Network ComponentsComputers and terminals
Computers processed data in a networked telecommunication system
Networked computers send and receive data from terminals
Telecommunications channels – physical and wireless
Telecommunications processorsRouters and switching devices
Network TypesLocal versus wide area networksInternet, intranet, extranetVirtual private networks (VPN)Client/server networks
Network Protocols and SoftwareOpen Systems Interconnect (OSI) model – a
standard architecture for networking that allows different computers to communicate across networks
Network and telecommuncations software – network OS, networks management software, middleware, web browsers, e-mail software
IS Network and Telecommunications Risks Social EngineeringPhysical Infrastructure Threats – the
elements, natural disasters, power supply, intentional human attacks
Programmed Threats – viruses, worms, Trojan horses, hoaxes, blended threats
Denial of Service AttacksSoftware Vulnerabilities
Social Engineering TechniquesFamiliarity exploitGathering and using informationPhishingTailgatingQuid pro quo
Sample ScenarioIn one penetration test, Nickerson used current events, public information available on social network sites, and a $4 Cisco shirt he purchased at a thrift store to prepare for his illegal entry. The shirt helped him convince building reception and other employees that he was a Cisco employee on a technical support visit. Once inside, he was able to give his other team members illegal entry as well. He also managed to drop several malware-laden USBs and hack into the company's network, all within sight of other employees.
Source:http://www.csoonline.com/article/514063/social-engineering-the-basics
IS Network and Telecommunications SecurityNetwork security administrationAuthenticationEncryption – secret key and public keyFirewalls – packet filtering and stateful
inspectionIntrusion Detection SystemsPenetration Testing – war dialing, port
scanning, sniffers, password crackers
Auditing Network SecurityRisk assessment and best practicesBenchmark toolsIT audit programs for network security
Security Service ComparisonEvaluation against policy and security
baselineRegulatory / industry compliance, e.g. SOXEvaluation against standards such as
NIST800/ISO27002Governance Framework – COBIT/COSO