sausage Pizza Away
Layers & Characteristics
Provides specific services for applications such as file transfer
Examples: FTP, TFTP, HTTP, SNMP, SMTP
Provides data representation between systems
Examples: JPEG, GIF, MPEG, MIDI
Establishes, maintains, & manages sessions as well as synchronization of
the data flow
Examples: NFS, RPC, X Windows, AppleTalk
Examples: TCP, UDP, IPX
Switches and routes information units. Determines the best way to
Examples: IP, Routers operate at this layer
Provides transfer of units of information to other end of physica
Handles physical addressing, network topology, error notification, delivery of frames,
and flow control
Examples: Bridges and switches operate at this layer
Transmits bit stream on physical medium. Specifies the electrical,
rocedural, and functional requirements for the physical link
Communications & Network Security
Physical Media Characteristics
Refers to the medium and the technology associated with
transmission of information as light impulses along a glass
or plastic wire.
Used for Cable TV.
Ordinary copper wire that connects home and business computers
together. Two types are STP (Shielded twisted pair) and UTP (Unshielded twisted
defines the mann
er in which the network devices are organized
to facilitate communications.
All the transmissions of the network nodes travel the full length of
cable and are received by all other stations. (Picture a straight line)
ork nodes are connected by unidirectional transmission
links to form a closed group.
The nodes of a network are connected to a central device
directly, like a hub.
A BUS type topology where branches with multiple nodes are
All nodes are connected to every other node to make the
IPSEC Authentication & Confidentiality
Operates at the network layer and it enables multiple tunnels. IPSEC has the
functionality to encrypt and authentica
te IP data. It is built into IPv6. Works in two
modes, Transport and Tunnel.
TCP/IP Characteristics & Vulnerabilities
a group of computers and associated devices that share a common
communications line within a small geographical area.
A geographically dispersed network that is usually made up of smaller LANs
Remote Access/Telecommuting Techniques
Tend to use Analog and ISDN lines along with the newer cable and
connect to corporate networks. ISDN and Analog allow for the
use of “callback” as an
extra security measure.
Secure Remote Procedure Call (S
Remote Access Dial In User System
A client/server protocol that enables RAS
server to communicate with a central authentication authority. Allows t
implementation of policies.
Terminal Access Control Access System
An older protocol common to UNIX
networks that was revamped by Cisco as TACACS+ using TCP.
Network Monitors & Packet Sniffers
Examines both the source and destination addresses of the
incoming data packet and applies ACL’s to them. Operates at either the Network
or Transport layer. First generation.
Often called a Proxy Server. It works by
copy of each accepted data packet from one network to another. Second
Packets are captured by the inspection engine operating
at the network layer and then analyzed at all layers. Third generation
Makes informed decisions on the ACL’s to apply.
Very specialized architecture that provides modular kernel
layer evaluation and runs in the NT executive space. Fifth
Connected to at least two networks and make decisions on where to route
Operates at layer 2 making decisions on where to send packets to
Acts as a point of entrance into a network.
Acts as an intermediary for internal hosts to access the Internet in order to
A 2 layer program with the higher level, TCP, manages the
the message file into packets which are then transmitted over the lover layer, IP,
which manages addresses.
Network Layer Security
A developing protocol that ensures confidentiality and integrity to IP
packets using either ESP or AH to
secure the packets.
(Simple Key Management for Internet Protocols). A technology that
provides high availability in encrypted sessions. Similar to SSL, except that it
requires no prior communication in order to establish keys.
t Layer Security (SSL)
Since replaced by TLS, SSL is the commonly
used security protocol. It’s a socket layer security protocol and is two
protocol that contains the SSL record protocol and the SSL handshake protocol.
Application Layer Security
A secure method of sending email that uses the Rivest
Adleman encryption system.
Originated by Visa and
. It supports the authentication of both
the sender and the receiver and it ensures content privacy using digital
icates and signatures.
Created by the IETF to act for email in a similar fashion as IPSEC does to
An authentication mechanism where the server will send the client a key to
be used to encrypt the username and password. This allows the logo
n credentials to
be sent encrypted.
An authentication mechanism where th
e username and password are sent
clear text to the server that then compares the password to the password table
which is encrypted.
A protocol for communicating between
two computers using serial interfaces.
It uses IP to transfer the traffic but operates at layer 2.
A protocol used to allow two machines to
that have been
previously configured to do so.
Derived from SDLC. It specifies t
he data encapsulation method on
synchronous serial links using frame characters and checksums. It was created to
support both point
point and multi
High performance WAN protocol that operates at
he physical and
Designed for cost efficient data transmission. It uses a simplified
framing approach and utilizes no error correction. It uses SVCs, PVCs, and DLCIs for
Created by IBM to make connecting to mainframes easier and is similar t
layer 2. It uses a primary station to control all communications and one or more
secondary stations. It’s based on leased lines with permanent physical connections.
Integrated Services Digital Network is a combination of digital telephony and
transport services. It consists of digitization of the telephone network by
permitting voice and other digital services to be transmitted over existing wires. Two
types are BRI, basic rate, and PRI, primary rate.
The first packet
It defines point
between DTE and DCE or DSU/CSU, which support both SVCs and PVCs.
Communication Security Techniques:
Using the Internet to “tunnel” data in a fashion similar to a private line.
It often uses PPTP or the
A private network that makes use of the public networks to ensure secure
transmission of data using tunneling protocols.
Network Monitors & Packet Sniffers
Tools to analyze and capture packets as
they traverse a network.
Network Address T
The translation of Internet IP addresses to RFC
1918 IP addresses often behind a firewall.
A condition within the OS or other services that allow the user
access to a remote resource through a network without needing to know whe
is local or remote. NFS is a nice example.
Producing hash values generated from a sting of text. Often
generated using a formula that will make it difficult to create a similar hash value.
Used for data integrity.
Transmission error correction
Secure Voice Communications
Security boundaries and how to translate security policy to controls
Network Attacks & Countermeasures
for mapping IP addresses to physical machine addresses (MAC).
RARP allows them to request an IP address from the MAC address.
A trial and error method used by application programs to decode
replicating virus tha
t does not alter files, but resides in memory and
The forwarding by a router of a packet from a node to every other node
on the network.
PBX Fraud & Abuse