CISSP Cyber Training Podcast - CISSP Training Program
Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀
CISSP Cyber Training Podcast - CISSP Training Program
CCT 275: CISSP Rapid Review (Domain 4) - Part 2
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
The digital world has opened up unprecedented opportunities for scammers, and seniors have become prime targets. In this alarming and informative episode, we dive deep into the FBI's recent warning about AI-driven "Phantom Hacker" scams that have already stolen over a billion dollars from American seniors through sophisticated three-stage attacks.
What makes these scams particularly devastating is the deployment of AI voice cloning technology. With just a small sample of someone's speech, scammers can create perfect voice replicas that sound exactly like trusted family members or financial advisors. This technology has advanced to the point where distinguishing between real and AI-generated voices is nearly impossible for most people. As cybersecurity professionals, we have a responsibility to protect vulnerable populations through education and clear verification protocols.
The episode transitions into a comprehensive review of CISSP Domain 4, covering essential communication and network security concepts. We explore voice communications security for both traditional telephone networks and modern VoIP systems, email security protocols including SPF, DKIM, and DMARC, and remote access considerations with VPNs. The discussion covers critical decisions between split and full tunneling, network address translation complexities, and third-party risk management through formal agreements and vendor assessments.
Whether you're preparing for the CISSP exam or looking to strengthen your organization's communication security posture, this episode provides actionable insights on protecting against today's most sophisticated threats. The convergence of AI technology with traditional social engineering tactics demands a new approach to security awareness and technical controls—one that acknowledges voice is no longer a reliable authentication factor on its own.
Ready to continue your CISSP journey? Visit CISSPCyberTraining.com for free resources including practice questions, rapid review videos, and a comprehensive study plan designed to help you pass the exam on your first attempt.
Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. Alright, let's get started. Let's go cybersecurity knowledge.
Speaker 2:All right, let's get started. Hey, I'm Sean Gerber with CISSP Cyber Training and hope you all are having a beautifully blessed day today. Today is part two of the CISSP Rapid Review for Domain 4. You can get all these Rapid Review videos and audio at CISSP Cyber Training, so head on over there to get it and it's available to you. If you just sign up with my free program, you can get access to all the rapid review videos as they come out, so it's pretty awesome.
Speaker 2:But before we do, I wanted to kind of quickly talk about an article that I saw in the news. This was from the FBI and it's on Fox News, but it was FBI warns seniors of a devastating AI driven scam. Now I will tell you, this is probably one of the biggest concerns I have related to AI, and I've got parents that are seniors and they are in a situation where they don't really do much online, which is a good thing. However, they because their pot of money is so important to them they are also very what do you say? Trusting in some regard, and this is bad. I mean, this is really bad, and I need you guys, as cybersecurity professionals, to start really thinking about how do we help mitigate this risk? And a lot of it is done through education, and you all are the smart people in the room, so you need to educate as many people as you possibly can, and this isn't just seniors, this is everybody. But this situation, this is from the Phantom Hacker scam and they've already cost American seniors over a billion dollars and they continue to target their obviously their different savings that they have.
Speaker 2:Now there's three stages with this A tech support imposter, right. So this is where someone can come in from tech support. They can come in from the bank. Even I've seen this where, hey, I know you bank at XYZ. Go there and you can get access. We're going to help you with your system because it's slow and they know that you bank at this location, so they may even do that. Or they may say I'm from Microsoft and they may gain access to the victim's computer because of that. So these people don't really know what they're doing. Right, they're very good at what they did when they were younger. They're very, very good at what they as a great senior citizens, they have a lot of experience.
Speaker 2:But when it comes to this IT stuff, on many cases not all, but in many cases, they are just not adequately prepared. So the tech support imposter will come in, gain remote access. Then a bank imposter will convince them to transfer funds for security reasons. So someone from the bank will air quotes call them and this can be done through AI as well and the government imposter then there's a third person will advise them about moving money to a safe alias account. So all of this can be done in different ways.
Speaker 2:But if I have one person who's using different AI tools to help basically personalize the attacks and this can happen through sending messages, through what the hobbies maybe they posted on Facebook or other types of social media to increase the level of trust that they have so it's really really bad and it's imperative that you, as security professionals, work to understand a lot of these situations, to help your seniors out and to help anybody out, because this this won't just affect the seniors. This can affect a lot of people, because ai is so good and it can be such a an imposter to people's voice that it is. People will make mistakes and and so therefore, I mean it's into the point now where they've got folks out there that can, if you have a little bit of samples of your voice, such as what we do with this podcast. It can create podcasts for you. I mean, that's pretty spooky, and it can actually do it based on how I speak, and so therefore it makes it really challenging for someone who maybe trusts the name and goes hey, you know what I'm going to talk to, so-and-so, maybe she can help me out with all of this.
Speaker 2:So it's imperative that you work really hard with your seniors to educate them on the fact that no one will call you from the bank and ask you to transfer money. That will not happen and if you need to, you physically get up and go to the bank if you have any questions. Do not do anything over the phone. Don't transfer money. Do not allow anybody to have remote access to your systems. If you have a problem with your computer, then you need to call somebody to have them come out to your computer. Somebody calling you saying, hey, we're here to help. That never works. That's usually a bad idea.
Speaker 2:So the recovery rates it mentions in the article are very bad right 10% to 15% of getting the funds back, which basically means your money is gone and these people work their entire lives and then the money is gone. And then what do they do? Right, they have nothing. So it's imperative that you help them. I'm trying to beat on this drum because I've got parents of this age and I've seen it happen and just destroy people's lives to the point where they don't want to be here anymore and they end up hurting themselves because of it. So it's just imperative that you guys work to help people out on this and we take these people down as much as we possibly can, because it's just it's bad. It's really really, really bad, okay.
Speaker 2:So again, have open conversations with your loved ones. Make sure you teach your people to watch that out. Make sure you educate your employees. I would honestly, if you have new security within your company, I would talk with your senior leaders and see about putting something out for your company to have your employees talk with their more senior parents about these situations. This is big deal, guys, really big, and I can't stress this enough because it will impact and hurt people badly that are probably some of the most vulnerable and they don't need to be hurt. So, again, go check it out. Fox News it's basically FBI warns seniors about billion-dollar scam draining retirement funds and then they're saying AI is driving a lot of this. Okay, so we're going to now roll into part two.
Speaker 1:Part two of the CISSP rapid review for P4. So this is actually just a domain four. So part two of domain uh for the cisp for voice communication rapid review, and it does rely on copper wires and switching centers to do the to do the work.
Speaker 2:So this is the old school where you had somebody sitting in behind a desk and they're plugging in different wires into different ports to make the communication, the connection. Uh, this is a pstn now. Now, granted, obviously that was really old school, but it's the traditional old type of phone network. It is susceptible to wiretapping and eavesdropping and denial of services as well. They still exist in different places. Obviously, in areas that are maybe a little less developed, they're more prevalent. But bottom line is, pstn is still out there and you, as a security professional, need to understand what is a PSTN network Voice over IP. This is what allows for voice and multimedia communications over IP networks such as the internet, and then, obviously, it's instead of the traditional phone lines that you would have, such as a PSTN network. They do are. They're becoming more and more developed and deployed throughout. Most companies have these and they will include various different types of threats that can affect them, such as eavesdropping, dos attacks. Obviously, they can target your voice over IP clients if they're high IP or high value clients, and they will also target the servers as well. Gaining access to these systems can be a plethora of information, and so bad guys and girls will attack those systems. They really truly do want the VoIP systems, and if you don't have good security enabled on them, they are a high target and they can also incorporate a lot of risk for you and your organization. Hence, if they were to be breached or compromised, you now are running in a situation where you become liable because you didn't put in adequate controls for them.
Speaker 2:Voice we have to deal with vishing and freaking. So vishing is a social engineering attack that conducts over the phone, where attackers will use voice calls, often spoofing the caller ID, to trick victims into revealing sensitive information. This also can be now, with AI and the voices. You people cannot distinguish between who is who. So you need to really teach your employees that you don't just provide information to someone that sounds like you or sounds like somebody else, because now, with AI, that can all change everything. So historically, this is the when you're dealing with freaking. This is an act of exploiting vulnerabilities in telephone networks to make free calls or gain unauthorized access to services. Freaking isn't as prevalent today, again, in more undeveloped networks that may have more freaking than there is what we see traditionally in today's networks, but it is a risk that you need to be aware of. For the CISSP, it highlights human element of security, the important part of dealing with voice and, again, vishing exploits the trust and the lack of verification. Freaking demonstrates the need for strong authentication, especially in the AI world that we live in today.
Speaker 2:Now, pbx fraud and abuse this is your private branch exchange. That's what a PBX is called. It's a telephone system, basically with an enterprise that switches calls between internal users and allows them to share certain numbers of external phone lines. Again, a bit old school, but it's still out there. You need to be aware of what it does and you need to be aware of how PBX systems work. The biggest issues or vulnerabilities you run in with them is weak passwords, unpatched software and misconfigurations. Obviously, since systems aren't well maintained, there's even becomes a bigger problem with PBX systems. These can run into substantial financial losses for an organization, especially if they're using older type systems to communicate, such as, like EDR, the electronic data exchange. So those are different types of capabilities. If you're using PBX systems systems someone's able to get in there and actually pay attention to what is being transmitted then you could actually incur some more risk to your organization. So pbx fraud, in a view, still is there. It's just not as prevalent that you may see in the outside world.
Speaker 2:Now we're dealing with remote meetings, so you have virtual gatherings, obviously conducted via an online platform. Obviously that's like your zoom and all outside world. Now we're dealing with remote meetings, so you have virtual gatherings, obviously conducted via an online platform. Obviously that's like your Zoom and all the other things that you can discuss presentations, collaborations, all of those kind of things and that all just kind of blew up once we had COVID right. But the problem is is this is you've got Zoom bombing right, unauthorized intrusions into a Zoom meeting, and when you're dealing with Zoom meetings, who are all the people that are there? Especially when you get a large group that's got like 30 people, 40 people how can you confirm each person's in that group?
Speaker 2:The other part you run into now that is a different, unique aspect that didn't have even like six to eight well, six months to a year ago is the AI chatbots that are put into these meetings that are then taking notes. So now you have somebody that's actually taking notes for you and you might be discussing personal and sensitive information and this bot is now recording that. So again, it requires strong passwords, waiting rooms, host controls a big factor in all of these when you're dealing with remote meetings, instant messaging and chat obviously, real-time chats, dealing with microsoft team, slack, whatsapp all of these are an important point for one-on-one or group communications. They. But again, on the downside, you got insider issues, you got impersonation issues, you've got dealing with data retention issues. All of that is a big factor with instant messaging and chat. So you need to have a good, strong policy on how you're going to handle chat. You also need to enforce the policies when you're dealing with your chat and your overall team's plans.
Speaker 2:Multimedia collaboration big factors that you need to be aware of as it relates to the cissp, remote access and telecommuting telecommuting techniques, right, so methods that allow users to connect to an organization's internal network and resources from external locations. Now you're dealing with vpns. This is you've got your vpns, you got ipsec, you got ssl, tls all of those pieces are remote access. You've got remote desktop protocols. It's being used all the time and so you need to ensure that anybody that is using that within your network has good policy. They need to understand the policies. They also understand the security related to protecting this network and the data that's going on there. Each of these should have specific vulnerability, or each of these does have specific vulnerabilities related to the VPNsns, rdp and so forth, and you, as a security professional, need to be aware of each of these vulnerabilities. And this also comes down to understanding your overall network topology and your network architecture so that you can control the data coming in and leaving your organization. All of those are an important part and you need to make sure that you understand each of these to include cloud access, security brokers, casbs for the CISSP exam. So, again, those are important parts, I'd say.
Speaker 2:From my standpoint, remote access is probably one of the biggest areas that most companies struggle with because they put it in place, but they don't have a good handle on remote access long-term. It's a short term. Just get it up, get it running and we'll go from there. Now, remote connection security you got to have mandatory strong authentication. This would be multi-factor authentication for all remote access Encryption this is where all data is transmitted over remote connections and must be encrypted from end to end. This would be your TLS, ssl and IPsec as well. We talk about this a lot and this is an important part of all security within your company and having a good architectural plan related to it. Endpoint security, dealing with EDR agents. This is with your endpoint detection and response. And then network segmentation, as it relates specifically around VPNs and network access controls. You want to base these on least privilege and you want to limit your segmentation based on that.
Speaker 2:Without robust security, remote connections become a significant attack vector, obviously for unauthorized access, data interception and malware introduction into a corporate network. So, again, remote security is an important part, and this is all part of domain 4.3 of the CISSP, managing your email security. The purpose of this is to protect your confidentiality, integrity and availability of your email communications, and it is a primary vector of many cybersecurity attacks. Why? Because people communicate on email all the time and so, therefore, because they do that, it's one of the primary places where bad guys and girls will go after you. Implementing policies for acceptable use is an important part. Secure configurations to ensure that, and then monitoring the access of email that's going in and out of your network is an important part as well. If your email communication can be so voluminous, it's hard to do. You want to target, maybe potentially specific people that have the highest risk to your organization and, again, those are the folks that you would want to make sure you have really good policies in place. You also have a good documentation telling them hey, I'm going to be watching you and this is why we're going to be watching you Now. A well-managed email security program is vital for defending your network. It truly is, and including email deliveries or malware deliveries, phishing, business email compromises all of those are an important part that you're going to have to be aware of for the CISSP and as a security professional, and they're going to look to you to help them put things in place to help mitigate this potential risk.
Speaker 2:Email security issues you have phishing. You have spear phishing. You have malware delivery. All of those can happen through email Spam, and unsolicited mail obviously comes through email as well and then your business email compromises. This is where you have fraudulent schemes that are targeting, usually impersonating senior leaders, to try to get you to transfer money to offshore accounts. Becs kind of come in waves, but they are very effective, especially now with the AI. You could do an BEC really easy with somebody's voice, especially if you have some different voice samples that you could use. So it would be a really easy target to target some of the right people and saying, hey, I'm going to follow this up with a phone call. And then you go hey, bill, you leave a message saying this is the CEO, I'm authorizing the use of this money transfer. And Bill goes well, that sounds just like my person, so let me go ahead and allow the authorization of the money. So again, big, big deal Data leakage, unintentional and malicious disclosure of sensitive information via email, and then lack of encryption obviously isn't a big factor in all of this.
Speaker 2:Email remains the top attack vector and it does require robust, multi-layered defenses and monitoring to ensure that it is properly protected. So, as we're dealing with email security solutions, you now are also dealing with spam filters. So these will help identify and block unsolicited emails that may come in and, as you all know, you have to check your spam filters routinely as you're dealing with your different Outlook and email type products out there. In addition, you have anti-malware and anti-virus gateways. These will be used within your architecture to help scan email attachments for anything that's potentially malicious coming in or anything that may maliciously be going out. Now we'll run in and talk about DLP, but a lot of it is the DLP content is the data going out but malicious content coming in? Your anti-malware or gateways that are allowing any of the scanning of the content coming in from your emails? We'll be looking at that.
Speaker 2:You have email authentication protocols, which is SPF, dkim and DMARC. Spf is your sender policy framework. This helps with email spoofing and it does help ensure that the sender's IP address is confirmed. Dkim is your domain keys identification email and this uses digital signatures to verify your email sender's identity as well as the integrity of the overall message itself. Those are all important parts of PKI and you will understand that as you're looking through the different email capabilities. These are really key parts that are brought up a lot within the CISSP exam. Dmarc is your domain-based message authentication, reporting and conformance. This is also help built on SPF and DKIM. So, again, understanding those acronyms is an important part of the CISSP exam. Email encryption using SMIME and PGP are good for end-to-end encryption capabilities and highly recommended. You'll need to understand the use of PGP and SMIME within the PKI structure for email encryption.
Speaker 2:Dlp is a big factor as it relates to data loss prevention. This scans outgoing emails for any potential content that might be added to the email itself that might violate policies that you may have in place, and then it could block or at least at a minimum, alert type of activities. Sometimes they have a delay where the content has to be approved before it's actually allowed to leave the organization. So different types of DLP products are out there. You just have to determine which one would be best for you and your organization. Also, as you read the questions for the CISSP, they may ask that, specifically, do you want to allow blocking or do you want to allow an approval process? Security awareness training this is where you're educating users about phishing, business email compromises and safe email practices. Obviously, awareness training is an important part of any program, and you should have something in place in each of these areas specifically to educate the end user, as they are the ones that, in most cases, are the ones that start the overall process of getting infected. But again, implementing any of these solutions will go a long ways in helping reduce the risk to your company as well, as these are concepts that are brought up highly within the CISSP exam.
Speaker 2:Network address translation this is something that is done as far as to translate between private IP addresses and public IP addresses, and, as you're dealing with routers and various other access points. They will do that translation for you. It basically modifies the network address information on the IP header and the packets and basically communicates between the two entities. So it allows you to have NAT, which is one-to-one, or dynamic NAT, which is one many-to-many. There's also port address translation and then there's NAT overload, which is many to one, using ports. So again, nat translation is a very good thing to have. It can be a challenge because it can make things complicated when you're dealing with logging and monitoring NAT translation. So it's basically an external IP address comes to an internal IP address and it's being translated. The logs that will give you that information from both one to the other can be very complicated and can be very challenging to actually understand and ascertain. So having good plans in place is an important part. Also, ensuring that you incorporate IPsec in various other types of security mechanisms with these various connections is also an important part of what you're trying to deploy from an architectural standpoint.
Speaker 2:Private IP addresses there's different, various private IP addresses that you may find within your organization. That's the 10 series, 172 or 192 series. These are typically within, like your house. You may have your. All of the IP addresses within your home are based on 192, but the external IP address may be like 13.2.3.4, whatever that is, and those private IP addresses are specifically, they're non-routable for external. They're all routable internal and this is where you'll have the NAT that will help you with overall helping translate between external IP addresses to your internal private IP address space. So you'll need to understand that. And what are the private IP addresses that you may anticipate?
Speaker 2:Seeing as they ask you a question, they may ask that specific thing of giving you an IP address of, let's say, 169, which we'll talk about here in a minute, and they'll say that's a private IP address. But it is actually not a private IP address. It's an automatic IP address set up for the system, but it's not something that's routable within your organization. Now, automatic private IP addressing APIPA this is a feature that Windows and other operating systems automatically assign an IP address, especially when they cannot use DHCP and they can't network. It does give them an IP address so that it's actually discoverable internal to your network. However, because it's a 169, it is not something that can be routable outside of your organization and it doesn't work with NAT. So, as you're understanding, when you realize that maybe your DHCP server may be down and you see an IP address of 169, you will know that it is a networking problem that you're dealing with and that you would have to try to figure out the issue. If you're dealing with an IP address that says 192.168, you know, then it potentially might not be a networking issue. It might be something else. But 169, again, this allows for devices to basically have small local networks to communicate with each other without a DHCP network, but it doesn't allow you to do much other than that. So, depending upon where you're using it, 169 may or may not be something you would want to incorporate within your network. I would not. It's more or less designed as something that is a fallback to that. You're having to troubleshoot a networking challenge.
Speaker 2:Vpns these are the basics around these. They create secure, encrypted tunnels over untrusted networks. Vpns are talked about a lot within an organization and they're used extensively. The thing you have to watch out for with VPNs, obviously, is your third parties, and you're allowing third parties to VPN into your network. It basically allows the internal network to be exposed to an external entity of some kind. So therefore, having VPNs is an important part. It does help with encapsulating the communications back and forth are encapsulated and they are protected, but they're. The amount of data going across these networks can be a lot and they also can Not be as monitored as you may want them to be. So I would highly dis Assuade you from using VPNs for third parties. You you have employees that use VPNs. The bad thing with the VPNs on having employees is, again, if they're at home using their computer and they're using a VPN, their home network may be part of the business network, which can cause all kinds of drama. So you need to have a very good plan in place on how you're going to deal with VPN tunneling. But again, it does provide confidentiality, integrity and authenticity for the data in transit over untrusted networks and it does have protections. But again, it does open up a whole set of challenges as well.
Speaker 2:Split tunnel versus full tunnel. So split tunnel this is only the traffic destined for the corporate network goes to the VPN. All of their traffic is shunted and goes directly. Not shunted, it goes directly to the internet and this works really well if you have bandwidth challenges, potentially, and you don't have a circuit dedicated specifically for the internet. And this works really well if you have bandwidth challenges, potentially and you don't have a circuit dedicated specifically for the internet, or you do have one. That was where split tunnel will come into play. Now, full tunnel is where all network traffic from the client device is forced through the VPN tunnel to the corporate network and then out to the internet. The positive with that is that all that data is potentially being monitored, whereas a split tunnel, only the data that is corporate specific is being monitored. Any internet traffic would not be monitored in the same capability. So there's pros and cons with all of this right. So full tunnel, again, it's generally they consider it more secure as all the traffic is sent through your corporate security controls. However, the split tunnel can reduce some risk, obviously from remote devices.
Speaker 2:However, one of the things to consider when you're dealing with is bandwidth. Is bandwidth an issue, um, at your locations that you might might need to do some split tunneling? And, like anything in all of these security mechanisms we talk about, it really truly comes down to are you putting in place the right configurations to manage the security of each of these tools that you're adding? So, again, everything can be, has pros and cons associated with it, but it really comes down to how are you configuring it? How are you managing the security of each of these specific tools? So what are some common VPN protocols?
Speaker 2:We've got IPsec, which is your internet protocol security. It's a suite of protocols used to have secure IP communications and it operates at the network level. And it operates at the network level. It does provide for authentication, encryption, and it's usually typically used around remote, or should say site-to-site type of connections. A lot of remote VPNs are part of that. You have SSL and TLS, typically used with HTTPS, and it's often clientless or browser-based. You can get lightweight clients with the TLS aspects of it, but it again is very common for remote access.
Speaker 2:You have PPTP, which is your point-to-point tunneling protocol. It is older and it is less secure, but if you're dealing with external networks or networks that are older, you will have P2P aspects of this, and so you shouldn't discount it just because it is older and insecure. However, that being said, you're going to want to make sure that architecturally, you have it in a position where it is best in a most secure environment. L2tp was your layer two tunneling protocol and this is often paired with IPSec for security reasons. Obviously, ipsec and SSL are recommended secure choices. They help with secure encryption and authentication. Again, older protocols like PPTP have known vulnerabilities and should be avoided if possible. But again I come back to this, you may have to use them depending upon the situation that you're in and operating in Switching and virtual LANs.
Speaker 2:So you're dealing with a switching network. This is layer two. It's your data link network and the devices that are formed in frames based on MAC addresses. You create separate collision domains and it also improves the network efficiency as well. Then, when you deal with virtual LANs, or VLANs, these are logical segments that are basically single physical switches into multiple broadcast domains, and your VLANs are tied to the fact that you may have multiple VLANs within your network. Now, vlans are great, they're awesome, I love them. However, one of the things is they can add more complexity to your overall network, and so, therefore, you should look at, utilize them, but, in the same time, determine not to go overboard with your VLANs. Proper VLAN configurations obviously is critical, and that's with anything we deal with is the overall configuration aspects tied to it.
Speaker 2:Mac flooding attacks. What is a MAC flooding attack? Well, basically, this is where the attacker floods a switch MAC address table and then will fake potential MAC addresses and it does cause the table to overflow and when then, basically, you end up having dealing with denial of service type of impacts. When the table is full, the switch may revert to acting like a hub broadcasting all traffic or potentially just failing closed. It may fail open, but it just when you deal with these situations. It can happen different ways. It does allow the attacker to eavesdrop on network traffic that would normally be switched only on the intended recipient and it may compromise the overall confidentiality.
Speaker 2:Mac cloning this is where an attacker will change the MAC address of their network interface card, a NIC, to mimic the legitimate's MAC address. Now, you would do this, sometimes from a legitimate reason, when you're trying to work with different wireless networks. They will have MAC address cloning, but you can bypass the MAC based on the access controls that are there or impersonate legitimate devices on the network. Now, what this can happen is it will compromise the authentication and the access control mechanisms that rely solely on the MAC address. Now, obviously we want to have more than just MAC address controls in place, but in this situation, if it would compromise that, specifically on these situations where the MAC address is the key protection mechanism around it, it does highlight weaknesses in MAC addresses as the sole authentication factor, and it is not recommended that that would be it. Memorandum of understanding so a formal agreement between two or more parties outlining the terms of an understanding. This is often used to establish a framework or cooperation and potentially share responsibilities in security. It's an MOU and this is just part of domain 4.3.
Speaker 2:Risk assessments of third parties. This is an important part that I feel gets left. A lot is third-party risk assessments, and how do you deal with third parties within your organization? Conducting thorough evaluations of third-party vendors, security postures, controls and compliance before and during any engagement? This would be very commensurate with the risk they pose and the data they control.
Speaker 2:Third-party connectivity risks we talk about this as far as even having VPNs, but these are specific threats arising from network connections to external entities, such as insecure VPNs, unmanaged access points, data exfiltration through email or other ways, or lateral movement from compromised vendor within your organization. Again, this is why contractors are a big risk to many corporations, and so therefore, getting people access to your company that are contractors or third parties, you need to have a really good plan in place to help ensure the security is maintained. So managing third party connections is critical and it's a do extend the organization's attack service, but they also help the organization create a better product in many ways. So MOUs, risk assessments all of these are an essential part of any organization, especially if you're dealing with third-party risk, and they do help you identify vulnerabilities, mitigate the risks associated with this, especially when you're dealing with overall within your company, and I highly recommend third-party risk assessments done for any organization. You'd be surprised how many different companies have third-party risk they didn't even know were a big factor within their company. So, again, that is what comes down to domain 4.3. Okay, that is it for the rapid review for domain 4.
Speaker 2:Again, you can go to CISSP's cyber training and get access to all of this content. You can sign up for my bronze package and get access to all of my rapid review videos as well as the study plan that I have available over 360 questions. There's different types of videos and audios that's available specifically for my free resources and I guarantee you they will be extremely valuable to you. Again, it doesn't cost you a dime. All it asks for is your email address. That's it, and that way I can send you information as needed related to the CISSP or in whatever else you want to do. When it comes to paid resources, I've got all the CISSP content available to you in video format and audio format, as well as numerous questions over 1500 different questions right now that are available, with deep dive topics, mentorship. All of those things are available specifically to you as part of the overall paid programs.
Speaker 2:I have, so, again, super excited about what we can provide for you at CISSP Cyber Training. Head on over there, get access to this video and many, many more, and again, I hope you all have a great day, enjoy your CISSP studying and we will catch you on the flip side, see ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes, as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube and just head to my channel at CISSP Cyber Training and you will find a plethora, or a cornucopia, of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.
