CISSP Domain 4 — Communication & Network Security

4.1 Apply Secure Design Principles in Network Architectures

This section covers CISSP-required concepts for designing, implementing, and securing network architectures using layered, segmented, and monitored approaches.

OSI and TCP/IP Models
Internet Protocol (IPv4 & IPv6) — Unicast, Broadcast, Multicast, Anycast
Secure Protocols (IPSec, SSH, SSL/TLS)
Implications of Multilayer Protocols
Converged Protocols (iSCSI, VoIP, InfiniBand over Ethernet, CXL)
Transport Architecture (Topology, Planes, Cut-through vs Store-and-forward)
Performance Metrics (Bandwidth, Latency, Jitter, Throughput, SNR)
Traffic Flows (North–South, East–West)
Physical Segmentation (In-band, Out-of-band, Air-gapped)
Logical Segmentation (VLANs, VPNs, VRF, Virtual Domains)
Micro-segmentation (Overlays, Distributed Firewalls, IDS/IPS, Zero Trust)
Edge Networks (Ingress/Egress, Peering)
Wireless Networks (Bluetooth, Wi-Fi, Zigbee, Satellite)
Cellular & Mobile Networks (4G, 5G)
Content Distribution Networks (CDN)
Software Defined Networks (SDN, SD-WAN, NFV, APIs)
Virtual Private Cloud (VPC)
Monitoring & Management (Observability, Traffic Shaping, Capacity, Fault Handling)