Secure Communication Channels
This section focuses on securing data in motion. Such as voice, e-mail, web, fax, remote access and virtualized networks. One of the important topics in CISSP course is secure communication channels. So, in this part of this tutorial, we’ll take a look at secure communication to help you understand the different aspects of secure communication channels.
Today, voice protocols such as SIP have become common on LAN and WAN networks. This protocol is especially used on internet by software such as Skype. Example of the use of this protocol in LAN and WAN networks today include microsoft team. This protocol introduced additional management, either by using dedicated voice VLANs on networks or by establishing the quality of service (QoS) levels.
The world of voice technology is a very big world, and we don’t want to talk about how to implement and configure it, but Types of attacks on voice communications systems include:
Toll fraud: such as spam over instant messaging (SPIM), number harvesting, spam over Internet telephony (SPIT), voice over misconfigured Internet telephones (VOMIT), and call hijacking.
Identify fraud: such as caller ID spoofing, eavesdropping, and vishing.
Eavesdropping: whereby an attacker uses techniques to intercept and monitor communications messages.
Denial of service (DoS): such as DDoS attacks and telephony denial of service (TDoS) attacks.
There are varieties of new technologies that for collaboration with colleagues. Examples:
- Remote Meeting Technology: It is a new technology that allows users to conduct online meetings via Internet. Some of the popular software for this technology are: Microsoft team, Skype, WebEx, and Zoom. Many of these solutions can tunnel through outbound SSL or TLS traffic, which can often pass via firewalls and any web proxies. Security issues associated with remote meeting software include downloading and installing potentially vulnerable add-on components or other required software. Other security issues arise from the capabilities inherent to remote meeting software, such as remote desktop control, file sharing, sound, and video. So it is very important that an unauthorized user cannot attend these meetings.
- Instant Messaging (IM): It allows two or more users to communicate with each other via real-time “chat.” Chat may be one-to-one or many-to-many, as in chat groups. Modern instant messaging softwares also allows file sharing and sometimes audio and video conferencing. The file sharing capability of chat software may allow users to violate security policy by distributing sensitive documents (like files, audio and video).In fact, IM has long been a favorite attack vector for cybercriminals, and it is no more secure than any other communication method. Especially that communications can be intercepted.