Skip to content

Page175

Network Architecture and Design

Our first section is network architecture and design. We will discuss how networks should be designed and the controls they may contain, focusing on deploying defense-in-depth strategies, and weighing the cost and complexity of a network control versus the benefit provided.

Network Defense-in-Depth

Communications and Network Security employs defense-in-depth, as we do in all 8 domains of the Common Body of Knowledge. Any one control may fail, so multiple controls are always recommended. Before malware (malicious software) can reach a server, it may be analyzed by: routers, firewalls, intrusion detection systems, and host-based protections such as antivirus software. Hosts are patched, and users have been provided with awareness of malware risks. The failure of any one of these controls should not lead to compromise.

No single concept described in this chapter (or any other) provides sufficient defense against possible attacks: these concepts should be used in concert.

Fundamental Network Concepts

Before we can discuss specific Communications and Network Security concepts, we need to understand the fundamental concepts behind them. Terms like “broadband” are often used informally: the exam requires a precise understanding of information security terminology.

Simplex, Half-Duplex, and Full-Duplex Communication

Simplex communication is one-way, like a car radio tuned to a music station. Half-duplex communication sends or receives at one time only (not simultaneously), like a walkie-talkie. Full-duplex communications send and receive simultaneously, like two people having a face-to-face conversation.

Baseband and Broadband

Baseband networks have one channel and can only send one signal at a time. Ethernet networks are baseband: a “100baseT” UTP cable means 100 megabit, baseband, and twisted pair. Broadband networks have multiple channels and can send multiple signals at a time, like cable TV. The term “channel” derives from communications like radio.

Analog and Digital

Analog communications are what our ears hear, a continuous wave of information. The original phone networks were analog networks, designed to carry the human voice. Digital communications transfer data in bits: ones and zeroes. A vinyl record is analog; a compact disc is digital.