Monitoring Common Protocols
The protocol in which all information carried is transmitted in plaintext from the source computer to the destination on the internet.
What is HTTP
Adds a layer of encryption to the HTTP protocol by using secure socket layer
What is HTTPS
Makes traffic unreadable to any other devices but the VPN endpoints. It can make security monitoring challenging by making packet details unreadable.
What is Encryption
Where criminal organizations reside
What is the dark net
HTTPS
What is HyperText Transfer Protocol Secure
Used for logging event messages from network devices and endpoints, allowing for system-neutral means of transmitting, storing, and analyzing messages.
What is Syslog
A common exploit of HTTP.
What is an iFrame (inline frame) injection
A packet filtering technology that contributes to an evolving set of network security protections. They can give a false sense of security if overly relied upon.
What are ACLs
What malware establishes that rides on a common and trusted protocol, and uses it to exfiltrate data from the network.
What is an encrypted tunnel
ICMP
Used to identify hosts on a network, the structure of a network, and determine the operating systems being used. It can also be used for types of DoS attacks.
What is ICMP
Sends data from a host to a mail server and between mail servers.
What is SMTP
Network Translation that complicate security monitoring when multiple IP addresses are mapped to public addresses visible on the internet, hiding the individual IP addresses inside the network.
What is NAT
Port Translation that complicate security monitoring when multiple IP addresses are mapped to public addresses visible on the internet, hiding the individual IP addresses inside the network.
What is PAT
NAT
What is Network Address Translation
Protocols used to spread malware, exfiltrate data, or provide channels to malware CnC servers. Involves either sending data from a host to a mail server and between mail servers, or downloading email messages from a mail server to the host computer.
What are Email Protocols
Used to download email messages from a mail server to the host computer.
What are IMAP and POP3
Involves the distribution of traffic between devices or network paths to prevent overwhelming network resources with too much traffic.
What is Load Balancing
The 3 types of P2P applications.
What is file sharing, processor sharing, and instant messaging
Syslog
What is System Logging Protocol
What a DNS lookup for ‘long-string-of-exfiltrated-data.example.com’ would be forwarded to.
What is the nameserver of example.com
Uses a hierarchy of authoritative time sources to share time information between devices on the network, meaning device messages that share consistent time information can be submitted to a syslog server.
What is NTP
A software platform and network of P2P hosts that function as internet routers on it's network, allowing users to anonymously, and accessed using a special browser.
What is Tor
Flows that are unidirectional and are defined by the addresses and ports that they share.
What are NetFlow flows
POP3
What is Post Office Protocol