Are multi-layer protocols the key to safeguarding our digital world amidst the rising tide of cyberattacks? Join me, Sean Gerber, as I unravel the complexities of these protocols and their vital role in cybersecurity, drawing from the CISSP ISC² domains 4.1.4 and 4.1.5. By sharing my firsthand experiences and highlighting the alarming $22 million ransomware payout by Change Healthcare, I underscore the urgent need for redundancy in critical systems, especially within vulnerable sectors like healthcare.
Let’s decode the layers of data encapsulation, from the basic principles of TCP/IP to the robust security offered by TLS and IPsec. We'll discuss how VPN tunnels enhance security and tackle the sophisticated challenge of attackers concealing their activities within encrypted traffic. Discover methods to unmask these covert channels using decryption appliances and targeted traffic inspection, and explore the fascinating realm of steganography for data concealment.
The journey continues with a deep dive into data exfiltration techniques, including EDI communication and low-level network protocols like ICMP and DNS. Learn how malicious actors bypass detection and how network administrators can stay vigilant. Finally, I’ll share my passion for mentorship in cybersecurity, highlighting the enriching experiences and opportunities available through CISSP Cyber Training and my own platforms. Whether you’re a seasoned professional or an aspiring expert, this episode offers valuable insights and resources to bolster your cybersecurity knowledge and career.
Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Are multi-layer protocols the key to safeguarding our digital world amidst the rising tide of cyberattacks? Join me, Sean Gerber, as I unravel the complexities of these protocols and their vital role in cybersecurity, drawing from the CISSP ISC² domains 4.1.4 and 4.1.5. By sharing my firsthand experiences and highlighting the alarming $22 million ransomware payout by Change Healthcare, I underscore the urgent need for redundancy in critical systems, especially within vulnerable sectors like healthcare.
Let’s decode the layers of data encapsulation, from the basic principles of TCP/IP to the robust security offered by TLS and IPsec. We'll discuss how VPN tunnels enhance security and tackle the sophisticated challenge of attackers concealing their activities within encrypted traffic. Discover methods to unmask these covert channels using decryption appliances and targeted traffic inspection, and explore the fascinating realm of steganography for data concealment.
The journey continues with a deep dive into data exfiltration techniques, including EDI communication and low-level network protocols like ICMP and DNS. Learn how malicious actors bypass detection and how network administrators can stay vigilant. Finally, I’ll share my passion for mentorship in cybersecurity, highlighting the enriching experiences and opportunities available through CISSP Cyber Training and my own platforms. Whether you’re a seasoned professional or an aspiring expert, this episode offers valuable insights and resources to bolster your cybersecurity knowledge and career.
Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!
Speaker 1:
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started.
Speaker 2:
Hey y'all, sean Gerber with CISSP, cyber Training, and I hope you all are having a blessed day today. Today we're going to be talking about some amazing pieces with the CISSP. We're going to be in chapter or domain four of the CISSP and we're going to be talking about implications and convergence of multi-layer protocols. So if you are driving in your Tesla, you may want to put it on autopilot because this may make you fall asleep, I don't know. But if you're driving or you could be so riveted that you just lose track of what you're doing you still need the Tesla to keep you out of the ditches. But we're going to be talking about the various multi-layer protocols. That's tied to domain 4.1.4 and 4.1.5. So if you're looking to follow along on your CISSP ISC squared book, that is what we'll be covering today. So a lot of different areas in this and this is stuff that I'm dealing with actually as we talk about the CISSP how important it is that you will learn these tactics and these techniques. I'm dealing with this right now, today, as we speak. So, with the company that I'm involved with, I'm dealing with multi-layer protocols and it's interesting. It's very, very interesting. I never thought in a million years that I'd have as learning the CISSP, how I utilize all these different types that are covered in that book, and it continues to expand and grow. So of those that you think that you may never ever deal with some of these aspects within the CISSP. It is possible, but it's highly likely that during your career you will deal with many aspects, if not most of them, that are within the CISSP domain.
Speaker 2:
But before we get started, I want to talk about a situation I saw on the Change Healthcare in an article that was on InfoSec Industries. So the article was around the Wire, it was out of Wired Magazine and they talked about the Change Healthcare situation where they had a $22 million payout. Now the interesting part is they're seeing more and more of this on the rise with healthcare institutions In Recorded Future. I've worked with them in the past. They have counted up to 44 healthcare-related incidents in the month after the change healthcare payment came to light, and I live in Wichita, kansas. We know that one of our hospitals was hit, which actually caused dramatic impact to a friend of mine that was going through a heart attack at that point, and so they were able to get him in, get him taken care of. But on the flip side is that all their systems went down. Now, coming out of the Ascension Healthcare situation, they said that they recently released that there were four or seven servers out of the 2,500 that were affected.
Speaker 2:
I kind of chuckle at that a little bit of going well, if there was only seven, then you took all that down for only seven. So what does that tell you? It tells you they have some very critical systems that are not well redundant. I can't. That's not a good word, that's actually a terrible word, it's not even really a word, but they're not redundant. So that's as you're looking as a security professional, you need to make sure that you find these critical systems within your organization to ensure that they are properly protected and that you can. They're resilient to these types of attacks.
Speaker 2:
But this medical targeting they talk about change in the 22 million dollar payout and we'd heard about it, but they more or less confirm the fact that this did happen and it did allow them to get back up and running, but it did cripple the company. It shut down hospitals, medical practices, pharmacies and all those across the united states, so it was a very big deal. Now they an interesting part, as I'm reading through this and they talk about ransomware attacks going up. Uh, there's more incidents happening in march and april and so forth, and the part is that that's interesting in the fact is that they said that they paid twice, and I will kind of come back to how they paid twice here at the end of this article, but keep that in the back of your mind they actually did pay twice. So when you get hit and it isn't just change that is going to pay twice if you're a company that gets hit with a ransomware attack, it's highly likely you will pay. You will pay twice and we'll get into that. See, it's that little catch that'll hold you, hold you in captivity. But no, realistically, they talked about how these ransomware payments are actually incentivizing attackers.
Speaker 2:
When this first broke, I would say it was like in 2006, 2007, when the ransomware attacks started coming. I knew this whole thing was going to cause nothing but issues just because everybody's going to be incentivized by the payouts from this. The challenge is going to be you have to be people that are outside of the country that you're attacking, because you can't really be somebody here in the United States attacking somebody in the United States because the FBI will come knocking on your door and then all of it falls apart. But bottom line is is it's only going to incentivize these people from doing this? We talk about Ascension Just recently. They have 140 hospitals and 40 senior living centers. They were hit Again. Multiple things are happening over and over again.
Speaker 2:
Now I come back to the double whammy. What does this mean? Now, if you're a more olderly seasoned individual like myself, you probably heard the double whammy. You knew exactly what I was saying. If you're younger than me, probably in your 20s or 30s, you probably have no idea what the whammy is. But the double whammy is that you lose money because of the payout right. So the $22 million is your first hit. The second hit is the residual cost associated with dealing with this incident.
Speaker 2:
It isn't just that. Okay, you pay them out, but now you have to pay for redoing all the equipment. You have to pay for the reputational damage that goes with it, you have to pay for the ongoing support and you have to pay for the additional security tools that you probably end up buying, because it's a knee-jerk reaction of going I've got to have more stuff because the stuff I had didn't do a good job, so I need to buy more stuff and the security folks are happy about that, but at the end of it, did you really need to buy more stuff? So you see, these are cascading costs that continue to just wham, just beat the dickens out of businesses because of this overall ransomware effect. And the sad part is is you pay the ransom and you get nothing in return. Like we've mentioned before on this podcast, you get absolutely nothing in return. You're hoping that you get your system back, but even that's not a guarantee, right? So, realistically, we've all talked about change and it's been in the news for many, many months now, many cycles. But keep in mind that it is a security professional. It isn't just the fact that you pay the ransom, it's now all the ongoing stuff you're going to have to do to clean it up. So, again, keep that in the back of your cranium.
Speaker 2:
All right, let's move on to what we're going to talk about today. Okay, so if you're watching this video that I put out on CISSP Cyber Training, or you're watching it in a few months from now on YouTube, you might see some spelling changes. Please don't put notes in the what do you call it? The post that there's grammatical challenges. I'm sorry I don't always catch them. And yeah, it is what it is, I can read it.
Speaker 2:
So what we're talking about here is the multi-layered protocols. What are those and what is the convergence of multi-layer protocols? Okay, so we're going to be talking about some key protocols as it relates to Fibrover Channel. We're going to talk to VoiceOver, ip, iscsi. Those are different pieces that are going to be tied into the multi-layer aspect as we get into the bottom part of this podcast. But we're going to get into what are some into the multi-layer aspect as we get into the bottom part of this podcast. But we're going to get into what are some of the multi-layer protocols and what do they mean.
Speaker 2:
Well, so if you're looking at the screen and we'll kind of talk to it here on the podcast as you're driving, you have a tcpip protocol right, we've talked about how it is layered and you think about these, these packets, as they're going out the wire, they're, they're layered and they're encapsulated inside layers upon layers upon layers. And if you're looking at this overall picture, you'll see that the, the ethernet, holds the line for talking first off tcp ip. You have your tcp, uh, you have your ethernet. Is your your firm wire. That's there. Then you have your protocol of ip, then you have your tcp, then you have your http and then you have your HTTP and then you have your payload. And that's kind of how that protocol is layered in there, so just like that. But then when you encapsulate it so that's how you would have normal traffic that is not encapsulated the moment you encapsulate it. Now what you're doing is you're adding a level of encryption that is basically taking care of the payload that's within that system.
Speaker 2:
So let's go encapsulating with tls. You will use the ethernet, right? Your main line is your ethernet, you have your ip, you have your tcp and then you will layer in tls on your htt and your pay http and your payload. That is the, the encapsulation part that's occurring and then. So when it goes to get to its point, it's then going to peel back the layers. So before it goes it, it bundles it up, it sends it on its way. When it gets to its destination, it then peels back the layers of the onion. So it's like a flower or an onion that's closing up and then, when it gets to its destination, it's opening up. So same concept, so that's encapsulation when we're dealing with just TLS.
Speaker 2:
Now you can encapsulate even further, such as like with a VPN, where you would then add IPsec to the overall conversation, so you have your ethernet right, so you have your blind. Then you would go and establish an IPsec tunnel. So that's your IPsec securities tunnel is set up to initiate your VPN. Then from there you're putting your IP, your TCP, and then you've got your TLS wrapped in there where it is now encapsulating the HTTP payload that is there on the wire as well. So that's one more further level of encapsulation that you're going to have as it relates to these different types of protocols.
Speaker 2:
So again, the first one's TCP IP doesn't have any encapsulation with encryption. Next level down is TLS. Tls is encapsulating or encrypting the payload that you're sending across the wire. The next level of it is that you now have an IPsec tunnel. That's establishing a secure tunnel between those two locations. So therefore you have it's doubly, doubly. That's a really good word. My wife gets on my case. She says you don't speak well. I'm like I know I say words that are actually merging of two words together and sometimes it makes her very frustrated and yeah.
Speaker 2:
So that's what happens when you get old. So don't get old, stay young forever. Figure it out. If you can figure it out, you'll be rich beyond your wildest dreams. But again, further encapsulation is that your VPN tunnel between point A and point B, that encapsulates that with an IPsec tunnel and then inside it your little onion that's in there now floats along the cable, gets to the other end because it's in an encapsulated tunnel. That's IPsec tunnel, and then the onion opens up and gives you your present.
Speaker 2:
Okay, so that's the multi-layered protocol approach. Now, I know that's very unconventional and that's one of those that you might be thinking. That is not very scientific and not very in the weeds. Yeah, it's because I operated a third grade level, sorry, just kind of how it goes. But again, this is a great way to help protect the data that you're trying to ship out there to the internet, and then also how you're bringing data in.
Speaker 2:
Now comes the bad side of this. So what ends up happening is is the bad guys and girls can turn this into what they call a covert channel. So same concept. So, as we're moving to more of a world where you have to have more encryption with all of your data that's transferring to and from the location. The bad guys and girls understand that too. And what do they do? They're gonna create a covert channel using the same type of technology that you cannot see into. So the purpose of doing this is so that bad guys can't see into your documents. They can't see into what you're sending, right? Well, the same thing happens with them. The bad guys and girls will do the same thing and so that you can't see what they're actually doing.
Speaker 2:
So, as we move to a higher level of encryption around all this traffic that's going on out on the internet now, it used to be the way where the bad guys would go and they would hide in plain sight. There's so much traffic. You'll never know if they're sending out command and control communications to their servers out on the internet, because there's just so much noise. Well, now that they got better packet inspection, people are paying attention to that more, which is great, right, well. But because people are more worried about their privacy of their data, their data getting leaked, getting compromised, what do they do? They're adding encryption. Well, now, the same concept has just occurred with keeping it open or having it seen in plain sight with their no encryption. It's now the same concept with encryption. So now they're actually adding encryption on their communication channel so you cannot see what is leaving your organization.
Speaker 2:
So this covert channel again is set up specifically to to do that and to hide within all the other encrypted traffic that's going on in your, in your environment. So encapsulation of data is an important part that these attackers will use, and so therefore they're they're having to get this type of software on these systems to be able to encapsulate the data and have it sent out over the internet. So you can see, there's some, a lot of different avenues that come down this whole covert channel piece of this, and so as a security professional, you're going to have to come up with ways in which you're going to be able to inspect that traffic. Now there's different concepts around this. You can get into decryption appliances that can do it. You can have just all of your traffic that is important to your company, go out certain other ports and certain other venues, and then you can inspect only that area. It's cat and mouse game that you're going to have to run to try to determine if anybody is moving data in and out of your organization.
Speaker 2:
Now what are some ways, of some examples of covert channels. So you have stenography we talked about that in previous podcasts and that's basically you're hiding information in another file or image uh, embedding sensitive data within pixels of a image of fluffy kittens. You know that that right, there could be a way that you would secretly get data out of your organization. Now there's ways to look for that right. Obviously we kind of talked about that. Where you can. An image size, let's say, is two megs of the fluffy kittens, and this image now is 25 meg. Okay, well, either you're sending raw fluffy kitten footage or there's something up with that file, and so that that's the challenge that comes with it.
Speaker 2:
Now, documents I will tell you that if you try to put documents in into stenography or into pictures, they will not make any real sense of change in the size of the of the file itself. Where it really gets the bad guys get caught is when they're trying to shove too much data into an unknown file. And the other thing is is it's just? It makes it really hard to do stenography. It's not, it's. You have to be very, very specific on what you're trying to accomplish, and you're and you're definitely showing that you are wanting to get the data out of your organization, whereas the accidental oops I sent it to my home email. Oh, I'm so sorry, forgive me that. That that is kind of goes out the window when you use technography, right? So? And especially wouldn't hold up in a legal court. Yeah, I accidentally put my, my most sensitive data inside a picture and sent it home because I really wanted to see the fluffy kitties, but I didn't know I did it. See, that doesn't hold up in court, right? Anyway, alternative data streams Now you're leveraging unused parts of a data stream, such as NTFS, alternate data streams to hide specific information.
Speaker 2:
So you can use these, the data that's coming and going from your organization, and you can add data to it. That'll be a way that you could hide that information as well. I know I've seen this happen where individuals have sent data. Maybe they have an EDI communication between two companies. They will then incorporate data that they would normally send to one company, as, let's say, banking information, and they would put documents into that scheduled batch job where it would automatically batch it up and ship it out and it would get out, because people are expecting to see a batch job go for EDI communication. The downside of that is you have to have the ability on the other end to be able to get that data. You have to have the ability on the other end to be able to get that data, or you have to be able to modify the edi batch process so that, instead of it sending to a bank, it sends it to your home, whatever. So there's, there's other ways of getting the data out that way. There's also low-level network protocols such as using icmp and dns to do this. Now, this works really well because it stays under the radar.
Speaker 2:
And what is is ICMP? Well, icmp is the Internet Control Message Protocol. And how is ICMP used? Well, thank you for asking. Now, so we use ICMP a lot when we're dealing with network diagnostics. Right, you do ICMP pings. You're looking for different areas, like time to live and so forth. Well, icmp is in the network. It's going on all the time because it's constantly pinging routers. It's doing all kinds of stuff just to keep maintain the maintenance of the networks, right?
Speaker 2:
Well, it's not meant for data exchange. So, unlike TCP and UDP, it isn't really an exchange data between systems. It's not what it's designed for and that's not what it was planned to do. So its purpose is ping, trace route and so forth. Well, what happens if you use that to transfer data? Well, guess what? It gets lost in the noise. So there's so much ICMP noise going on, then what do you know? Right, you can actually move data around in ICMP packets and it may not get picked up.
Speaker 2:
As a professional cyber security professional, you would want to set some level of understanding within your environment to try to trigger on anything like that occurring. If that is occurring, if you're getting, for an example, let's talk about an icmp message that is encrypted, it's encapsulated in some form. That should be a good indicator to you that that's something nefarious potentially is going on. And so, therefore, you need to be aware of how would you deal with that, because ping requests are never I should say never is not the right word I can't imagine a reason in which a ping request would be encapsulated. It makes no sense to me, but who knows, maybe it does. But for the most part, if you're getting a ping request or any sort of ICMP communication traffic that is encapsulated, it is indicating, it's showing you indicators that there's a possibility you have a bigger problem. So, again, it's important that you kind of keep that in mind when you're talking about the ICMP.
Speaker 2:
I've seen this happen, where I haven't personally seen it, but I've talked to individuals who have, where they have had ICMP packets that were encrypted, that had insensitive data embedded with inside them, and then they were sending these packets, these ping requests, to an external entity and, sure enough, that's where the data was going and therefore they were able to then extrapolate the data and they were getting it out of the organization. So it's just aspects you're going to have to work through within your company to determine if it's something that is a problem with you or not. So this can be a challenge to detect right, and I would say some of the security tools that are out there probably won't pick up on it. It's going to take some of your infrastructure and architecture people to really truly understand your network, to maybe put out some flags on why this might be happening within your company and then maybe put some triggers in place, maybe don't even allow ICMP packets to leave your organization. I don't know how that. I'm talking out of an area that I don't really truly understand, so I don't know if that's even possible. I mean you have to be able to ping Google, I guess, I don't know and so, therefore, dns requests would definitely go outside your organization. You have to let those go out, unless you have an internal DNS server of some kind. So you're just gonna have to work through that. Just know that if individuals wanna get data out of your organization, they're gonna do it. If they really your IT professionals are some of your biggest risks. But just because somebody isn't an IT professional doesn't mean they can't figure it out online and come and do it. So that's where, then, you have to have levels of controls of reducing your basic employee's ability to do admin type or maintenance type activities on your system. That's an important part. Don't let them do it. They shouldn't have the ability to do some of these things. It should be pretty locked down so that they don't have the access to be able to send data in and out of your company.
Speaker 2:
Okay, so what are some pros and cons of a multi-layered protocol? It's a wide range of protocols that can be used at various higher layers, and the encryption can be incorporated at multiple layers. Is what you want, right? It does give you flexibility. It gives you resiliency. Those are big ten dollar words that tell you that. Hey, you have it gives you a much ability to do things within your network. The cons are, though, is they also can be used as covert channels. The filters can be bypassed by those, and then they also are logically imposed. Network segment boundaries can be potentially overstepped because of all the network traffic that has to go between them. So, again, this is where you have to understand your network and you have to understand what is going on within your network.
Speaker 2:
Okay, so what are converged protocols? Now, converged protocol refers to a merging of specialty or proprietary protocols with what they would consider a standard protocol, such as a TCP IP suite, right, so it basically combines different communication aspects and and conforms them together under one. So you have fiber channel over ethernet. Now, this allows you fiber to traffic to run over an ethernet network. Now, if you understand the need of this is that fiber is a glass type. It may not be glass anymore, but it's it's obviously. It's a. It's a translucent fiber that you're able to transmit light back and forth. So that's fiber, right, but Ethernet isn't that. Ethernet is copper.
Speaker 2:
So how does that work? Well, they have the ability to have fiber channel, basically some of the speeds over the Ethernet networks, eliminating the need for having separate fiber channel networks run, because running fiber within areas can be very problematic and it digs things up. It's very expensive. So if you can do it over ethernet, well, hey, that's a benefit, that's a bonus, that's awesome. So it basically it encapsulates the fiber channel frames over ethernet networks, allowing them to use up to 10 gigabit ethernet or higher, while allowing the fiber channel protocol. Okay, so it does. It simplifies network infrastructure by combining Ethernet and fiber together. As an example, they just put fiber in my neighborhood, dug everything up, caused all kinds of drama, but it's in right and it's going to be fast. But if you can do this, potentially over Ethernet, you now save yourself a ton of money and time.
Speaker 2:
It does. It operates at the top link of the data link layer, making it non-routable at the IP layer. So you've basically got your TCP IP and you've got your fiber and it makes it so that it's not routable over that IP layer. Now it does. There's converged network adapters, they call them CNAs, and they combine the fiber channel and the Ethernet NIC so that if the fiber channel has a, what do they call it? They call it an HBA, but it's more or less just kind of it takes the light and turns it into ones and zeros. And then there's an Ethernet NIC, which we've all talked about, network interface, something or other. I just noticed a NIC. Yeah, but you have your fiber and you have your NIC, but they keep them, they allow them to work synonymously, but at the same time is that you can keep the date, the ip layer and your fiber channel separate.
Speaker 2:
So again, it's it's a great way to be able to give you the speed that you want. Mpls now mpls is multi-protocol label switching. Now we've talked about mpls in the podcast multiple times and many networks will use MPLS for packet transfer. So I had in a situation my previous company we had MPLS connections between our various locations. So you have point A and you have point B. There's an MPLS uh connection between those two and it allows for high speed data transfer between locations and it does. It invites. It involves combining various protocols for improved performance and it makes it really good. It basically is forwarding in telecommunication networks and it's awesome right until it doesn't work. But when it does work it's awesome. So it basically directs data based on labels rather than a specific network address. And we talk about sd-wan in different uh podcasts but kind of goes along the lines of an SD-WAN. In some cases it's like think of, mpls came first, then SD-WAN came up and it's your software-defined wide area network as an SD-WAN, but MPLS it's data that's based on labels rather than specific network addresses. Now these labels identify and establish paths between the endpoints. So you may have various technologies in place. You have your T1 uh, you have your t1. You have your e1. Yes, you have t1 lines, e1 lines. So these will allow connections between them and allows inner dynamic interconnections between users across various domains. So they work very, very well. Now they're used for efficient data transmissions, quality of service and consolidation of communication technologies. So they work well and you'll see them a lot within many, many companies, especially if you have geographically separated locations.
Speaker 2:
Next one we're going to talk about is iSCSI. So this is Internet, small Computer Systems Interface. Now iSCSI enables block-level storage access over IP networks. Basically, it converges both the storage and the network side of the house, and what it does is it allows you to carry SCSI commands over TCP IP networks and it allows clients to send commands to storage devices obviously the targets on remote servers. So that's what the purpose of iSCSI is. So it allows you to have a networking ability to communicate and store data in various locations without having dedicated cabling, unlike the fiber channel right, you got to have that. So it will do all of that routing for you. And it does enable storage consolidation and location in independent data access points. So just think of accessing disk volumes on storage arrays via iSCSI over your IP infrastructure.
Speaker 2:
Okay, I know you all have dealt with this. You may not have heard some of the terms, but you've all dealt with different aspects of this. Now, the last one I'm going to get into is something we've all talked about at some point in time and this is your VoIP. So voice over IP. So this basically merges voice communications with IP networks, allowing for phone services in the same infrastructure.
Speaker 2:
Google Voice, all of these different aspects are utilizing a voice communication over an IP infrastructure. In the past, old people like myself, we used to have wires specifically run from house to house to house and it was all to a switching center that was specifically designed for your phone, and your phone and your internet were very separate. In today's world yeah, no, that's not the same. I deal with teams all the time. I deal with I can't think of all the names of Zoom and all of these are all voice over IP protocols and they're designed, they're known as an IP telephony that delivers voice communication sessions over IP networks, ie the internet. Right, that's the whole purpose of VoIP and they've been doing this for many, many years and it works really, really well.
Speaker 2:
Okay, if you get into any sort of Google voice. It works amazingly well, right, until it doesn't. Now it digitizes your voice signals into IP packets. It supports various codecs for audio optimization. Your codecs would be your M4As, your MP3s, different types of codecs that are available for whatever you may want to use. And then it's on personal computers, mobile devices, wi-fi and so forth. Right, so it allows you to communicate over the internet in ways that you never could before. Now, facetime is a different. It's not a VoIP, it's a different protocol, but it's the same type of technology, same thought process. It works a bit different from a protocol perspective, but bottom line is is voice over IP is great for utilizing already built infrastructure and not having to have an expensive phone line dedicated specifically for your home. Okay, that is all I have for you today.
Speaker 2:
Head on over to CISSP Cyber Training. Go check it out. Got a lot of free stuff over there. Going to be making some changes. I haven't made them yet. They're going to happen soon.
Speaker 2:
Just, life is a bit busy right now, but it will slow down, and when it slows down I'll be able to get some of these things done I am really excited about. I've got some really good mentors that I've brought on. I've had some individuals that want to be mentored by me and they're just doing an awesome job. If you are interested in mentorship, I have that available at CISSP Cyber Training. I want to help you. It's been invaluable both for them and for me, because they're getting a perspective on from a CISO and, from now, a security consultant on what are some things that I think have helped remove some landmines out of their way, and it's definitely there to help them.
Speaker 2:
It's also there to help you guys as well. So if you want that service, it's available to you. I'm happy to help you out any way. I possibly can. Go check it out at CISSP Cyber Training Also. Just go out to my website and like it. Actually, go out to the podcast area and like that. I would appreciate it. Go to YouTube, check out some of my videos that are there as well. These will all be there eventually, or just you can be able to see them specifically at my site. All right, I hope you have a wonderful day and we will catch you on the.
