A firewall is a network security system designed to prevent unauthorized access to networks. It monitors and controls incoming and outgoing network traffic as per the defined rules. A firewall can be implemented either in software or hardware form.

The prime objective of a firewall is to allow only authorized uses of the system and network and thereby restrict unauthorized access.

The CISA Review Manual covers the following types and implementations of firewalls:

A VPN is used to extend a private network through the use of the internet in a secure manner. It provides a platform for remote users to get connected to the organization’s private network.

The prime objective of VPN technology is to enable remote users and branch offices to access applications and resources available in private networks of organizations. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated circuits or tunneling protocols.

VPN technology, if properly configured, will reduce the risk associated with sensitive data traveling in an open public network.

Types of VPN

The following are some of the VPN connection types:

VoIP is the transmission of voice and other content over IP networks. It is also known as IP telephony or internet telephony. It is made possible by digitalizing sounds into IP packets and transmitting them through a network layer where they are again decoded to sound. VoIP is a cost-effective solution for long-distance calls. VoIP can be operated from IP infrastructure and very little additional telephony infrastructure is required.

A CISA aspirant is required to understand the following aspects of VoIP:

• It is very important to consider a backup arrangement for a VoIP system as data traffic normally has less reliability. A backup arrangement is required to ensure that communication is not interrupted in case of an undesirable event impacting the network service.
• Bandwidth capacity should be determined for voice traffic to ensure the quality of the service.
• VoIP infrastructure should be designed in consideration of laws and regulations...

A network connection not involving the use of a cable or wire is known as a wireless network. A wireless network is a computer network that uses wireless data connections between communication endpoints (nodes). Cell phone networks and wireless local area networks are examples of wireless networks.

CISA aspirants should be aware of the following controls regarding the protection of wireless (Wi-Fi) security:

• Enabling MAC filtering
• Enabling encryption
• Disabling SSID
• Disabling DHCP

Enabling MAC Filtering

Each system/PC/laptop/mobile has a unique identification number, which is known as the MAC address. This control allows access to only selected and authorized devices. Hence, the router restricts other unauthorized devices from accessing the network. Blacklist features can be used to specifically reject some MAC addresses.

A router has the option to enable MAC filtering, as indicated in the following screenshot:

...

In this digital world, email is a widely used mode of official communication for both internal and external stakeholders. A lot of critical and sensitive information is shared through email. It is very important to secure email communication.

The following are some email-related risks and controls:

• Relying only on SMTP is not relatively secure as email security requires an end-to-end method, such as the use of digital signatures or the use of integrity checks at the transport level.
• Social engineering attacks such as phishing and spear phishing can be addressed through security awareness training of employees.
• Email attachments should be scanned by anti-malware software.
• Users should be trained on the security aspect of using email.
• Mail servers should be properly hardened and configured as per the organization’s security policy and guidelines.
• The implementation of encryption technologies to protect user authentication and mail...

In this chapter, you learned about the identification of network-related risks and pertinent controls. You explored different components of the network, including repeaters, hubs, switches, routers, and firewalls. You also learned about the basic structure of OSI layers and network physical media.

The following are some important topics you covered in this chapter:

• Optical fiber is a thin and flexible piece of fiber made of glass or plastic. Fiber-optic cables are considered to be more secure than copper wire. Fiber optics is the preferred choice for managing long-distance networks and handling high volumes of data. They are not impacted or affected by EMI and have very marginal transmission loss.
• The most stringent and robust configuration setting in firewall rules is “deny all traffic and allow specific traffic” (as opposed to “allow all traffic and deny specific traffic”). This restricts unknown traffic from entering critical systems...

Before you proceed to Chapter 11, Public Key Cryptography and Other Emerging Technologies, it is recommended that you solve the practice questions from this chapter first. These chapter review questions have been carefully crafted to reinforce the knowledge you have gained throughout this chapter. By engaging with these questions, you will solidify your understanding of key topics, identify areas that require further study, and build your confidence before moving on to new concepts in the next chapter.

Note

A few of the questions may not be directly related to the topics in the chapter. They aim to test your general understanding of information systems concepts instead.

The following image shows an example of the practice questions interface.

Figure 10.9: CISA practice questions interface

To access the end-of-chapter questions from this chapter, follow these steps:

1. Open your web browser and go to https://packt...