0% found this document useful (0 votes)

136 views128 pages

CISSP Live Session 5 Slides

CISSP class room slides

Uploaded by

lonsfair

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

136 views128 pages

CISSP Live Session 5 Slides

CISSP class room slides

Uploaded by

lonsfair

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 128

CISSP Bootcamp

Certified Information Systems Security Professional

Kelly Handerhan, Instructor, Owner, CyberTrain.it

CISSP, CCSP, CISM, CRISC, PMP, Security+, etc.
[email protected]

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification 1
prep, speciality knowledge, skill and ability training, product training and more!
ARP

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 2
Switch

• By default, switches
operate at layer 2
• Uses MAC addresses to
direct traffic
• Isolates traffic into
collision domains
• Does NOT isolate
broadcasts natively

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 4
VLANs
• Routers are expensive
• To get broadcast isolation on a
switch, a VLAN is necessary
• Not all switches support
VLANs
• A Layer 2 switch (even with a
VLAN) doesn’t truly
understand Layer 3 IP
Addressing
• A Layer 3 switch is necessary
for inter-Vlan Communication

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 5
Layer 3 Protocols
• All Protocols that start with the letter “I” except IMAP (which is a layer
7 mail protocol)
• IP
• ICMP – IP “helpers” (like ping)
• IGMP – Internet Group Message Protocol
• IGRP
• IPSEC
• IKE
• ISAKMP

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 6
ICMP

Ping Flood: Sends an

overwhelming amount
of ICMP echo request
packets

SMURF: Uses a spoofed source

address (Target) and directed
broadcasts to launch a DDos

OSI Layer 4 Transport – Provides end-to-end data transport services

and establishes a logical connection between 2 computers systems”
• The “pony express”
• Protocols used at layer 4
• SSL/TLS (Discussed in Cryptography Domain)
• TCP
• UDP

• Connection oriented “guaranteed” delivery.

• Advantages
• Easier to program with
• Truly implements a session
• Adds security
• Disadvantages
• More overhead / slower
• SYN Floods

• Connectionless
• Unreliable
• No handshaking
• Desirable when “real time” transfer is essential
• Media Streaming, Gaming, live time chat, etc
• FTP uses TCP
• TFTP uses UDP

What’s the best thing about a UDP Joke???

I don’t care if you get it or not!

OSI Layer 5 (Session) –

responsible for establishing
a connection between two
applications (either on the
same computer or two
different computers)
Dialogue control
Release connection

Present the data in a format that all computers

can understand
This is the only layer of OSI that does NOT have
any protocols.
• Concerned with encryption, compression and
formatting
• Making sure data is presented in a universal format
• File level encryption
• Removing redundancy from files (compression)

This defines a protocol (way of sending data) that two

different programs or applications understand.
• HTTP, HTTPS, FTP, TFTP, SMTP, SNMP, etc.
• Application Proxies
• Non-Repudiation
• Certificates
• Integration with Directory Services
• Time awareness.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 17
Firewalls

• Provide isolation and separation

• Create zones based on trust
• Hardware firewalls vs. software
firewalls
• Used Rule-based access control

• Layer 3 (Network Layer)

• Packet Filtering
• Screening Routers
• Inspect Layer 3 & Layer 4 Headers
• Source and Destination IP
• Source and Destination Port
• Protocol (TCP or UDP)

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 19
Firewalls and the OSI Model
• Layer 5 (Session Layer)
• Stateful Filtering
• Awareness of the initiation of the session and the state
• Can block unsolicited replies
• Can understand syntax of lower layer protocols and can block “misbehaving” traffic

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
20
Firewalls and the OSI Model
• Layer 7 (Application Layer)
• Called Application Proxies/Firewalls
• Deep Packet Inspection
• Forward Proxy inspects traffic from inside going out
• Reverse Proxy inspects traffic from outside going in
• Can inspect on content, time, application-awareness, certificates, etc.
• Specific to the application protocol

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
21
Firewalls -
⬜ Enforce network policy.
⬜ Usually firewalls are put on the perimeter of a network and
allow or deny traffic based on company or network policy.
⬜ MUST have IP forwarding turned off*
⬜ Firewalls are often used to create a DMZ.
⬜ Generally are dual/multi homed*
⬜ Types of firewalls
◼ Packet filtering
◼ State full
◼ Proxy
◼ Dynamic packet filtering

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 22
Packet filter -

⬜ Uses Access control lists (ACLs), which are rules that a

firewall applies to each packet it receives.
⬜ Not state full, just looks at the network and transport
layer packets (IP addresses, ports, and “flags”)
◼ Do not look into the application, cannot block viruses etc.
◼ Generally do not support anything advanced or custom

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 23
Packet Filter

⬜ Packet filters keep no state*

◼ Each packet is evaluated own it’s own without regard to
previous traffic
◼ Advantages
◼ Disadvantages
▫ fragments
⬜ Rule based access control
⬜ Packet filters are still used on the edge of the network
before a stateful firewall for performance reasons.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 24
Stateful firewall -
⬜ Router keeps track of a connections in a table. It knows
which conversations are active, who is involved etc.
⬜ It allows return traffic to come back where a packet filter
would have to have a specific rule to define returned traffic
⬜ More complex, and can launch DoS against by trying to fill
up all the entries in the state tables/use up memory.
⬜ If rebooted can disrupt conversation that had been
occurring.
⬜ Context dependant access control*

• Both types of Proxies hide the internal hosts/addressing

from the outside world.

• Talk about each of these on next slides

⬜ Like circuit layer proxies, but actually understand the

application/protocol they are proxing.
⬜ This allows for additional security as they can inspect the
data for protocol violations or content.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 27
Application Proxies
Advantages
◼ Application proxies understand the protocol, so they can add extra
security
◼ Can have advanced logging/auditing and access control features
▫ Ex. Restrict users to only allowed websites
▫ Ex. Inspect data for protocol violations
▫ Ex. Inspect data for malware (viri etc)
Disadvantages
◼ Extra processing requires extra CPU (slower)
◼ Proxies ONLY understand the protocols they were written to
understand. So you generally have a separate application proxy for
EACH protocol you want to proxy

Examples:
• Internet Security and Acceleration Server (MS web proxy)
• SMTP proxies
• FTP proxies

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 29
Security Zones

It is common practice in network and physical security to

group different security levels into different areas or
zones. Each zone is either more or less trusted then the
other zones. Interfaces between zones have some type
of access control to restrict movement between zones
(like biometric and guard stations) or firewalls.) In
Network security there is often a median zone between
the Internet and internal network called a DMZ.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 30
DMZ

A buffer zone between an unprotected network and a

protected network that allows for the monitoring and
regulation of traffic between the two.
• Internet accessible servers (bastion hosts) are placed in a DMZ
between the Internet and Internal network

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 31
DMZ

Screened subnet can be

implemented with multiple firewalls
or a multi-homed

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 32
NAT/PAT

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 33
NAT / PAT
• Advantages
• Allows you to use private addresses Internally, you don’t need to get
real public IP addresses for each computer
• Allows the use of RFC 1918 IP addresses
• 10.x.x.x
• 172.6.x.x-172.31.x.x
• 192.168.x.x
• Hides internal network structure
• Transparent, doesn’t require special software
• Disadvantages
• Single Point of Failure / Performance Bottleneck
• Doesn’t protect from bad content

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 34
Overall Firewall best practices
• Block un-necessary ICMP packets types.
• (Be careful though, know your environment)
• Keep ACLS simple
• Use Implicit deny*
• Disallow source routed packets*
• Use least privilege*
• Block directed IP broadcasts
• Perform ingress and egress filtering*
• Block traffic leaving the network from a non-internal address (indicates the network is possibly being
used as zombie systems ina possible DDoS attack.
• Block all traffic entering the network from an internal address (indicates a potential spoofing attack)
• Enable logging
• Drop fragments or re-assemble fragments

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 35
LAN, WAN, MAN

• LAN – local area network

• High speed
• Small physical area
• WAN – wide area network
• Used to connect LANS
• Generally slow, using serial links
• MAN – metropolitan area network
• Connect sites together within a medium range area (like a city)

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 36
Circuit Switching

◼ PSTN
◼ ISDN
◼ DSL
◼ T-carriers
Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 37
Packet Switching

X.25
Frame Relay
ATM
VOIP
MPLS
Cable
Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 38
MPLS (Multi Protocol Labeled Switching
⬜ MPLS is used to create cost effective, private Wide Area
Networks (WANs) faster and more secure than regular routed
“public” IP networks like the internet.
⬜ More secure than the public internet, because a “virtual”
private network (end-to-end circuit)can be built just for your
organization
⬜ Since it’s a private network, we don’t have to configure and
maintain traditional encryption based Virtual Private
Networking (VPN) equipment anymore, and can also avoid
the latency and delay inherent in this technology.
⬜ Provides QoS for VOIP and other high priority traffic
⬜ Purely Layer 3 technology

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 39
MPLS

• Eavesdropping (greatest threat)—Enable S/RTP

• Toll Fraud
• Vishing
• SPIT
Performance Issues
• Latency
• Jittering

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 42
Remote Access
• Dial Up • Wireless
• PPP • Encryption
• PAP, CHAP EAP • WEP, WPA, WPA
• Tunneling II
• PPTP • Authentication
• PAP, CHAP EAP • 802.1x
• MPPE
• GRE
• L2TP
• IPSEC
• IPSEC

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 43
Dial-up

⬜ PPP Point to Point Protocol: Provides Layer 2 framing

for dial-up. Needs other protocols for security
◼ Encryption: MPPE
◼ Authentication:
▫ PAP (Password Authentication Protocol): Clear Text
▫ CHAP (Challenge Handshake Authentication Protocol) Client responds
to a challenge from the server. The only way the client can answer
correctly is if the correct password had been entered.
▫ EAP (Extensible Authentication Protocol) Extends capabilities beyond
passwords (smart cards, biometrics, token devices, etc)

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 44
Tunneling

A function of VPNs - Tunnel encapsulates one protocol

within another protocol to create a virtual network.
• Can encrypts original IP headers
• Can encrypts data
• Allows for routing non routable protocols and IP
addresses
• Can provide remote/internal IP addresses

Different protocols
• PPTP
• L2TP
• IPSEC
• GRE

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 46
PPTP
Point to Point Tunneling Protocol
Based on PPP (uses MPPE for encryption and PAP, CHAP or EAP
for authentication)
• Lead by Microsoft protocol for a tunneling VPN
• Only works across IP networks
• Remote user connects to ISP, gets an Internet Address
• Establishes VPN connection to work VPN server, get’s Internal
IP address.
• Sends private IP packets encrypted within other IP packets.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 47
L2TP

Layer 2 Tunneling Protocol

• Cisco designed L2F to break free of dependence on IP networks,
but kept it proprietary.
• L2TP was a combination of L2F and PPTP
• Designed to be implemented in software solutions
• THERE IS NO SECURITY with L2TP. It MUST use IPSec to secure

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 48
Generic Routing Encapsulation (GRE)
an extra IP header to the
Point to point link between two networks. It adds
original packet. Much more frequently used in the past to encapsulate
AppleTalk, IPX and other older protocols.
•Data encapsulation – GRE tunnels encapsulate packets that allow protocols to
traverse an incompatible network. For example, to route IPv4 packets across a
network that only uses IPv6.
•Simplicity – GRE tunnels lack mechanisms related to flow-control and security
by default. This lack of features can ease the configuration process. However,
you probably don’t want to transfer data in an unencrypted form across a public
network; therefore, GRE tunnels can be supplemented by the IPSec suite of
protocols for security purposes. In addition, GRE tunnels can forward data from
non-contiguous networks through a single tunnel, which is something VPNs
cannot do.
•Multicast traffic forwarding – GRE tunnels can be used to forward multicast
traffic, whereas a VPN cannot. Because of this, multicast traffic such as
advertisements sent by routing protocols can be easily transferred between
remote sites when using a GRE tunnel.

• Unauthorized access
• sniffing
• War driving
• Unauthorized access points (Man in the middle)

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 50
Wireless Security
• Encryption • Authentication
• WEP • WPA and WPA2 Enterprise
• Shared authentication passwords Uses 802.1X authentication
• Weak IV (24 bits) to have individual passwords
• IV transmitted in clear text for individual users (RADIUS)
• RC-4 (stream cipher)
• Easily crackable
• Only option for 802.11b
• WPA
• Stronger IV
• Introduced TKIP
• Still used RC-4
• WPA2
• AES
• CCMP
• NOT backwards compatible

• Bluetooth Modes
• Discovery Mode
• Automatic Pairing
Blue jacking
Sending SPAM to nearby bluetooth devices
Blue Snarfing
Copies information off of remote devices
Blue bugging
More serious
Allows full use of phone
Allows one to make calls
Can eavesdrop on calls
Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 52
Telecommunications and Network Security
Review

• OSI Reference Model

• Network Protocols
• Network Connectivity Devices
• Threats to Network Security
• Firewalls
• WAN Technology
• Wireless Communications

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 53
Domain 5

Identity and Access

Management

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
Domain 5 AgIdentity and Access Management
• Identification
• Identity Proofing
• Account Provisioning/Deprovisioning
• Authentication
• Kerberos
• RADIUS
• IAM in the Cloud
• Authorization
• Access Control Models: DAC, MAC, RBAC, RuBAC, ABAC
• Auditing/Accountability

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
Identity and Access Management
• (IAM) Identity and Access Management is the set of processes, procedures,
tools, and technology necessary to oversee and manage digital identities.
• The goal of IAM is to provide secure and auditable access to the digital
resources within an organization
• Revolves around the effective management of the IAAA
• Identification
• Authentication
• Authorization
• Auditing

• Identity Management
• Controls the life cycle for all accounts in a system
• Access Management
• Controls the assignment of rights/privileges to those accounts
• Per ISC2, Identity and Access Management solutions
“focus on harmonizing the provisioning of users and
managing their access across multiple systems with
different native access control systems”.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 57
Access Controls Objectives
• IAAA
• Identification
• Authentication
• Type I (Knowledge)
• Type II (Possession)
• Type III (Biometrics)
• Aurthorization
• Accounting
• Single Sign On
• Access Control Models
• Access Control Methods
• Access Control Administration
• Data Emanation

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 58
Access
Access is the data flow between an subject and an
object.
• Subject is active--a person, process or program
• Object is passive--a resource (file, printer etc)
• Access controls should support the CIA triad and
regulate what a subject can do with an object
Access controls are security mechanisms that control how
subjects can interact with objects.
Controls should be layered and provide both proactive and
reactive protection.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 59
Access Controls

Access controls are security features that control how

people can interact with systems, and resources.
• Logical
• Physical
• Administrative

The components of Access Control that we are about to

discuss are:
• Identification:
• Make a claim (userid etc)
• Authentication:
• Provide support (proof) for your claim
• Authorization:
• What rights and permissions you have
• Auditing:
• Accountability—matching actions to subjects

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 61
Identification

• Public Information (usually we aren’t concerned with protecting identities)

• Identification must be unique for accountability
• Standard naming schemes should be used
• Identifier should not indicate extra information about user (like job position)
• User ID
• Account Number
• RFID
• IP or MAC address

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 62
Authentication

Proving your identity

• Type 1: Something you know
• Type 2: Something you have
• Type 3: Something you are

• Passwords/Passphrases/Cognitive Password
• Best practices
• No less than 8 characters
• Change on a regular basis
• Enforce password history
• Consider brute force and dictionary attacks
• Ease of cracking cognitive passwords
• Graphic Image
• Enable clipping levels and respond accordingly

• Token Devices
• Smart Card
• Memory Card
• Hardware Key
• Cryptographic Key
• Certificate
• Cookies

Password that is used only once then no longer valid

• One time password reduces vulnerability associated with
sniffing passwords.
• Simple device to implement
• Can be costly
• Users can lose or damage
• Two Types: Synchronous/Asynchronous

•Rely upon synchronizing with

authentication server.
Frequently time based, but could be
event based
•If damaged, or battery fails, must be re-
synchronized
•Authentication server knows what
“password” to expect based on time or
event.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 67
Asynchronous Token Devices
Asynchronous/ Challenge Response
⬜ User logs in
⬜ Authentication returns a challenge to
the user
⬜ User types challenge string into token
device and presses enter.
⬜ Token devices returns a reply
⬜ Only that specific user’s token device
could respond with the expected reply.
⬜ More Complex than synchronous
⬜ May provide better protection against
sniffing

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 68
Memory Cards

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 69
Memory Cards

• Holds information, does NOT process

• A memory card holds authentication info, usually you’ll
want to pair this with a PIN… WHY?
• A credit card or ATM card is a type of memory card, so is
a key/swipe card
• Usually insecure, easily copied.*

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 70
Smart Card

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 71
Smart Card
• More secure than memory cards
• Can actually process information
• Includes a microprocessor
• Often integrated with PKI
• Two types
• Contact
• Contactless

There are attacks against smart cards

1. Fault generation – manipulate environmental controls and
measure errors in order to reverse engineer logic
2. Side Channel Attacks – Measure the cards while they work
◼ Differential power analysis – measure power emissions
◼ Electromagnetic analysis – example frequencies emitted
3. Micro probing - using needles to vibrations to remove the
outer protection on the cards circuits. Then tap into ROMS
if possible or “die” ROMS to read data.

• Biometrics
• Static: Should not significantly change over time. Bound to a
user’s physiological traits
• Fingerprint, hand geometry, iris, retina, etc
• Dynamic: Based on behavioral traits
• Voice, gait, signature, keyboard cadence, etc
• Even though these can be modified temporarily, they are very
difficult to modify for any significant length of time.

⬜ Accuracy
◼ Type I Error: False Rejection--A legitimate user is barred from access. Is
caused when a system identifies too much information. This causes
excessive overhead.
◼ Type II Error: False Acceptance—An impostor is allowed access. This is a
security threat and comes when a system doesn’t evaluate enough
information
◼ As FRR goes down, FAR goes up and vice versa
◼ The level at which the two meet is called CER (Crossover Error Rate).
The lower the number, the more accurate the system
◼ Iris Scans are the most accurate

• User Acceptance
• Many users feel biometrics are intrusive
• Retina scans can reveal health care information
• Time for enrollment and verification can make user’s
resistant
• Cost/benefit analysis
• No way to revoke biometrics

• Cost
• Biometric systems can be very costly and require
unwieldy technology
• Though costs are coming down for means like fingerprint
recognition, other technologies still remain prohibitive

Strong Authentication is the combination of 2 or more of

these and is encouraged!
◼ Strong Authentication provides a higher level of assurance*
◼ Strong Authentication is also called multi-factor authentication*
◼ Watch out! Most people want to choose biometrics as the best
authentication, but any one source can be compromised.
Always look for more than one type!
◼ Mutual Authentication is beneficial

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 79
Authorization

The concept of ensuring that someone who is

authenticated is allowed access to a resource.
• Authorization is a preventative control
• Race conditions would try to cause authorization to happen
before authentication

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 80
Auditing

Logging and reviewing accesses to objects.

• What is the purpose of auditing?
• Auditing is a detective control

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 81
Authorization

Now that I proved I am who I say I am, what can I do?

• Both OSes and Applications can provide this functionality.
• Authorization can be provided based on user, groups, roles,
rules, physical location, time of day (temporal isolation)* or
transaction type (example a teller may be able to withdrawal
small amounts, but require manager for large withdrawals)

• Default NO access (implicit deny)* - Unless a subject is

explicitly given access to an object, then they are
implicitly denied access.
• Principle of Least Privelege
• Need to know
• Content-based

As a subject stays in an environment over time, their

permissions accumulate even after they are no longer
needed.

• Auditing authorization can help mitigate this. SOX requires

yearly auditing.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 84
Single Sign On

As environments get larger and more complex it becomes

harder and harder to manage users accounts securely.
• Multiple users to create/disable
• Passwords to remember, leads to passwords security issues
• Reduces user frustration as well as IT frustration!
• Wastes your IT budget trying to manage disparate accounts.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 85
Single Sign On

Single sign on systems try to mitigate this problem. Some

SSO systems are.
• Kerberos
• LDAP
• Sesame
• KryptoKnight

• Pros
• Ease of use for end users
• Centralized Control
• Ease of administration
• Cons
• Single point of failure
• Standards necessary
• Keys to the kingdom

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 87
SSO technologies

• Kerberos
• SESAME
• LDAP
• Microsoft Active Directory*

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 88
Kerberos

⬜ A network authentication protocol designed from MITs project

Athena. Kerberos tries to ensure authentication security in an
insecure environment
⬜ Used in Windows2000+ and some Unix
⬜ Allows for single sign on
⬜ Never transfers passwords
⬜ Uses Symmetric encryption to verify Identifications
⬜ Avoids replay attacks

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 89
Kerberos Components
• Essential Components:
• AS (Authentication Server): Allows authentication of the user and issues a TGT
• TGS: After receiving the TGT from the user, the TGS issues a ticket for a particular user to access
a particular service
KDC (Key Distribution Center) a system which runs the TGS (Ticket Granting Service) and the AS
(Authentication Service)
• Ticket: Means of distributing Session Key
• Principles (users, applications, services)
• Kerberos Software (integrated into most Operating Systems. MS Windows 2000 and up support
Kerberos)
• Main Goal: User needs to authenticate himself/herself without sending passwords across the
network—needs to prove he/she knows the password without actually sending it across the
wire.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 90
The Carnival

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 92
Kerberos Concerns

• Computers must have clocks synchronized within 5

minutes of each other
• Tickets are stored on the workstation. If the workstation
is compromised your identity can be forged.
• If your KDC is hacked, security is lost
• A single KDC is a single point of failure and performance
bottleneck
• Still vulnerable to password guessing attacks

• XML: Universal format for storing information

• SPML/SCIM: XML based format for exchanging user and
resource information and controlling provisioning
• SAML/OpenID: provides an XML-based framework for
exchanging security-related information over
networks

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 94
Identity Management: Provisioning/Deprovisioning
• Traditionally, different cloud vendors used non-standard provisioning APIs
• Enterprises to develop and maintain proprietary connectors to integrate with
multiple SaaS providers
• Alternatively, Provisioning can be managed easier through
• Service Provisioning Markup Language (SPML)
• Older, seldom implemented due to the inflexibility and lack of vendor support
• System for Cross-domain Identity Management…or…Simple Cloud Identity
Management (SCIM)
• Defines a Schema and an API for managing identities
• System for Cross-domain Identity Management (SCIM) is an open standard for automating
the exchange of user identity information between identity domains, or IT systems.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
96

Traditional Identity Management

Exclusive to Cybrary for Business customers andCloud

Certified Cybrary Insider
Security Pros. Live online certification
Professional
prep, speciality knowledge, skill and ability training, product training and more!
97

Identity and Access Management

Provisioning Identities Authentication Authorization

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
98

Identity

Exclusive to Cybrary for Business customers andCloud

Certified Cybrary Insider
Security Pros. Live online certification
Professional
prep, speciality knowledge, skill and ability training, product training and more!
Identity Management Provisioning with Custom APIs

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 99
100

Deprovisioning

Accounts need to be revoked,

but how?

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
101

Instead….

As a company on-boards and off-boards employees, they are added and

removed from the company's electronic employee directory. As long as the
service provider supports the SCIM standard, SCIM Could then be used to
automatically add/delete (or, provision/de-provision) accounts for those
users in external systems such as Google Apps for Work, Office 365, or
Salesforce.com. Then, a new user account would exist in the external systems
for each new employee, and the user accounts for former employees would
be removed from those systems

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
102

Proprietary APIs, SPML and SCIM

SPML

Exclusive to Cybrary for Business customers andCloud

Certified Cybrary Insider
Security Pros. Live online certification
Professional
prep, speciality knowledge, skill and ability training, product training and more!
103

SAML (Security Assertion Markup Language)

• For SSO with web applications, SAML works using set of browser redirects and
message exchanges.
1. User tries to access web application, the application redirects user to identity
provider.
2. User authenticates himself
3. Identity provider issues a claims token and redirects user back to the
application.
4. Application then validates the token (trust needs to established out of band
between application and IdP), authorizes user access by asserting claims, and
allows user to access protected resources.
5. The token is then stored in the session cookie of user browser, ensuring the
process doesn’t have be repeated for every access request
Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
SAML Assertions

1. Student Registers at School

2. Student goes to library to receive his books
3. Library directs student to the student center
to pick up his Student ID badge
4. Student Center has access to the same
database as the university, so they verify the
identity of the student and give him his
student id badge
5. Student Provides the library his Student ID
Number and badge and requests his books.
6. Library accepts the school ID as proof of
authenticity and provides student his books

104

Exclusive to Cybrary for BusinessCertified Cloud

customers Security
and Professional
Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
105

Exclusive to Cybrary for Business customers andCloud

Certified Cybrary Insider
Security Pros. Live online certification
Professional
prep, speciality knowledge, skill and ability training, product training and more!
OpenID Connect
• Open standard for authentication, promoted by the non-profit OpenID
Foundation
• As of March 2016, there are over a billion OpenID-enabled accounts on the
internet, and organizations such as Google, WordPress, Yahoo, and PayPal use
OpenId to authenticate users
• A user must obtain an OpenID account through an OpenID identity provider
(for example, Google). The user will then use that account to sign into any
website (the relying party) that accepts OpenID authentication
• OpenID standard provides a framework for the communication that must
take place between the identity provider and the relying party.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
OpenID Connect
Alice is a Canadian citizen who wants to visit
the US.
• At the border, the US asks for proof of
identity (her passport).
• Because the US government trusts the
Canadian government to accurately
provide identification for its citizens, the
US accepts Alice’s Canadian passport as
reliable proof of her identity
• Alice is allowed entry into the US, In this
example, Alice is the end user, the US is
the (RP) Relying party, and Canada is the
(OP) OpenID Provider.
Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
108

Exclusive to Cybrary for Business customers andCloud

Certified Cybrary Insider
Security Pros. Live online certification
Professional
prep, speciality knowledge, skill and ability training, product training and more!
Authorization: OAUTH 2.0
• OAuth (Open Standard for Authorization) has different intent
• Not designed for SSO
• Provides delegation of rights to applications
• In simplest terms, it means giving your access to someone you trust, so that they can perform the
job on your behalf. E.g. updating status across Facebook, Twitter, Instagram, etc. with a single
click.
• Could go to the sites manually, but easier to delegate access to an app that connect the above
platforms
• Authenticate yourself to Facebook, Facebook provides a consent page stating you are about give
this app rights to update status on your behalf. If you agree, the app gets an opaque access token
from Facebook, app stores that access token, send the status update with access token to
Facebook
• Facebook validates the access token (easy in this case as the token was issued by Facebook itself),
and updates your status.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more!
Oauth 2.0
• OAuth refers to the parties involved as Client, Resource Owner
(end-user), Resource Server, and Authorization Server.
• In our Facebook example, Client is the application trying to do
work on your behalf.
• Resource owner is you (you own the Facebook account),
• Resource Server is the Facebook (holding your account),
• Authorization Server is also Facebook (in our case Facebook
issues the access token using which client can update status on
Facebook account).
• It perfectly ok for Resource Server and Authorization Server to
be managed by separate entities, it just means more work to
establish common ground for protocols and token formats

A framework that dictates how subjects access objects.

⬜ Uses access control technologies and security
mechanisms to enforce the rules
⬜ Supported by Access Control Technologies
⬜ Business goals and culture of the organization will
prescribe which model is used
⬜ Every OS has a security kernel/reference monitor (talk
about in another Domain) that enforces the access
control model.

The models we are about to discuss are

• From the TCSEC(Trusted Computer System Evaluation
Criteria—Orange Book)
• DAC (Discretionnary Access Control)
• MAC (Mandatory Access Control)
• Other Models
• RBAC (Role Based Access Control)
• ABAC (Attribute Based Access Control)
• RuBAC (Rule Based Access Control)

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 112
DAC

Discretionary Access Control

• Security of an object is at the owner’s discretion
• Access is granted through anACL (Access Control
List)
• Commonly implemented in commercial products
and all client based systems
• Identity Based

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 113
MAC
MAC is used where classification and confidentiality is of utmost
importance… military.
• Generally you have to buy a specific MAC system, DAC systems
don’t do MAC
• SELinux
• Trusted Solaris (now called Solaris with Trusted Extensions)
• All objects in a MAC system have a security label*
• Security labels can be defined the organization.
• They also have categories to support “need to know” at a certain
level.
• Categories can be defined by the organization

• Permissions or privilege granted based on attributes of the subject. Attributes can

be
• Location
• Role
• Tenure
• Any other attribute of the subject or object
Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 116
Enforcing Access Control

We will talk more in depth of each in the next few slides.

• Constrained User Interfaces
• Access Control Matrix
• Access Control Lists
• Content-Dependant Access Control
• Context-Dependant Access Control

Restrict user access by not allowing them see certain data or have
certain functionality (see slides)
• Views – only allow access to certain data (canned interfaces)
• Restricted shell – like a real shell but only with certain commands.
(like Cisco's non-enable mode)
• Menu – similar but more “GUI”
• Physically constrained interface – show only certain keys on a
keypad/touch screen. – like an ATM. (a modern type of menu)
Difference is you are physically constrained from accessing them.

Context: How and Why is it being accessed? The asset isn’t the driver
for decisions but things like time, location, type of connection, etc

• Centralization:
• Greater Consistency
• Ease of Administration
• Greater Control
• Usually considered more secure
• Decentralization
• Granularity
• Flexibility

• A centralized place for configuring and managing access

control
• All the ones we will talk about (next) are “AAA” protocols
• Authentication
• Authorization
• Auditing
• Radius
• TACACS, TACACS+
• Diameter

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 122
Centralized Authentication for Remote Clients:
802.1x
802.1X is a security feature that provides a means to authenticate devices before
they can access network resources.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 123
RADIUS, DIAMETER, TACACS
RADIUS
• Designed for dial-up, but extensions are available to allow additional
functionality as needed
• RADIUS encrypts only the password in the access-request packet,
from the client to the server.
• RADIUS uses UDP
TACACS+
• Provides same services
• Developed by Cisco
• Separates roles of AAA
• USES TCP
DIAMETER
• DIAMETER is a protocol designed as the next generation RADIUS
• RADIUS is limited to authenticating users via SLIP and
• PPP dial-up modem connections

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 124
TACACS+

• Provides the same functionality of Radius

• TACACS+ can support one time passwords
• Encrypts ALL traffic data
• TACACS+ separates each AAA function.
• For example can use an AD for authentication, and an
SQL server for accounting.
• Uses TCP

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 125
Diameter

• Supposed to be the next generation of RADIUS

(Diameter is TWICE the RADIUS)
• Includes better message transport, proxying, session
control, and higher security for AAA transactions
• Provides encryption for the communication, not just
the password
• Never gained the application support RADIUS did
• USES UDP

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 126
Emanation Security
• All electronic devices emit radiation. TEMPEST was a
study t o determine if anything meaningful could be
learned. YES!
• Tempest then became a standard to develop
countermeasures to protect against this.
• Faraday cage – a metal mesh cage around an object, it negates a
lot of electrical/magnetic fields.
• White Noise – a device that emits radio frequencies designed to
disguise meaningful transmission.
• Control Zones – protect sensitive devices in special areas with
special walls etc.

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 127
Access Controls Review
• IAAA
• Identification
• Authentication
• Type I (Knowledge)
• Type II (Possession)
• Type III (Biometrics)
• Single Sign On
• Access Control Models
• Access Control Methods
• Access Control Administration
• Data Emanation

Exclusive to Cybrary for Business customers and Cybrary Insider Pros. Live online certification
prep, speciality knowledge, skill and ability training, product training and more! 128

DG Fortisiem Reference Architecture
No ratings yet
DG Fortisiem Reference Architecture
26 pages
Cissp
No ratings yet
Cissp
8 pages
Asus Tuf B450m-Pro Gaming Rev1.03
No ratings yet
Asus Tuf B450m-Pro Gaming Rev1.03
117 pages
SSCP Practice Quiz
0% (1)
SSCP Practice Quiz
3 pages
Paginas Cryptos
0% (1)
Paginas Cryptos
4 pages
SIP Pocket Guide PDF
No ratings yet
SIP Pocket Guide PDF
60 pages
Week 2 CISSP Study Group
No ratings yet
Week 2 CISSP Study Group
75 pages
JrqpOQnGQD2xE6jIJAZV - 2024 CISSP Mentor Program - Class 5
No ratings yet
JrqpOQnGQD2xE6jIJAZV - 2024 CISSP Mentor Program - Class 5
123 pages
Certified Information Systems Security Professional (CISSP)
No ratings yet
Certified Information Systems Security Professional (CISSP)
28 pages
Cissp Domain 8 - Software Development Security
No ratings yet
Cissp Domain 8 - Software Development Security
77 pages
Cissp Domain 7
No ratings yet
Cissp Domain 7
59 pages
Eleventh H Cissp Abstract
No ratings yet
Eleventh H Cissp Abstract
8 pages
Sans mgt414 1 Course Book
No ratings yet
Sans mgt414 1 Course Book
147 pages
Full Mind Map
No ratings yet
Full Mind Map
32 pages
SSCP S
100% (1)
SSCP S
19 pages
2023 FRSecure CISSP Mentor Program - Class Two
No ratings yet
2023 FRSecure CISSP Mentor Program - Class Two
222 pages
Cloud Security Lecture 3
No ratings yet
Cloud Security Lecture 3
37 pages
Session 1 - 2024 FRSecure CISSP Mentor Program
No ratings yet
Session 1 - 2024 FRSecure CISSP Mentor Program
166 pages
Domain 3 - Crypto Definitions
No ratings yet
Domain 3 - Crypto Definitions
5 pages
CISSP Study Guide On Cryptography
No ratings yet
CISSP Study Guide On Cryptography
48 pages
CCSP CBK Domain 3
No ratings yet
CCSP CBK Domain 3
84 pages
Domain 1 Questions
No ratings yet
Domain 1 Questions
8 pages
GISPP - ISACA CRISC - Ch1-Identification
100% (1)
GISPP - ISACA CRISC - Ch1-Identification
56 pages
Cissp Domain 4
No ratings yet
Cissp Domain 4
111 pages
CISSP Certified - Outline
100% (2)
CISSP Certified - Outline
76 pages
0YgDVEpBQwy46ztPbVIB - 2024 FRSecure CISSP Mentor Program - Class 7 Domain 4 Pt2
No ratings yet
0YgDVEpBQwy46ztPbVIB - 2024 FRSecure CISSP Mentor Program - Class 7 Domain 4 Pt2
128 pages
Session 2 - 2024 FRSecure CISSP Mentor Program
No ratings yet
Session 2 - 2024 FRSecure CISSP Mentor Program
117 pages
IBM QRadar SIEM V7.3.2 Deployment C1000-055 Dumps
No ratings yet
IBM QRadar SIEM V7.3.2 Deployment C1000-055 Dumps
11 pages
CPE Handbook 2023
No ratings yet
CPE Handbook 2023
17 pages
SSCP
No ratings yet
SSCP
24 pages
Cyber Security
No ratings yet
Cyber Security
11 pages
Isc2 Cissp 1 16 1 Security and Risk Management Key Points
No ratings yet
Isc2 Cissp 1 16 1 Security and Risk Management Key Points
3 pages
CISSP Domain 2 v2 Complete
0% (1)
CISSP Domain 2 v2 Complete
29 pages
(Exam Outline) : Effective Date 1 January 2012
No ratings yet
(Exam Outline) : Effective Date 1 January 2012
43 pages
Iftekhar Alam, CISSP, CCSP - LinkedIn
No ratings yet
Iftekhar Alam, CISSP, CCSP - LinkedIn
6 pages
Domain 1
No ratings yet
Domain 1
94 pages
Cissp Guide Steps 2
No ratings yet
Cissp Guide Steps 2
4 pages
Ccs K Study Guide
No ratings yet
Ccs K Study Guide
35 pages
Isc2 Cissp 1 3 1 Evaluate and Apply Security Governance Principles
No ratings yet
Isc2 Cissp 1 3 1 Evaluate and Apply Security Governance Principles
4 pages
CISSP Session 01 PDF
100% (1)
CISSP Session 01 PDF
93 pages
Thales Luna Network 7 HSM PB v35
No ratings yet
Thales Luna Network 7 HSM PB v35
3 pages
CISSP Study Guide by Thor Teaches
No ratings yet
CISSP Study Guide by Thor Teaches
284 pages
CISSP Cornell Notes - Domain 6
No ratings yet
CISSP Cornell Notes - Domain 6
47 pages
Gghy5tyRkiJWps2QB2xQ - 2024 FRSecure CISSP Mentor Program - Class 10
No ratings yet
Gghy5tyRkiJWps2QB2xQ - 2024 FRSecure CISSP Mentor Program - Class 10
146 pages
CCSP Syllabus
No ratings yet
CCSP Syllabus
2 pages
Multi-Factor Authentication With ISE
No ratings yet
Multi-Factor Authentication With ISE
4 pages
Certification Study Guide - CC by Kevin Henry
No ratings yet
Certification Study Guide - CC by Kevin Henry
37 pages
CISSP PROCESS GUIDE Useful
No ratings yet
CISSP PROCESS GUIDE Useful
91 pages
CCSP Master Notes
No ratings yet
CCSP Master Notes
40 pages
CISSP Vocabulary
No ratings yet
CISSP Vocabulary
4 pages
CISSP - Domain 1 Part 1
No ratings yet
CISSP - Domain 1 Part 1
21 pages
CISSP Exam Dumps
No ratings yet
CISSP Exam Dumps
12 pages
CCSP Certified Cloud Security Professional PDF
No ratings yet
CCSP Certified Cloud Security Professional PDF
12 pages
CISSP - Domain 2 - Asset Security
100% (1)
CISSP - Domain 2 - Asset Security
15 pages
CISSP For Dummies 300 Questions
No ratings yet
CISSP For Dummies 300 Questions
16 pages
Exam Cissp: Physical Security Principles & Controls
No ratings yet
Exam Cissp: Physical Security Principles & Controls
34 pages
Ultimate Guide SSCP
No ratings yet
Ultimate Guide SSCP
8 pages
ISC Pre Course Assessment
No ratings yet
ISC Pre Course Assessment
42 pages
Week 1
No ratings yet
Week 1
149 pages
Networking Interview Questions
No ratings yet
Networking Interview Questions
4 pages
Web Gateway 8.0.x Product Guide
No ratings yet
Web Gateway 8.0.x Product Guide
366 pages
Cisco Catalyst 6500 Series Switch: Data Sheet
No ratings yet
Cisco Catalyst 6500 Series Switch: Data Sheet
29 pages
PDS Ge-Srtp
No ratings yet
PDS Ge-Srtp
2 pages
配置文件 yaml
No ratings yet
配置文件 yaml
28 pages
Logcat
No ratings yet
Logcat
263 pages
Network+ Book Arabic
No ratings yet
Network+ Book Arabic
652 pages
How To Fix DNS Server Not Responding Problem - Wikihow
No ratings yet
How To Fix DNS Server Not Responding Problem - Wikihow
7 pages
TCP/IP Suite Error and Control Messages
No ratings yet
TCP/IP Suite Error and Control Messages
28 pages
Fanuc 0id Ethernet Settings
No ratings yet
Fanuc 0id Ethernet Settings
44 pages
How To Configure ISP Redundancy
No ratings yet
How To Configure ISP Redundancy
19 pages
Subnetting: Basics (Using Packet Tracer)
No ratings yet
Subnetting: Basics (Using Packet Tracer)
28 pages
Jurnal Sistem Keamanan Jaringan Komputer Menggunakan Metode Watchguard Firebox Pada PT Guna Karya Indonesia
No ratings yet
Jurnal Sistem Keamanan Jaringan Komputer Menggunakan Metode Watchguard Firebox Pada PT Guna Karya Indonesia
17 pages
Secure Socket Layer & Transport Layer Scurity
No ratings yet
Secure Socket Layer & Transport Layer Scurity
21 pages
0507 1-Network Card-MS QS
No ratings yet
0507 1-Network Card-MS QS
26 pages
Written Assignment Unit 7
No ratings yet
Written Assignment Unit 7
4 pages
Zerotier Openwrt
No ratings yet
Zerotier Openwrt
6 pages
SIP On Phones and OXE
No ratings yet
SIP On Phones and OXE
4 pages
Enable SSH in Cisco
No ratings yet
Enable SSH in Cisco
3 pages
Network Layer: Address Mapping, Error Reporting, and Multicasting
No ratings yet
Network Layer: Address Mapping, Error Reporting, and Multicasting
4 pages
Data Exfiltration Methodology
No ratings yet
Data Exfiltration Methodology
6 pages
Instruction Connecting Exigo C200 and Exigo H400 (28643 - 3)
No ratings yet
Instruction Connecting Exigo C200 and Exigo H400 (28643 - 3)
6 pages
Are You Under A DoS or DDoS Attack - Find Out With Netstat !
No ratings yet
Are You Under A DoS or DDoS Attack - Find Out With Netstat !
4 pages
Networking Resume
No ratings yet
Networking Resume
3 pages
24.0.0 Application Guide
No ratings yet
24.0.0 Application Guide
850 pages
Ipv PDF
No ratings yet
Ipv PDF
48 pages
EMEA en TAC FY25 - Enhance Network Visibility With Cisco Catalyst Center Assurance PDF
No ratings yet
EMEA en TAC FY25 - Enhance Network Visibility With Cisco Catalyst Center Assurance PDF
85 pages