From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access
Unlock this course with a free trial
Join today to access over 22,600 courses taught by industry experts.
DNS tunneling
From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access
DNS tunneling
- [Instructor] In this section, we want to take a look at several well-known data exfiltration techniques. The SCOR blueprint tells us that we need to be able to describe various techniques that threat actors may use to copy and transfer sensitive data from our networks. Let's begin with DNS tunneling. DNS tunneling is a tactic used by attackers for data exfiltration using the DNS protocol to send non DNS traffic over port 53, the well-known port used by DNS. This can be used to send HTTP and other protocol traffic over DNS. A common way that this is used is by sending command and control callbacks over DNS which provides stealth for an attack. There are many open source DNS tunneling utilities available to perform this action and, typically, such a tool would be incorporated into an authoritative DNS name server. The attacker would register a domain and the name server for the domain would point to the attacker server where the tunneling software would be installed. The attacker…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
(Locked)
Guest services6m 48s
-
(Locked)
Profiling7m 32s
-
(Locked)
BYOD policies5m 52s
-
802.1X11m 11s
-
(Locked)
MAB4m 56s
-
(Locked)
WebAuth7m 43s
-
(Locked)
DNS tunneling3m 15s
-
(Locked)
HTTPS3m 50s
-
(Locked)
Email3m 12s
-
(Locked)
File transfer protocols3m 54s
-
(Locked)
ICMP4m 8s
-
(Locked)
NTP3m 34s
-
Cisco Stealthwatch6m 58s
-
(Locked)
Cisco Stealthwatch cloud5m 53s
-
(Locked)
Cisco pxGrid4m 10s
-
(Locked)
Cisco CTA and ETA6m 23s
-
(Locked)
Cisco AnyConnect Network Visibility Module (NVM)3m 26s
-
(Locked)
-