🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 11.7 - Internet Protocol Networking

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series gets concrete about the protocol that addresses every packet, part of Domain 4. It explains how addressing decisions shape your filtering, monitoring, and attack surface, and why understanding the two coexisting versions keeps a transition from becoming a gap an attacker can walk through.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What does the internet protocol itself do?

It provides route addressing for packets, giving every packet an identity and prescribing a path. Its personality is connectionless and unreliable, so it does not promise packets will arrive, arrive in order, or arrive only once. It simply makes its best effort to find a route, even across a damaged network, which is why you pair it with the reliable transport protocol on top.

How do the two versions of the internet protocol differ?

They differ mainly in address size and built-in features. The older version uses 32 bits for addresses while the newer one uses 128, a vastly larger space. The newer version also adds scoped addresses for grouping access, automatic configuration, and quality-of-service priorities, and where the older version treats security as a bolt-on, the newer version has the security suite built in.

How does the newer version hand out addresses?

In two ways. The stateful mode assigns specific addresses and tracks them much like the classic service did. The stateless mode provides configuration details without assigning addresses, so devices build their own: routers advertise the network prefix and each device combines it with an interface identifier, often derived from its hardware address or randomized for privacy. The result is a unique address the device assigns to itself.

What are the security concerns during migration?

There are two big ones. The enormous address space gives attackers far more source addresses to rotate through, so simple address block lists become much less effective. More dangerous is a monitoring gap: if you enable the new version before every security product supports it, that traffic flows unwatched and unfiltered, effectively a covert channel. The versions coexist through dual stacks, tunneling, or translation, so upgrade visibility before you flip the switch.

What do the two helper protocols add?

They add health checks and group delivery. The control-message protocol reports on the health of a network or link and powers familiar reachability and performance tools, though many networks throttle it because it was abused in bandwidth-flooding attacks. The group-management protocol supports multicasting, managing which hosts belong to a multicast group so a single stream is duplicated at a router only where paths diverge.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 11.7 - Internet Protocol Networking.