What is a network (technically and practically)?
A network is a system of interconnected devices that communicate using standardized protocols (like TCP/IP). Data is broken into packets, sent across physical or wireless connections, and reassembled at the destination. ISSOs care because every connection is a potential attack path.
What is an IP address and how is it used in communication?
An IP address uniquely identifies a device on a network and allows routing systems to determine where packets should be sent. When you send data, it includes a source IP and destination IP so routers can direct traffic correctly.
What is the difference between private and public IPs and why does it matter?
Private IPs (e.g., 192.168.x.x) are used inside networks and are not routable on the internet. Public IPs are globally reachable. ISSOs care because systems with public IPs are exposed to external threats.
What is a port in technical terms and how does it function?
A port is a logical communication endpoint tied to a specific service or application. When traffic reaches a device, the port number tells the OS which service should handle the request (e.g., web server, RDP service).
Why do ports exist instead of just using IP addresses?
Because a single system runs multiple services simultaneously. Ports allow the system to distinguish between traffic types (web, remote access, email, etc.).
What does it mean when a port is “open” at a system level?
A service is actively listening on that port and will accept incoming connections. This means external or internal systems can attempt to communicate with that service.
Why is an open port a security risk?
Each open port exposes a service that could contain vulnerabilities. If the service is misconfigured or outdated, attackers can exploit it to gain access, execute code, or move laterally.
What type of communication uses port 443 and why is it commonly open?
HTTPS (secure web traffic). It is commonly open because most applications require encrypted web communication. It uses TLS to encrypt data in transit.
What type of communication uses port 3389 and why is it risky?
RDP (Remote Desktop Protocol). It allows remote login to systems. It’s risky because attackers often brute-force credentials or exploit vulnerabilities to gain access.
What type of communication uses port 22 and when is it used?
SSH (Secure Shell). Used for secure remote command-line access to systems (commonly Linux servers). It encrypts traffic but is still a target if exposed.
What type of communication uses port 21 and why is it insecure?
FTP (File Transfer Protocol). It transfers files without encryption, meaning credentials and data can be intercepted.
What is a firewall and how does it actually work?
A firewall inspects incoming and outgoing traffic based on rules (IP, port, protocol) and decides whether to allow or block it. It acts as a gatekeeper controlling access to systems.
What does a firewall rule look like in practice?
Allow TCP 443 from any → enables web access
Deny TCP 3389 from internet → blocks remote access
Why is firewall configuration critical for ISSOs?
Misconfigured rules can expose sensitive services, allowing attackers direct access into systems.
What actually happens when you type a website into a browser?
- DNS resolves domain → IP
- Browser sends request to server via TCP/443
- Server responds with data
- Browser renders content
What is DNS doing behind the scenes?
It translates human-readable names into IP addresses so systems can communicate.
Why is DNS a security concern?
If compromised, it can redirect users to malicious sites (DNS spoofing).
What is TCP and how does it work?
TCP establishes a connection (3-way handshake), ensures all packets arrive, and retransmits missing data. Used when reliability is critical.
What is UDP and how does it work differently?
UDP sends data without establishing a connection or verifying delivery. It’s faster but doesn’t guarantee packets arrive or arrive in order.
Why would UDP be used despite being unreliable?
For applications where speed matters more than accuracy, like video streaming, VoIP, and gaming.
What does a router do at a technical level?
It examines destination IP addresses and determines the best path to forward packets between networks.
What does a switch do differently from a router?
It operates within a local network and directs traffic based on MAC addresses to specific devices.
Why does an ISSO need to understand ports and services?
To determine whether exposed services are necessary and compliant with security policies.
What question should an ISSO ask when seeing an open port?
“What service is running, and is it required for operations?”
