Cyber Ops Module on Technologies & Protocols

Mar 7, 2025

Cyber Ops Associate Course - Module 24: Technologies and Protocols

Course Overview

  • Focus: Skills and knowledge for associate-level security analysts at a Security Operations Center (SOC).
  • Goal: Prepare for Cisco 200-201 certification (CBROPS).

Module 24: Technologies and Protocols

Key Topics

  1. Monitoring Common Protocols

    • Syslog & NTP
      • Syslog: Centralizes log management.
      • NTP (Network Time Protocol): Ensures consistent timing across devices.
      • Logs are targets for attackers.
      • NG Syslog: Enhanced security features.
    • DNS (Domain Name Services)
      • Often targeted by malware for data exfiltration.
      • DNS queries can disguise exfiltration.
      • Mitigation: DNS proxy logs, Cisco Umbrella.
    • HTTP and HTTPS
      • HTTP: Plain text, vulnerable to manipulation (e.g., iframe injections).
      • HTTPS: Encrypted, adds complexity to monitoring but increases security.
      • Security implications of SSL/TLS.
    • Email Protocols (SMTP, POP, IMAP)
      • SMTP: Sends data from host to mail server.
      • POP & IMAP: Receive email from server.
      • Threat actors can spread malware via email.
    • ICMP & Ping Protocol
      • Used for data exfiltration and denial of service.
      • ICMP tunneling: Transfers files from infected hosts.

  2. Security Technologies

    • Access Control Lists (ACLs) and Access Control Entries (ACEs)
      • Filter traffic by allowing or denying specific IPs, protocols, and ports.
      • Attackers can exploit ACLs by spoofing or port scanning.
    • NAT and PAT
      • NAT: Network Address Translation; masks private IPs to public.
      • PAT: Port Address Translation.
      • Challenges in logging specific inside devices.
      • Use of NetFlow for logging.
    • Encryption, Encapsulation, and Tunneling
      • Used in VPNs for secure communication.
      • Tunneling, (masking), can be misused for malicious purposes.
    • Peer-to-Peer (P2P) Networks
      • All nodes share data; includes BitTorrent and TOR.
      • TOR: Provides encrypted browsing paths, used for privacy or malicious purposes.
    • Load Balancers
      • Distribute traffic across multiple servers or pathways.
      • Helps manage and optimize traffic loads.

Summary

  • Covered major protocols: Syslog, NTP, HTTP, HTTPS, SMTP, POP, IMAP, ICMP.
  • Discussed network technologies: ACLs, NAT/PAT, encryption, and P2P networks.
  • Introduced load balancing for traffic management.

Conclusion

  • Feel free to reach out with questions for better understanding and retention.