Welcome to the CISSP Cyber Training Podcast , where we provide you the training and tools you need to pass the CISSP exam the first time . Hi , my name is Sean Gerber and I'm your host for this action-packed , informative podcast . Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge .
All right , let's get started . Let's go . Cybersecurity knowledge All right , let's get started . Good morning , it's Sean Gerber with CISSP Cyber Training and I hope you all are having a blessed day today . And today is an amazing day .
We're getting into the month of February , so it's just awesome because we're getting closer to spring , which , when spring comes , it definitely gets to be much nicer outside and you can actually escape the confines of your home . Now , yeah , that's at least for me here in Wichita , kansas . It's actually been very nice the past couple days . It's awesome .
So we're excited about that . But you aren't here to talk about that . You're here to hear about the CISSP and we're going to be talking about domain 4.1.2 . And we're going to be getting into IPv4 , ipv6 , ip classes , icmp , igmp and ARP . That's the plan for today , but before we do one thing I want to show .
That's in the news today that I saw actually yesterday . It's the Mega Breach Database and they're saying about 26 billion records were exposed and they call the mother of all cyber disclosures . So that's all that was interesting .
There's 26 billion records , about 12 terabytes of data , and it comes from somebody who had been storing all of these breaches that have occurred in a very meticulous detail and their system was basically compromised and and the records are a trove .
They say they're from 1.5 billion belonging just to Tencent customers and 500 million from Chinese Twitter-like sites such as Weibo , along with MySpace and so forth . Yeah , and I know there's lots of people's information that's in here .
Now , many think that there's probably quite a few duplicates because of the sheer size of it , and that might be very much the case , but this thing is a monster and the fact that all that information was in one location is not a good option for people who had their information compromised .
But let's be honest if you are listening to this program , you are fully aware that your information has probably been compromised more than once , and you are also aware that most people's information has been compromised . They just don't know it . So it's interesting to see how this will play out and how much more will be available to cybercrimes .
But this comes down to , you must have , obviously , some level of password management in place and , as a security professional , it's important that you teach that to your employees . You teach it to folks that you care about and anybody else that you will actually listen to you .
Because , having that ability to change your passwords and also because we rely so much on username and password , it's important that you have that in place , as well as some level of password rotation and multi-factor authentication . This came Troy Hunt . I don't know if you all have heard from him . He's like I have been pwned .
He said they already identified 71 million unique email addresses in the hall which , if anybody would know , he would know . So that's just a new amount of data that wasn't really there before and it's the mother of all data breaches . So this is through InfoSec Security Magazine . You'll be able to go check it out .
If you just Google mother of all database breaches , you'll probably find it pretty quick . But it would be something you might want to recommend . There's actually a link in there to check people's to see if they're actually compromised or not . I would just verify that it is a good link and not some phishing link . You don't want that .
All right , let's move on to today's topic , all right ? So today we are going to be getting into again 4.1.2 , and this is in Chapter 11 of the ISC Square 9th Edition book . Now , as it relates to , this is what we primarily teach here at CISSP Cyber Training . There are plenty of other books out there that are more than capable of helping you as well .
This is but what I've used . I figured this is the one that is the official guide from ISE squared , so this is the one I'll go with . Some people have said that they like ones that are a little bit easier to read . It kinda comes down to what your preference is , but all I can say is this is where we're going forward and we'll see what we got .
Now I also got to put a plug in shameless plug for CISSPcybertrainingcom . Head on over there during this call or during this podcast and check out one of the products that we have available for you . There's a lot of really good stuff over there to help you study for the CISSP , as well as helping you with your mentoring and cybersecurity careers .
If you're a business owner , there's also some ability for you to be able to tap into me directly using some of the mentorship products that are available to you as well , so you can actually hire just like hiring a CISO for asking me some questions that you may have . Okay , so let's get into introduction to IPv4 .
Now , if you all have been listening to this podcast we have talked about in the past about IPv4 and IPv6 . Well , let's just kind of get into what is IPv4 . Now , ipv4 is the fourth version of the internet protocol and it's used pretty much throughout the globe .
There's a fixed number of IP addresses and in the time that it was created , they thought well , my gosh , there's a gob of IP addresses this is never going to expire . Well , unfortunately , they saw that about 20 years ago going yeah , that's not gonna happen , we're gonna run out of IP addresses .
And so , therefore , that came up with IPv6 , which we'll get into in just a second . Now it's a 32-bit address scheme which allows for 4.3 billion unique addresses and thinking 4.3 is plenty right .
But now that you see the fact that there's like 3 billion people on the planet , or however many there are , and then you have IoT devices you have all of that intertwined you know real quick that 4.3 is just not going to be enough . Now it operates on the network layer of the osi model , so that's where it's at right now .
So it's a foundational communication piece on that and it does allow for end-to-end communication between point a and point b and multiple other points that are on the internet now .
And a typical IPv4 address will look like and if you are watching the video you'll be able to have the video be on CISSP , cyber Training as well as at some point will be on YouTube .
But if you look at the video or just listen to what I'm saying , ipv4 address is typically around like this is usually typically a home address or one that you'd have internal to your network is 192.168.1.1 , so it's four octets . So that is a typical IP fee for address and these octet ranges . So the 192 , will range from zero to 255 .
So your 192 , 168 , 1.1 , each of those octets will range from zero to 255 , which is basically 256 bytes . So that is the introduction right there when you're dealing with IPv4 . Now IPv4 addressings they're written in the dot decimal format , which again considers a four octets and these are separated by these specific periods , a dot . Basically .
Now each address is divided into networks and host partitions with various classes . So you've got an A , b and a C class and we'll get into the classes here in just a little bit of what are those and how does that actually work . But each IPv4 address consists of 32 bits within the four octets and they have the classes from A , b and C .
And I'm kind of going over this again multiple times because it can be confusing , especially if you don't have an understanding of the networking background , and folks that listen to this podcast will range from folks that are extremely good at networking and they're like , yeah , this is not a no-brainer to others that have been working maybe in the audit space ,
compliance space , which understand IP addresses but they don't really deal with them all that much . So , again , the IP address that you might be dealing with is a 192.168.1.1 . And the .1 at the end of the 192.168.1.1 , that last dot one . It represents the host . So it represents the IP address of the host that it's tied to .
So , like the computer I'm working on right now , it could be 192.168.1.1 . It also could be dot 142 , depending upon how many hosts that are actually in my network . So that is the number that goes up and goes down depending upon the hosts that are on that specific network .
Now if you fill up your hosts right with 256 different hosts , you then would go up to 192.168.2.1.0 . You basically add that up . So that's how this network can quickly expand to the number of IP addresses , can quickly expand to the number of IP addresses , can quickly grow to the number of devices you may have on your network .
Now that's where we get into the situation of running out of IP addresses if you're dealing with anything that is unique to the internet . So we'll get into the different classes and that's kind of how this kind of plays out .
Now , ipv4 subnetting this allows for the division of large networks into smaller , more manageable , what we call subnets , and it helps in aiding in efficient address allocation and routing . So we're talking about an example of subnetting . A class C network which is class C is 192 , the 192 octet .
We can do that into smaller segments , subsets , such as 192.168.1.0 slash 24 , or 192.168.2.0 slash 24 . So we're going to kind of walk through different what is a Class C subnet , also in just a few seconds .
Now IPv4 protocols when you're dealing with IPv4 , the common protocols that you deal with in this space is TCP , which is Transmission Control Protocol , which has a handshake which allows you to . Basically , you have the SYN , the SYNAC and you basically create this connection between two points .
The UDP is a broadcast type protocol which basically is a barrage of information to a point . Udp works really well in streaming services because you're allowed to have some level of packet drop in the overall process , whereas TCP because you want a finite or a specific connection , the TCP protocol is one that's typically used .
Now , these protocols will facilitate a reliable and connectionless , in some cases communication , depending upon what you're looking for . Now , when it comes to the overall protocols , tcp does ensure that you do have a reliable connection , while UDP does offer that connectionless , fast communication , like we talked about as it relates to streaming services .
Now , in HTTP , your hypertext transport protocol uses TCP for that data transfer connection , while DNS offers to use UDP for quick queries and , as we know , dns does not have to have that direct connection . It's using it just from a broadcast standpoint .
So those are just some ways that each of the protocols , tcp and UDP , are used within a networking environment . Now , when you're dealing with IPv6 , this is Internet Protocol version 6 , and it's designed to replace the IPv4 due to just the fact there's too many IP addresses that are needed and there's not enough to go around Now .
This came out because of the fact that they knew this was going to happen many , many years ago , just because of the overall number of IP addresses that were being gobbled up . But what ended up happening is , as we got into NAT routing , which is where the firewall will actually give you an internal IP address .
In the case of , let's just say , like my home address , it's a class C , so it starts off at 192.168.blah . Blah , blah , blah they .
Once you have that internal NAT routing from the router , that did help alleviate some of that IP loss , the IPv4 loss , and what they had originally anticipated was my router at home would have an IPv4 address , then my refrigerator would have an IPv4 address and my , whatever would happen , they all would take from the overall number of IPv4 addresses .
Well , because of NAT routing at the firewalls , then we didn't need to worry about that so much . So it pushed off the overall IP address exhaustion date . It pushed it out , but unfortunately now , because there are so many IP addresses that are communicating to the internet , it had to be .
Ipv6 , had to come into the fray to be ensured that we had adequate communication with these devices . Now IPv6 , again , like I said , it's the latest version . It's designed to be to replace IPv4 and it uses 128-bit address scheme , which provides a much higher number of addresses that can be utilized .
Now , because it is so large , it makes it extremely challenging for individuals to go and put in an IP address , whereas in the past , if I put in I can remember 192.168.1.1 , I can do that .
But when I deal with an IPv6 address , as I'll read here just a second , that is beyond most people's comprehension to try to add that in , including myself , because , yeah , I'm not that smart . There's people out there I'm sure I know there are that can probably roll off an IPv6 address without even blinking an eye .
A typical IPV address IPV6 address will be a basically eight different octets that are set aside and these octets are separated by a colon . So on the one , if you see on the screen , it's 2001-ODB-885A3-0000-0000-882E-0370-7334 . Okay , yeah , that's a mouthful I couldn't even dream of . I think I remember 2001 because that's a year .
So that just shows you that it's extremely challenging to deal with this when you're trying to grow or put out addresses on an internal network . So therefore , ipv6 is one of those that you have to have some sort of machine that is going to help you with your overall address schema .
Now it's in a hexadecimal notation and it's more streamlined , obviously , than IPv4 . It does include global , unicast , link , local and multicast addresses . So it's not like the traditional IPv6 or IPv4 , which has TCP and UDP addresses . It's got multi IPv6 , or IPv4 , which has TCP and UDP addresses . It's got multicast , link , local and multicast addresses .
It is a more straightforward structure including all of those pieces , and it's supposedly better organized and identified . For someone who deals with network , I'm sure it is . I don't deal with networking that much , so to me , if you're just trying to be one that I like the old days of 192.168.1.1 , it looks way more complicated .
And it is more complicated in the fact that you have to understand the hexadecimal format and the hexadecimal processes . Now , ipv6 transition mechanisms there's various transition mechanisms that exist to facilitate the coexistence of IPv4 and IPv6 during a migration process . Now this includes dual stack , tunneling and translation mechanisms .
These are set in place to help during this overall from moving from IPv4 to IPv6 . What dual stack does , just as an example , allows for devices to both run in IPv4 and IPv6 concurrently , ensuring capability or compatibility between the two .
Now you'll get in , most devices today will have the ability to run IPv4 and IPv6 , because they understand the networks that they're getting dropped into may be an IPv4 network or an IPv6 network , so they have to be able to do both , and so therefore , in the past you had to actually go in and manually make the change .
But the equipment that's coming out now and the software that's in it does have the ability to understand both . So what are IP classes ? The IP classes . So we're dealing with class A , b , c , d and E . Now , each of these classes they have an address range , so we'll just kind of quickly walk through those .
Your class A ranges from the 1.0.0.0 to 126.255.255.255 . Now if you're looking at the screen , you'll be able to see that on at CISSP Cyber Training . But bottom line is that that is your address range . So most there's a lot .
Those were some of the first Class A networks that came out , were bought up by large companies and these range from , again , from 1 to 126 . An example of a Class A network would be a 10.0.0.1 . That would be a Class A network . Did I say that right ?
10.0.0.1 , yes , class B networks will range from the 128.0.0.0 , and that is a spinoff of 126.255.255.255 is the class A , that's where it rolls into . The next was 128 and so forth . Now the network portion of this again is the first two octets and the intended use again is medium-sized networks that are available to you .
So this is more the company that I used to that I work for . They have dealt with Class Bs Class , as typically the Air Force had some of those . I've seen very large companies buy those up as well .
Class C network is what you'll find a lot in a small network and this starts at 192 and ends at 223 and that's the first three architects are the network portion and these again are intended for very small situations .
A class D will start at 224 and it will end at 239 and and these are multicast addresses , and then a class E is 240 to 255 , and this was pretty much reserved for experimental uses . So those are the different types of addresses that you're going to see . Now .
In most situations you see a class A , a class B and a class C networks are what you operate in and that is the primary uses One . If you go to a company you'll see they're most likely in a class B type network and then you're dealing with a class A for a very large type of networks .
So when you're subnetting with IP classes , there's a way to efficiently allocate and address those network resources and the CIDR allows for flexible addressing without strict adherence to a traditional class boundary . And what is CIDR ? It's C-I-D-R .
You'll see that it's the slash that is at the end of an overall of an IP address , and it allows you to basically be able to go lower with and be more sub-optimized as it relates to going into your various address locations . So an example of a class B address , such as 172.16.0.0, .
You can break that into smaller subnets , such as 172.16.1.0.24 , and then you can break it even smaller , break it down again to the same 172.16.2.0.24 and it takes a large . It can allow you to have a very large set of IP addresses and bring them into a much smaller subnet . Now what is ? And when you're dealing with CIDR ?
It stands for Classless Inter-Domain Routing . It is designed to allocate and specify IP addresses and their routing behavior . So one thing to consider is you see this slash 8 , 16 , 24 .
What it basically is saying is that it's saying that the forward slash eight that's allowing the number that is going to be set up for the network portion of the address , and then it's what allows more flexible and efficient allocation of IP addresses compared to just the traditional class-based addressing .
So now we're gonna get into ICMP , now Internet Control Message Protocol . So the ICMP is a network layer protocol used for error reporting and diagnostic functions . It includes messages such as echo requests , replying , which is also a ping , and destination unreachable .
You'll see ICMP packets , pings that are done when you're trying to connect from one location to the next . So one example of this is that if you wanna do a ping , let's say to 192.168.1.1 , it sends an ICMP packet to that host . Now , if that host is reachable , so this is all done through command line .
If that host is reachable , then you'll receive a , basically reply backwards to you . If you receive that reply back , that host is alive . If you don't receive a reply back , then that means either the host is not alive or the network connection is not valid , and so it allows you .
The ping does allow you , when you're dealing with network communications apply back . Then that means either the host is not alive or the network connection is not valid , and so it allows you . The ping does allow you , when you're dealing with network communications , to figure out what is ? Is there a networking issue or is it a host issue ?
And it's helped me numerous times . Obviously , people that I'm not a full network guy by any stretch of the imagination but there's . That is one of the key primary tools that they'll use is they will ping that host just to ensure that it is up and operational .
Especially if they know it's operational and they ping it and they don't get anything back Again , it comes back to then there's probably a network issue in between that location . Now ICMP security implications that come up is there's various attacks that occur with the ICMP and this could be a flood attack and or a redirect attack .
Now this is where the filtering is important to ensure you have some level of network security . And an ICMP flood would be where someone is just sending ping requests to you , trying to overwhelm your network with these packets .
So if I'm a host and I've got a computer sitting in a network and I set up a script to constantly be pinging that host , it's going to consume the bandwidth at that host to going to the host and it's going to also consume the amount of processing resources that that host can complete because it's trying to figure out all send back replies to all of these
ICMP packet requests . So it's important that you have some level of protections against that so that it doesn't this flood that comes in , it can shunt it , it can dump it to a location where it doesn't overwhelm your system . So those are some considerations you got to think about . Igmp is an Internet Group management protocol .
Now this is used by hosts and routers to manage multicast group memberships and it enables hosts to join or leave the multicast group dynamically . So it allows them to be able to receive live video streaming and allows them to join and leave without having it .
So if I left the stream to join and leave without having it , so if I left the stream , it allows the connection to be dropped . So therefore I'm not being overwhelmed with data coming in . So it allows you to basically jump on and get off in a dynamic format . Now the IGMP versions there's version one , two and three .
They exist with improvements around efficiency and group management , and the version is really crucial for the proper multicast communication . It's just an important factor in all of this and it does allow for precise group membership control . Igmp3 is one of the newer versions and it does allow for that type of control within your membership . The next one is ARP .
This is an address resolution protocol . Now , arp is designed to map any known IP addresses to corresponding MAC addresses on a local network . So we talked about this through CISSP Cyber . You have your IP address , which is your 192.168.1.1 . Then you have your MAC address , which is the actual hard-coded address that's in your cards that are on your device .
This MAC address is how they communicate and then allows that on your network to be able to manage this overall connection . Now the IP address will change . The MAC address will not change . Ideally , now can you go in and change your MAC address ? Yes , address will not change . Ideally , now can you go in and change your mac address ?
Yes , in most cases you can go in and actually change the mac address of your device . The mac addresses are supposed to be where they are individually designed for that system and they're never , ever another mac address like it .
However , because there's so many devices being created , it's seen in the past where mac addresses on the same network will be identical and if they are identical , your networking will not work . So therefore , you may have to go in and make a tweak to your MAC address , especially on your internal network to ensure that it's working .
I've seen people go and make MAC addresses that they actually understand and they know what those systems are specifically for the device , so that when they're trying to troubleshoot they know which device is actually causing them problems , because the IP address may change .
But bottom line is the MAC address is a key component in the overall network piece of this and ARP plays a function in doing that . It will map that IP address to the overall MAC address on your network and therefore it allows the devices to communicate well between the two . Now we're dealing with ARP spoofing and security concerns around this .
That ARP spoofing involves sending false ARP messages to associate an attacker's MAC address with a legitimate IP address . So you already have it where an ARP table has it set up . Where your IP address is mapped to a MAC address inside an ARP table has it set up . Where your IP address is mapped to a MAC address inside the attacker will then try to .
The attacker will try to get false ARP messages associated with their specific IP address tied to the MAC address . Okay , and by doing that it allows them to be able to get into your network and redirect the traffic through that machine onto them , which basically facilitates what they call a man in the middle attack . So that's what ARP spoofing is .
So it's more or less just kind of regurgitation of that . You're taking a MAC address and you're taking an IP address and this is all put into what we call an ARP table . Okay , and then that ARP table , that MAC address and that IP address are mapped together .
The attacker is taking and going in and trying to and removing or removing the MAC address that's there , putting his or her MAC address in that spot . So when you're dealing with that ARP table , it redirects from , through that machine , the original machine , to the attacker's address , which allows for a man in the middle attack .
Okay , that's all I've got for you today . I hope you understand that . It makes sense to you . Feel free to reach out to me at any time at CISSP Cyber Training . I'm happy to answer your questions . Today we talked about IPv4 , v6 , the various classes ICMP , igmp and ARP tables .
Again , I recommend for your studying for the CISSP it's important you have the foundations of those . When you look for a test that's coming in , or I should say the CISSP exam , they'll be asking you questions about what are those ? What does an IPv6 look like ? What does IPv4 look like ? And then they'll use it in context with the actual question .
It's not going to be as basic as well . Hey , what does an IPv4 address look like ? They're gonna ask you . You have an IPv4 address and it's X , y and Z and you are getting ready to set up a ARP table and in that ARP table you have MAC address XYZ . How would that man in the middle attack occur in this situation ?
That's a typical kind of setup that they would do for a test . So you have to understand IPv4 , you got to understand ARP tables and you got to understand IPv6 . So all of those are . That's why these important for you to really understand the concepts of each of these topics so that you can kind of get , when you go take the test , what does that ?
What do each of these terms mean ? Again , when you go to the CISSP , there's varying ranges of your knowledge . As you're going in , you have to be a mile wide and an inch deep in your knowledge , and this is the purpose of CISSP .
Cyber Training is to help you get that mile wide knowledge , an inch deep , and then , if you want to dig deeper , you can go for it . All right , that's all I've got for you today . Again , go check out CISSPcybertrainingcom and we'll catch you on the flip side .