What is a Protocol?
A protocol is a set of rules or standards that dictates how data or information is transmitted, received, and interpreted between devices, systems, or parties. You can think of protocols as a sort of “common language” that ensures computers, networks, or organizations can communicate effectively, even when they are using different technologies to do so.
In the computing and networking space, protocols define everything from how devices connect to the internet to how emails are sent, and even how websites load securely.
Why Are Protocols Important?
Protocols are important for three key reasons:
They standardize processes. By following predetermined ‘rules’, developers and network providers can avoid conflicts and inefficiencies.
They enable communication across systems. Protocols allow different hardware and software to speak the same ‘language’, which ensures compatibility across devices or systems.
They ensure security and reliability. Many protocols include built-in security measures, like encryption and error detection, which helps protect data.
What are the different types of protocols?
Some of the most common protocols include:
Network Protocols
Network protocols enable devices to connect and share data across networks (and the internet).
The TCP/IP (Transmission Control Protocol/Internet Protocol) is the foundation of the internet, helping to manage data transfer and addressing.
The HTTP/HTTPS (Hypertext Transfer Protocol) loads web pages with HTTPS, providing a secure, encrypted connection.
The DNS (Domain Name System) translates domain names (like fastly.com) into IP addresses that computers can understand.
Email Protocols
Email protocols are used to send and receive emails. The SMTP (Simple Mail Transfer Protocol) is for sending and the IMAP and POP3 are used for retrieving messages.
Security Protocols
Security protocols help to protect data and communications.
The SSL/TLS (Secure Sockets Layer / Transport Layer Security) encrypts internet traffic.
The IPSec (Internet Protocol Security) secures data exchange over networks.
Application and Data Protocols
These protocols set the standard for how applications exchange information. Examples include the FTP (File Transfer Protocol) for file sharing and MQTT for IoT communication.
How do protocols work?
Protocols work by breaking down communication into structured steps, which help to ensure data is delivered accurately, efficiently and securely.
A connection is established: Devices verify their compatibility and essentially ‘agree’ on how they are going to communicate.
Data is transferred: Information is broken out into ‘packets’ (smaller chunks) and then sent out, and reassembled at its destination.
Data is checked for errors: The sent data is analyzed for errors and depending on its nature, encrypted for privacy.
Termination: Once the communication is complete, the connection is closed.
What are protocol vulnerabilities?
Many older protocols were constructed without built-in security considerations. This makes them vulnerable to exploitation and attack. It is important to have security practices and tooling in place to prevent successful exploitation of protocols.
The most common types of protocol vulnerabilities include:
Protocol misuse - data exfiltration and command and control. Malicious actors often use legitimate protocols in order to communicate with compromised devices. This can be very difficult to detect. Two common types are:
HTTP/HTTPS Tunneling. Bad actors use malware to communicate with command servers. They hide the malware inside of normal web traffic, making it very difficult for firewalls to block it. Attempts to block it can mean major disruptions to legitimate traffic.
DNS Tunneling. Bad actors encode data or commands inside of DNS queries and responses. This allows them to bypass standard security monitoring, since DNS traffic is often trusted, by default.
2. Man-in-the-Middle (MitM) attacks on insecure protocols. Bad actors can intercept or alter traffic when protocols don’t have appropriate authentication or encryption policies in place. Two common types are:
ARP Spoofing & Session Hijacking. Bad actors use the Address Resolution Protocol (ARP) to trick devices into sending traffic through them. This allows for ‘eavesdropping’ or modification of sensitive data.
Exploiting HTTP (Non-HTTPS). Without proper encryption in place, attackers can read or inject malicious scripts into web traffic.
3. Denial-of-Service (DoS) via protocol abuse. Attackers can overload or manipulate protocols to disrupt services. Two common types include:
SYN Flooding (TCP Exploit). Attackers send massive amounts of incomplete TCP connection requests, which overwhelms the target server.
DNS Amplification. By exploiting open DNS resolvers, attackers send small queries that generate massive responses, overwhelming the target with traffic.
4. Protocol downgrade & spoofing attacks. Bad actors can trick systems into using weaker versions of protocols or impersonate legitimate ones. Two common types include:
SSL/TLS Downgrade Attacks. Attackers can force a browser and server to use outdated, insecure encryption standards, which makes interception easier.
SMTP Spoofing. Bad actors target email protocols with weak or misconfigured authentication, enabling them to send phishing emails that appear to come from trusted sources.
How can you defend against protocol attacks?
There are several steps you can take to defend against protocol attacks.
Upgrade to secure protocols. Many attacks exploit older, unencrypted, or outdated protocols. Moving to modern, secure alternatives reduces risk significantly. Secure protocols add encryption and authentication, preventing eavesdropping, tampering, and spoofing. You should:
Replace HTTP with HTTPS for all web traffic (enables TLS encryption).
Replace FTP with SFTP or FTPS for secure file transfers.
Use DNS over HTTPS (DoH) or DNSSEC to prevent DNS hijacking.
Disable or update legacy protocols.
Patch and update systems. This helps resolve known vulnerabilities. Attackers often rely on unpatched or misconfigured systems because they’re easy targets. You should:
Keep all systems and network devices updated with security patches.
Regularly audit which protocols and ports are exposed, disabling unused ones.Harden configurations: enforce strong ciphers and disable weak versions of SSL/TLS
Implement Network Segmentation and Zero Trust. Segmentation helps to limit how far a successful protocol exploit can spread. Using zero trust ensures that ALL users and devices are always verified, even inside the network. Firewalls and microsegmentation can help control which protocols and services can be accessed, and by whom.
Monitor for Suspicious Protocol Traffic. Using an advanced detection tool can help identify attacks that are disguised within normal traffic. You should:
Deploy Intrusion Detection and Prevention Systems (IDS/IPS) to monitor traffic for anomalies.
Use Deep Packet Inspection (DPI) to detect malicious payloads hiding in protocols like DNS or HTTP.
Log and analyze unusual DNS queries, HTTP requests, or large outbound traffic, which is a sign of exfiltration.
Defend Against Denial-of-Service (DoS) via Protocols. Attackers can abuse protocols like DNS or TCP to flood systems. You should:
Use rate limiting and traffic filtering at the firewall or application layer.
Employ DDoS protection solutions
Configure servers to handle abnormal traffic patterns
Train Employees and Secure Endpoints. Protocols can also be abused via social engineering and endpoint compromise. You should:
Train users to recognize phishing attacks that exploit email protocols.
Use Endpoint Detection and Response (EDR) to detect malware using covert protocol channels.
Enforce multi-factor authentication (MFA) to limit credential-based attacks.
How Fastly can help
Maintaining comprehensive security against DDoS attacks presents major challenges in terms of cost, complexity, false positives, evolving threats, and resource intensity. However, Fastly's cloud-based DDoS protection solution directly resolves each of these concerns.
The key benefits of Fastly’s DDoS Protection include the following:
Lowers Costs: Fastly offers cost-effective DDoS protection, which is included with its CDN services.
Flexible payment options: Let you choose the package suited to your needs, with unlimited overage protection. Consolidating with a single vendor for security, CDN, and edge cloud services is the more affordable choice.
Simplifies Complexity: Fastly's solution requires no complex setup or manual tuning on your side. The network automatically absorbs layer 3/4 attacks, while the next-gen WAF seamlessly handles Layer 7 threats.
Reduces False Positives: Fastly's advanced SmartParse detection engine accurately classifies requests while minimizing the false positives that could block real users.
Continuously Evolves: Fastly enhances detection and mitigation
based on solid intelligence, letting you stay ahead of evolving global attack trends.
Resource Efficient: Fastly's massive 336 Tbsp network has a built-in capacity to absorb even extraordinary attacks without performance impacts. Automated edge mitigation also reduces the origin load.
Experience enhanced security and performance with Fastly's comprehensive DDoS protection. Learn more about Fastly's DDoS Protection solutions.
Learn about Fastly's DDoS Protection