Secure Communication Channels
This section focuses on securing data in motion. Such as voice, e-mail, web, fax, remote access and virtualized networks. One of the important topics in CISSP course is secure communication channels. So, in this part of this tutorial, we’ll take a look at secure communication to help you understand the different aspects of secure communication channels.
Today, voice protocols such as SIP have become common on LAN and WAN networks. This protocol is especially used on internet by software such as Skype. Example of the use of this protocol in LAN and WAN networks today include microsoft team. This protocol introduced additional management, either by using dedicated voice VLANs on networks or by establishing the quality of service (QoS) levels.
The world of voice technology is a very big world, and we don’t want to talk about how to implement and configure it, but Types of attacks on voice communications systems include:
Toll fraud: such as spam over instant messaging (SPIM), number harvesting, spam over Internet telephony (SPIT), voice over misconfigured Internet telephones (VOMIT), and call hijacking.
Identify fraud: such as caller ID spoofing, eavesdropping, and vishing.
Eavesdropping: whereby an attacker uses techniques to intercept and monitor communications messages.
Denial of service (DoS): such as DDoS attacks and telephony denial of service (TDoS) attacks.
There are varieties of new technologies that for collaboration with colleagues. Examples:
- Remote Meeting Technology: It is a new technology that allows users to conduct online meetings via Internet. Some of the popular software for this technology are: Microsoft team, Skype, WebEx, and Zoom. Many of these solutions can tunnel through outbound SSL or TLS traffic, which can often pass via firewalls and any web proxies. Security issues associated with remote meeting software include downloading and installing potentially vulnerable add-on components or other required software. Other security issues arise from the capabilities inherent to remote meeting software, such as remote desktop control, file sharing, sound, and video. So it is very important that an unauthorized user cannot attend these meetings.
- Instant Messaging (IM): It allows two or more users to communicate with each other via real-time “chat.” Chat may be one-to-one or many-to-many, as in chat groups. Modern instant messaging softwares also allows file sharing and sometimes audio and video conferencing. The file sharing capability of chat software may allow users to violate security policy by distributing sensitive documents (like files, audio and video).In fact, IM has long been a favorite attack vector for cybercriminals, and it is no more secure than any other communication method. Especially that communications can be intercepted.
Today, secure remote access is a critical control. Remote access includes the following technologies:
- Virtual private networks (VPNs): They secure data sent via insecure networks like the Internet. The basic construction of VPNs involves secure authentication, cryptographic hashes such as SHA-1 to provide integrity, and ciphers such as AES to provide confidentiality. A VPN creates a secure tunnel over a public network, such as the Internet. Encrypting the data as it’s transmitted across the VPN creates a secure tunnel. Common VPN protocol standards include Point-to-Point Tunneling Protocol (PPTP), Layer 2 Forwarding Protocol (L2F), Layer 2 Tunneling Protocol (L2TP), Internet Protocol Security (IPsec), and Secure Sockets Layer (SSL).
- Screen Scraping: It presents one approach for graphical remote access to systems. Of course, not all remote access protocols are screen scrapers. For example Microsoft RDP isn’t a screen scraping.
- Remote Desktop Console Access: There are two common modern protocols for providing remote access to a desktop 1- Virtual Network Computing (VNC), and 2- Remote Desktop Protocol (RDP). VNC and RDP allow for graphical access of remote systems. VNC runs on TCP 5900 port. Also RDP runs on TCP 3389 port. A security principle is that change these default ports on the organization’s network. RDP is a proprietary Microsoft protocol.
- Desktop virtualization: It is a virtualization technology used to separate a computer desktop environment from the physical computer. This technique in fact, create a centralized infrastructure. Desktop virtualization is usually referred to as VDI. (Virtual Interface Desktop).In desktop virtualization, “virtualized” desktop is stored on a centralized, or remote, server and not the physical machine being virtualized. At result, user to access his or her desktop from any computing device. The advantages of desktop virtualization include:1- Simpler administration, 2- Virtual desktops can support remote desktop access from a wide variety of devices, including laptop and desktop computers, thin clients, zero clients, tablets, and even some mobile phones 3- Cost savings 4- Better end-user experiences 5- Improved productivity 6- Stronger security.
- The communication between the devices being used should be encrypted. In this case, if an unauthorized person obtains a document, he/she will not be able to read it
- Corporate networks can be segmented into multiple VLANs to separate different resources. An office building with multiple departments should can have separate VLANs for each department. In fact, logical network designs can tie into physical aspects of the building as necessary.
- The communication should be encrypted using TLS, SSL or IPSec.
Virtualization has been one of the hottest topics of the past decade, and is a key enabling technology in cloud computing. This technology emulates almost all physical computing resources (like desktop computers and servers, processors, memory, storage, networking).
The core component of virtualization technology is the hypervisor which runs between a hardware kernel and an OS. The hypervisor enables multiple “guest” virtual machines (VMs) to run on only a single physical “host” machine.
In generally, two commonly defined types of hypervisors are:
- Type 1: This type also called native and also bare metal. These type hypervisors that run directly on host hardware (like VMware vSphere)
- Type 2: These hypervisors that run within an operating system environment (like Microsoft Hyper-V)
VMware vSphere and Microsoft Hyper-V both use virtual network and storage switches to allow communication between virtual machines and the physical network.
The guest operating systems running in the VMs use a synthetic network or storage adapter, which is relayed to the physical adapter on the host. The software-defined networking on the hypervisor can control the VLANs, port isolation, bandwidth, and other aspects just as if it was a physical port.