CISSP Cyber Training Podcast - CISSP Training Program

CCT 337: UK Manufacture Attacks - CISSP Deep Dive (Domain 4)

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur Season 3 Episode 337

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 32:44

Send us Fan Mail

A ransomware headline is easy to ignore until you realize it can shut down a factory line, break supplier networks, and trigger contract penalties that dwarf the original IT cleanup. We start with a real-world manufacturing case study from the UK where cyber incidents are becoming routine, then zoom in on why revenue hits are so brutal in an industry that often runs on tight margins. The Jaguar Land Rover disruption adds a sobering lesson: a single breach can ripple outward into suppliers, logistics, and even wider economic impact.

From there, we switch into CISSP Question Thursday with Domain 4 focused practice that sharpens how you think under exam pressure. We walk through a zero trust private cloud scenario and explain why microsegmentation with software-defined networking gives the most granular workload-to-workload control for stopping east-west lateral movement after a compromised web server. We also tackle the split tunnel VPN tradeoff that can turn an endpoint into a bridge for attackers, plus a legacy ARP weakness that opens the door to ARP spoofing and man-in-the-middle attacks.

We round it out with high-value protocols and technologies you’re likely to see on the CISSP exam: DKIM for cryptographic email integrity and domain validation, WPA3’s SAE for stronger protection against offline dictionary attacks, and VXLAN in shared infrastructure where encryption is not provided by default and must be layered in with controls like IPsec or MACsec. If you’re studying communications and network security, this one connects technical decisions to real business risk. Subscribe, share with a study partner, and leave a review so more CISSP candidates can find the show.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

Welcome And Host Intro

SPEAKER_00

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber. I'm your host of this Action Pack Informative Podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cyber security knowledge. Alright, let's get started.

UK Manufacturing Cyber Incident Case Study

Jaguar Land Rover Ripple Effects

Domain 4 Questions Kickoff

Zero Trust And Microsegmentation

Split Tunnel VPN Risks

ARP Spoofing And MITM Attacks

Email Authentication With DKIM

WPA3 SAE Against Offline Cracking

VXLAN Security Without Encryption

Wrap Up And How To Connect

SPEAKER_01

Good morning, everybody. It's Sean Gerber with CISSP Cyber Training and hope you all are having a beautifully blessed day today. Today is Thursday, and this is CISSP question Thursday. And so we're going to be going over questions related to the CISSP exam. And these today are going to be focused specifically around domain four. So domain four of the CISSP exam. But before we do, I had an article that I wanted to go over, and I get a lot of feedback from folks that are listening to the podcast around the articles as well and some of the aspects and how they tie together with the CISSP. So let's let's go into this article. And this is again, we're going to regurgitate a lot of things that you all have heard and struggled with of going, yeah, there's ransomware attacks everywhere. Well, we want to keep bringing these up because the ultimate goal is that as you're studying for the exam, they may have questions that are going to ask you that they may ask you that are related to a cybersecurity incident. And the more you hear about these different case studies and these different situations that occur, it will help you substantially in trying to understand how do you piece all of this together. Because many times, I mean, I don't know, some of you all work in SOCs in a security operations center, some of you are in compliance. So the more we can expose each other to all of these different things, the better we can make the community and the stronger we can make the community. So this is an article out of IT Pro, and it says 78% of UK manufacturers have experienced a cyber incident in the last year, and more than half have taken a revenue hit. So let's just kind of break this down a little bit. I want to use this as a case study because a lot of the information in here, you'll say, well, this is relatively the same as we've heard before, just different. You just basically rebrand it with somebody else. And that's true, but let's just kind of talk through the big picture of this and then let's come to a case study that I've kind of dug up a little bit and we'll go into that. So cyber attacks obviously become routine, once we just mentioned, right? And they are costly specifically to any sort of manufacturer, but in this article, it's related around the UK, so the United Kingdom. And this is just affecting everyone, right? It doesn't matter if you are any sort of manufacturing, you're going to be affected by this in some form or fashion. So in this article, it says 78% of UK manufacturers have experienced a cyber incident in the past year. So of over those 78, over half of them, so you're talking a large number, have lost revenue. Now, you all might be going, well, well, okay, they've lost revenue. That's let's they can work through that. Now, I'm just going to be very transparent, and I know not all businesses are this way, but most businesses, their margins are anywhere from 6 to 12 to maybe 25% at the most. At the most 25% is really pushing it, but it's usually between 6 to 12 to 16, 17% is their margins. And what does that margin mean? That means the amount of money that they have once they have taken out all their expenses. So you start taking out employees, you start taking out any sort of medical benefits, you start taking out uh just the equipment that you have to run your operation and all the insurance and everything else that goes into this. So once you take all of that out and you then have paid all your expenses, you now have a profit. And that profit is the percentage that you get to keep as a business owner. And that ranges anywhere from, like I said, six to up to potentially twenty, twenty-five percent. But most businesses operate, especially when you're dealing with something as heavily uh intensive as manufacturing, they're probably around the 12 to uh 18% tops kind of space. So again, you're not talking a lot of money. Their ultimate goal is that they can make enough money over the years that they continue to grow their business so that if they start at year one, by the time they get to year 10, they're actually making a substantial amount of income. But again, that's bare barring. They don't have issues like this. So, why what cyber attacks do to manufacturers? How is this end up affecting them? Well, what happens typically is your production will go down, and many firms will experience, and in the article it says one to seven days of downtime. I will actually probably disagree a bit of that in the say that it many firms will experience, they say maybe one to seven days of downtime, of maybe the actual system being down and then bringing it back up, but the long-term effects can ratchet out to potentially a week, two weeks, six weeks, or more. And the reason is is because they have to bring all these systems back online. Smaller the business, you have less systems to bring online. The bigger the business, you have more, and the impact can be greater. So it really depends. Now, when you're dealing with supply chain disruption, what they talk about in the articles, nearly half face delays or breakdowns in the supplier networks. Now, in many cases, these manufacturers have maybe one, possibly two suppliers for certain types of raw materials. And if that's the case and these guys get hacked, it can have cascading effects throughout their organization and throughout their business. So again, those are a big factor. Then they roll into miscommitments. Miscommitments of companies will fail to meet delivery or contract obligations. This really will affect you dramatically. So this is the part you don't see, right? You go, well, the production's down, the system's down. Okay, now we're we're not being able to produce what we want to produce, but then we break come back up in a week or so, and things are good. The problem with that, though, is that once they were down, they had obligations to their to other companies to provide this product. And if they don't meet those obligations, they can be fined for them. They can actually withhold payment. There's all kinds of things that go into this. So it's imperative that everything is just in time. It's the man the moment it's manufactured, it's heading out the door. And there's clauses in contracts because of that specifically. So these miscommitments can carry a very substantial price tag with them. And they add to these financial losses, which can in the can go hundreds, if not millions, of dollars each and every time. So in the article, it brings up the case study around the Jaguar Land Rover attack that occurred in the UK. Now, all of you may know, you know, your Jaguar, Land Rover. I mean, I was a kid growing up, I love Jaguar. I wanted to have a Jaguar all the time. That's what I wanted. And now the Land Rovers have kind of taken that on with their Land Rovers, everybody's got them, unless you're Tiger Woods and you're flipping your Land Rover. But again, it looks, I noticed when I did flip it, the bottom of his Land Rover looked very clean. It looked, it looked immaculate, way better than my Land Rover, which I don't have. So the point of it is they are an awesome manufacturer. They're an awesome machine, just incredible. But so let's look at this JLR attack that occurred. Now, this happened back in 2023, and this they had manufacturing systems that were shut down temporarily, employees lost access to IT systems, and they had production and logistics systems were disrupted as well. Now, the overall financial cost of this, the this is the direct cost of this incident to Jaguar was, they're saying anywhere from 196 million to 260 million dollars. So that is a very substantial difference between what you see in the article, and the article's talking a couple hundred thousand, right? Jaguar would have been happy with a couple hundred thousand dollar loss. So you're talking millions, hundreds of millions of dollars. Now, the wider economic ripple that it kind of we've been able to dig out of this is that it's about 1.9 billion in total economic impact just because of this. And this was because of the suppliers, all the downstream effects of it, all of those pieces tied to this Land Rover hack that occurred. Again,$1.9 billion. So, again, why is this important? One is that cyber attacks will stop physical production, not just the digital systems. And once they do that, you're going down. A single breach can trigger a nationwide economic effects. This is here and today. And if you are an attacker out there, they know that this can happen. So what do you do? You cause chaos and pandemonium. And then whatever takes the system down, because they're all critical infrastructure, can have dramatic ripple effects throughout the entire country and in some cases throughout the world. Again, many companies are still underprepared for this leadership level. And this is a one part that brought up was that the fact that only around 22% of the companies that were in this article actually have someone who reports to the board. I'm sorry, but this is getting to the point in the place of the world where the cybersecurity folks are gonna have to have a place at the board level. But not just sitting on the board looking pretty, they have to actually have the ability to help make change within the organization. Now, if you put all these things in place, like we've mentioned before, will that stop the Land Rover attacks from occurring? No. Will it cause the impact to be less? Maybe, maybe not. But at least then the ultimate point of this is how fast do you respond? It's all comes down to responding and having business resiliency set up within your company. So again, good article, but the point of it, we wanted to build a little bit on this, is the fact that 80% of the UK manufacturers have had some sort of cyber incident. 80%. That's substantial. Now, the UK is not a big manufacturing space, but 80% of them had some sort of incident. So it's only going to get worse. So you better buckle up and make sure that you're prepared. And if you're as a cybersecurity professional for your company, you need to make sure you are doing everything you can to help them be prepared for this situation. Again, this is off IT Pro, and it's Emma Woolcott who brought this out. And again, 78 of UK, 78% of UK manufacturers have experienced the cyber incident in the last year, and more than half have taken a revenue hit. Okay, let's get into what we're gonna talk about today. Okay, these are questions you'll get in the deep dive area of the CISSP cyber training, and we're gonna roll into this first question. A financial services firm is implementing zero trust architecture within its private cloud. So it has a private cloud and it's looking to do zero trust. They want to prevent lateral movement, okay, so they don't want somebody within their organization to move left or right that is an attacker who has compromised a web server. So typically the web server is the one that's facing everybody out on the internet. Which technology provides the most granular control to enforce security policies between individual workloads, regardless of the underlying network topology? Okay, so you had a zero firm that's going to be implementing zero trust with its private cloud. They want to prevent lateral movement of an attacker who has compromised the web server. Which technology provides the most granular control to enforce security policies between individual workloads, regardless of the underlying network topology? Okay, so they're looking for a most granular control that they can put in place. So A, microsegmentation using software-defined networks, B virtual local networks, VLANs, C, standard stateful firewalls at the network perimeter, and then D, air gapped, the database tier. Okay, so we're looking for something to be zero trust, right? And they wanted to have it very granular control. So those are some key terms that you want to pull out of this question. Zero trust, granular control, and then they want to have avoid movement of the attacker. So once you start thinking about that, you're gonna think about some sort of network topology, and you're gonna have to think about how do I deal with this from a network standpoint. So if you're saying I'm gonna deal with this from a network standpoint, let's look at some of the questions that we know are or the answers that we know are wrong. A air gapped, or I should say, D, air gapped the database tier. Now, by air gapping, which means segregating the database tier from the network, um, that yeah, that will protect the database, but it's gonna cause all kinds of confusion and chaos, and it really doesn't help the overall network topology of what you're trying to accomplish. So the air gapping the database isn't going to it'll protect the database, but it's not gonna protect anything else within the company. And you really want to try to enforce any sort of lateral movement. So if there's lateral movement between the network, air gapping the database isn't going to help you any because again, it's air gapped. Okay, so let's move on to question or answer C. Standard stateful firewalls at the network perimeter. Okay, so having something at the network perimeter to stop these folks come from coming in is an important part. And having stateful firewalls, that's an a very good aspect, but that does not help you when it comes to avoiding lateral movement within the organization. And the the key now is if they had stateful firewalls within various parts of the network, that may change the conversation just a little bit. But at the end of it, having a stateful firewall at the network perimeter is only going to protect your perimeter. Once they get in, they get the soft jelly center, and life is good. I love this time of year with Easter because there's jelly beans. Yeah, I unfortunately I am addicted to jelly beans. It's just bad, bad, bad, bad. But you don't want to get into the soft, gooey jelly center. So, therefore, having the stateful firewalls at the network perimeter does not help you with lateral movement. Let's look at answer B, virtual local area networks, VLANs. Now, VLANs can be very helpful in this space. They are a traditional segmentation and they can help you a lot with it. However, they're a bit broad and they can be very difficult to manage in this space. I've seen went to one one of my places I was one of the CISO, uh the manufacturing location, uh, had like 30 VLANs in place. Now, in the case that they had those and that at that time, VLANs was a good way to segment the network. However, um, based on the complexity, I actually recommended he had way too many VLANs because it was way too hard to come to manage completely. So VLANs are possible, right? Not a bad option, potentially something you could look with. But the real answer or the correct answer is micro-segmentation using software-defined networks. Now, when you're dealing with software-defined networks, again, this is a network that's defined specifically around software, and that is a key component in all of this. By deploying that from a micro-segmentation standpoint, it allows you to scale at a much better level and much easier than any sort of VLAN that might happen. Now, that's a core component of zero trust, right? And it stops the east-west lateral movement, which we talked again. East-west is lateral movement within your organization, north-south is in and out type of traffic within your organization. So, again, it's a really good thing. It allows the workload itself, it uses tags or identities to limit the access. And so, microsegmentation using software-defined networks is the correct answer. Next question: an employees using a split tunnel VPN to access corporate resources while working from a coffee shop. What is the primary security risk associated with this specific configuration compared to a full tunnel VPN? So, one of the questions you would you hear when you see something related to split tunnel and full tunnel on the exam, one thing to consider is that if you are doing split tunnel, you do not have the ability to inspect the traffic at the same level as you could if it was basically just a single tunnel. Now, I will say decryption and encryption of tunnels and use of different certificates can be a very challenging product. Uh, you get there's companies out there that will do that, but it adds a lot of complexity. That being said, when you as soon as you do split tunneling, then you lose a lot of visibility. So the the ISC Square is going to want to know, in many cases, from a security standpoint, that you would prefer to stick with a traditional tunnel and not split a split tunneling configuration. Now, split tunneling can add a lot of value to you, and many companies do it just because of the fact that they want to have what they don't have dedicated circuits for internet traffic and for employees, they want to be able to split the trap the tunneling. So just something to consider as you're reading through this question. So again, this question again, the employees using a split tunnel VPN access to corporate networks while working from a coffee shop. What is the primary security risk associated with this specific configuration compared to a full tunnel VPN? A, the VPN head-to-head or head end becomes a single point of failure for all internet traffic. B, the corporate traffic is sent in clear text over the VPN tunnel. C, the user's device could act as a bridge for an attacker to pivot from the public internet into the corporate network. Or C increased latency from the user when accessing public SaaS applications. Okay, so this again pull back this question. There is a split tunnel, is what they want and what they're what they're going to use. So what are the problems with using split tunneling? So let's go through the questions that are not are the answers that are not correct. Let's go with D. Decre increased latency for users when accessing public SaaS applications. So if you have a split tunnel, like I mentioned before, you now have one tunnel that's specifically going to the internet. So that would not increase the latency, that would actually decrease it because you have direct connection to the internet. You have one connection for the internet, you have one connection for your applications. So no, you would that would that's not correct. You would have much faster. Now, if you were going through a tunnel specifically into your corporate organization out to the internet, yes, you'd have increased latency because of that. But because we have a split tunnel, you do not have increased latency. All right, the next one that and next answer that is incorrect, corporate traffic is sent in clear text over a VPN tunnel. So in this question here, it doesn't really specify. I mean, corporate traffic is sent in and over a VPN tunnel. It is protected, right? And so that's really not a problem at all in the split tunnel situation. It's kind of what you're expecting. So that is not a security risk setup with the VPN tunnel. That's kind of what you expect to see. Now, does that mean it's that all the data going across it is some of it could be encrypted? Yeah, it could be, but that's the purpose of a VPN tunnel is to encrypt the actual overall connection between those two endpoints. The next answer that is incorrect is the VPN head end becomes a single point of failure for all internet traffic. Now, in this situation, that would be the truth if it was not split tunneled. Now, if it is in one specific VPN, then yes, the head end, the end that you would use, would if it goes down, yeah, you can't get access. So all internet traffic would go down. So, but in a split tunnel situation, that is not the case. You can actually operate on the internet without the VPN connection. So that one would be incorrect. So their answer, the correct answer, is the user's device could act as a bridge for an attacker to pivot from the public internet into the corporate network. And so, yes, that is the case. You could use that situation and then they could public, they could go into so once they come in from the internet, they could then pivot into your corporate network because of the VPN, and now they have access into the organization. Again, those are risks you have to decide if they're willing to take. What kind of endpoint protection do you have on the device? Are you gonna basically go, you know what, I'm not gonna worry about that? Um, and because we have enough monitoring connections that are watching the traffic coming in and out. So those are just areas you need to consider if if you want to deploy some sort of split tunneling. All right, next question. During a network audit, the security professional discovers that a legacy application is using the address resolution protocol, or ARP, without any additional security headers. Which of the following attacks in this environment is the most susceptible to? So again, network audit comes out. Security professional discovers that a legacy application is using ARP without any additional security headers. Which of the following attacks is which of the following attacks is this environment most susceptible to? A distributed denial of service attack. B man in the middle and via ARP spoofing, C, SQL injection, or D brute force password cracking. Okay. So again, we got ARP without any additional security headers, so it's wide open. Which of the following attacks in the environment is it most susceptible to? Denial of service attack. So that one is not correct. So basically having the address resolution protocol without any security headers isn't going to affect your DDoS protection at all. DDoS protection obviously is done from different areas and the different tools that will do that. So that is something you know specifically will just be thrown out. ARP does not protect against anything that relates to your SQL injection. So when it comes to SQL injection, that would be another easy one just to throw out and say it doesn't make any sense. D is the brute force password cracking. Okay, ARP, the address resolution protocol is a network aspect. It doesn't help you at all with any sort of brute force password attacks. So therefore, that would be another one that you would throw out. So the one that you're looking at is a man in the middle via ARP spoofing. So ARP is a trusted protocol that lacks authentication, right? So the attacker can send fake ARP messages into the local area network and then link their MAC address with the IP address of a legitimate server, such as making it in a more or less into a default gateway. So this allows the attacker to intercept, modify, or stop data in transit, which is a classic man-in-the-middle attack. And so if you're knowing that, you know that the DDoS attack's not going to affect what deal with ARP. SQL injections, not dealing with ARP, and Bruce Force attacking is not dealing with ARP. So if you didn't have any idea and you go, well, I don't know what ARP is, but the I know the SQL injection might be, if you just I'm just I'm just saying this, you're going, I don't really know, but possibly that you could have that one available. You could go brute force attacks. I know that doesn't deal with any sort of networking or trusted protocols, and then denial of service, that is just sheer on just volumetric stuff. So that's not going to be it. So if you broke it down to those two, then the best thing to do is if you still didn't know, well, you you could grab onto the ARP spoofing piece of this and say, Okay, that's it. So it Again, it's trying to distribute down or reduce down what you don't know into areas that you can make decisions on. Next question: an organization wants to ensure that their outgoing emails are not only encrypted during transit, but also receiving mail server can cryptographically verify that the email was actually sent by their domain and hasn't been altered. Which protocol should they implement? Oh, this is a good one because this is these are really some really great protocols. This is one that you can get tripped up on pretty quick. So an organization wants to ensure that the outgoing emails are not only encrypted during the transit, but also that the receiving mail server can cryptographically verify that the email was actually sent by their domain and hasn't been altered. Which protocol should they implement? Okay, so let's begin. A SMI B Start TLS, C SPF, which is Center Policy Framework, or D D K I M, which is domain keys identified mail. Okay, so I will tell you that there's two in here that you may bite off on. And one of them is correct answer and one of them is not. So let's break down Start TLS. Okay, so Start TLS is dealing with this TLS connection, right? And that's not something that's going to deal with your organization's emails. That just typically isn't it. And so therefore, that would be one that you would reduce and get rid of. Your SPF or your sender policy framework is an important part, but it only checks if the IP is authorized to send mail. But it doesn't provide a cryptographic signature to prove that the content hasn't been tampered with. So again, that that's an important part of this, is that it's if you'll go, well, SPF, I've seen it with email. I should do that. Yes, I should definitely do that. So the correct answer is D, DKIM, domain keys identified mail. So why is DKIM important? And why does that answer this question? Well, it adds cryptographic digital signature to all outgoing mails. Okay, so it does that. It allows the receiving server to verify the email was sent by the claimed domain, and it confirms the message has not been altered in transit. So this is a specifically answers the question of what they're looking for. Many people might bite off on SMIME, but the key part of it is usually SMIME and DKIM work hand in hand together and are an important part of any sort of email protection schema. When configuring a high security wireless network, the administrator chooses WPA3 over WPA2. Which specific enhancement in WPA3 provides the most significant protection against offline dictionary attacks and password guessing? A simultaneous authentication of equals SAE. B 256-bit AES encryption. C temporal key integrity protocol, TKIP, or D pre-shared key PSK four-way handshake. Okay, so let's find out which one is incorrect first. So D pre-shared key four-way handshake. So the four-way handshake was vulnerable to offline cracking if the attacker captures the initial exchange change. And this is with WPA2. And therefore it was designed. You know what? Pre-shared keys need to go away. We are going to try something else. And that's where the next thing came into place, the correct answer, which we are not going to go do just yet. The next one that is incorrect is temporal key pro temporal key integrity protocol, TKIP. Now TKIP, this was introduced as a stopgap for security upgrades of older Wi-Fi hardware, mainly in the early WPA days. And this was without requiring new devices. So it improved security by changing encryption keys, adding message integrity, using service counters, and then wrapping WEP, which we know is totally bunked, WEP encryption in a more secure system. It's something that is definitely not something you'd want to employ at this moment unless you absolutely had to. And it did so, therefore, that is not the correct answer as well. Then when you're dealing with 256-bit AES encryption, now that's an important part, right? And that's an important enhancement. However, that is not a most specific enhancement dealing with offline dictionary attacks. So the correct answer is simultaneous authentication of equals or SAE. It's also known as dragonfly handshake, is what the SAE is, and it uses forward security and makes it impossible for an attacker to brute force a password offline, even if they capture the handshake that occurred. So, as every authentication attempt requires a fresh interaction with the network. So SAE is the next best, is the correct answer, and it is the one that has taken over when you're relating to W2PA2 and WPA3. Okay, so the last question. What is the primary security concern regarding the use of VXLANs in a shared infrastructure without additional cryptographic controls? Okay, so you're dealing with a multi-tenant cloud environment. And we're gonna kind of get into a little bit what is a VXLAN. So you're dealing with a multi-tenant environment, you've got encapsulating of VXLANs, you have security concerns around not having additional cryptographic controls. So what is a VXLAN? A VXLAN is a network virtualization technology that lets you extend layer two, your LAN networks, over layer three, your IP networks. So it's taking virtual structures, it's taking your network structure of LANs, your layer two, and putting it on layer three, which is your IP network. So it creates a virtual network on top of an existing network, kind of like a tunnel, very similar to a tunnel. And it uses they're on the same local network, even if they're far apart. So you have different data infrastructure or data centers, you have different cloud environments, and then it more or less wraps or encapsulates those Ethernet communications that would be typically on a layer two into UDP and slash IP packets. Now it uses these endpoints. So there's there's endpoints that are out there that virtual are called virtual LAN or VXLAN tunnel endpoints to send and receive traffic. So it's creating this over and over again. Now, what it can do though, the key part of this is where you're dealing with a traditional LAN is limited to around four thousand, not around 4,096 specific IDs. So it's only about four grand. 4,000 of these it can do, 4,100 of them. Whereas the VXLAN can be 16 million VNIs it can actually communicate with, and it works across all layer three networks. So it makes it a much more scalable solution. So you go from IP4 version 4 to IP version 6, same kind of concept. So VXLAN is an important piece of making this, especially when you're dealing with cloud-to-cloud connections or any sort of data centers or software-defined networks. So knowing that, a little bit of that background, let's kind of dig into this a little bit. Okay, so let's go through the answers. VXLAN is limited to 4,096 VLAN IDs, leading to potential segmentation exhaustion. B, VLAX VXLAN headers are sent in clear text, potentially allowing an attacker to access the underlying physical networks to intercept or spoof tenant traffic. C, VXLAN does not support IPv6, forcing tenants to insecure legacy protocols. D, VXLAN significantly increases packet fragmentation, leading to denial of service attacks. Okay, so this is a backbone. It's also new technology. So let's pull out the ones that are not correct. So we talked about VLANs are limited to 4,096 IDs. VXLAN is limited to 16 million. So that is an incorrect statement. So that A would be incorrect. The next one that's incorrect is VXLAN does not support IV6, forcing tenants to use insecure legacy protocols. So we just talked about the fact that if VXLAN is a new technology, it's used in data centers and it's connecting clouds between each individual cloud. And because it's new technology, you would expect that it would be using IPv6. It would not be using IPv4, at least a dedicated IPv4. So the part of this comes into is if you don't know that, then you could go, well, I do know VXLAN is new, and if it's new, it supports IV IPv6. So that would be one that's incorrect. DVXLAN support significantly increases packet fragmentation, leading to denial of service attacks. So the VXLAN, if that was the case and it did increase packet fragmentation, then all of these cloud environments would not be working well. So that's that's a key factor in this. So the fact that you could just go, that doesn't make any sense because it's going to actually help a lot with the overall network management. That to me does not sound even like it's even correct. So you could throw that one out. So then that breaks it down into the last question, which is correct, and that is B. VXLAN headers are sent in clear text, potentially allowing attacker to access the underlying physical network to intercept or spoof tenant traffic. So VXLAN is a Mac in UDP encapsulation used to create overlay networks. So it does not provide encryption by default. So if an attacker compromises the underlying, the physical switches and the hypervisors, they could potentially sniff the UDP packets and see the inner Ethernet frame of the tenant. So to secure this, organizations must implement IPsec, MacSec to encrypt the traffic between VLAN tunnel endpoints and ensuring that that's in place. So it's an important part of all of this that I think it's you have to think about how you want to protect the information that's there. Okay, that's all I have for you today. I hope you guys enjoyed this and saw value out of it. Please reach out to me anytime at CISSP Cyber Training and give me some feedback if there's anything I can do to help you in your CISSP studying journey. Again, reach out to CISSP Cyber Training. Look at all the free content as well as all the paid content that's available to you out there at CISSP Cyber Training. All right, have a wonderful day, and we will catch you on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube, and just head to my channel at CISSP Cyber Training, and you will find a plethora or iconacopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.

Contributor

Shon Gerber

Host