This article highlights the key areas of networking you need to understand to pass the CSTM exam. Our full syllabus can be found on our website showing all key areas of knowledge for CSTM. The Cyber Scheme‘s CSTM training maps the CSTM syllabus and will give you the confidence to sit our NCSC-accredited exam knowing the topics and knowledge domains that are likely to come up.
Book here for our CSTM training
Network Architecture
- Can interpret logical network diagrams.
- Understands the various networks types that could be encountered during a penetration test:• CAT 5 / Fibre • 10/100/1000baseT • Wireless (802.11).
- Understand the difference between LAN and WAN.
- Understand internal (RFC 1918) IP ranges.
- Understand basic subnetting.
- Understand basics of IPv6 addressing.
- Understand the security implications of copper cables vs fibre.
- Understands the security benefitsof tiered architectures, DMZs and air gaps.
- Understands the security implications of shared mediaand can exploit its vulnerabilities during a penetration test.
- Understands the security implications of switched networks.
- Understands the security implications of VLANS.
Network Routing
- Understand default gateways and static routes.
- Demonstrate ability to configure static IPs and routes.
Network Mapping
- Can demonstrate the mapping of a network using a range of tools, such as traceroute and ping, and by querying active searches, such as DNS and SNMP servers.
- Can accurately identify all hosts on a target network that meet a defined set of criteria, e.g.. to identify all FTP servers or CISCO routers.
- Can present the map as a logical network diagram, detailing all discovered subnets and interfaces, including routers, switches, hosts and other devices.
Management Protocols
- Understands and can demonstrate the use of protocols often used for the remote management of devices, including:
• Telnet • SSH 16 • HTTP/HTTPS• SNMP • Cisco Reverse Telnet
• TFTP • NTP • RDP •VNC
- Can analyse e-mail headers to identify system information.
- Can present the map as a logical network diagram, detailing all discovered subnets and interfaces, including routers, switches, hosts and other devices.
Traffic Analysis
- Can intercept and monitor network traffic, capturing it to disk in a format required by analysis tools (e.g. PCAP).
- Understands and can demonstrate how network traffic can be analysed to recover user account credentials and detect vulnerabilities that may lead to the compromise of a target device.
Configuration
- Understands configuration files of Cisco routers and switches and can advise on how their security can be approved(most common features, such as access-lists and enabled services).
- Can interpret the configuration files of other network devices,including those produced by a variety of vendors(most common features, such as access-lists and enabled services).
Routers & Switchers
Understands and can demonstrate the exploitation of vulnerabilities in routers and switches, including the use of the following protocols:• Telnet • SSH • HTTP/HTTPS • TFTP • SNMP
VOIP
Understands VolP services, such as SIP, and can identify and fingerprint devices offering these services.