top of page


Cyber Security

Cyber Security Overview


Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.

  • Network security is the practice of securing a computer network from intruders, whether targeted attackers or opportunistic malware.

  • Application security focuses on keeping software and devices free of threats. A compromised application could provide access to the data its designed to protect. Successful security begins in the design stage, well before a program or device is deployed.

  • Information security protects the integrity and privacy of data, both in storage and in transit.

  • Operational security includes the processes and decisions for handling and protecting data assets. The permissions users have when accessing a network and the procedures that determine how and where data may be stored or shared all fall under this umbrella.

  • Disaster recovery and business continuity define how an organization responds to a cyber-security incident or any other event that causes the loss of operations or data. Disaster recovery policies dictate how the organization restores its operations and information to return to the same operating capacity as before the event. Business continuity is the plan the organization falls back on while trying to operate without certain resources.

  • End-user education addresses the most unpredictable cyber-security factor: people. Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow good security practices. Teaching users to delete suspicious email attachments, not plug in unidentified USB drives, and various other important lessons is vital for the security of any organization.

Cyber Security Solution | XDR vs SIEM


XDR (Extended detection and response)


It is a comprehensive cybersecurity solution that combines multiple security technologies and data sources to provide enhanced threat detection, response, and remediation capabilities. XDR expands beyond traditional EDR (Endpoint Detection and Response) solutions and incorporates additional security telemetry data from various sources, such as network traffic, cloud environments, and other endpoints.

Key features and benefits

  • Enhanced visibility: XDR collects and analyzes data from diverse sources, including endpoints, network traffic, cloud platforms, and more. This broader visibility provides a comprehensive understanding of the organization's security posture and allows for the detection of complex threats that may span multiple layers.

  • Advanced analytics and detection: XDR leverages advanced analytics, machine learning, and threat intelligence to detect and prioritize potential security incidents accurately. By applying behavioral analytics and anomaly detection, XDR can identify and flag suspicious activities or indicators of compromise.

  • Automated and streamlined response: XDR streamlines the incident response process by automating investigation and remediation actions. It can orchestrate response activities across different security tools and endpoints, reducing the time and effort required to contain and mitigate threats.

  • Threat hunting capabilities: XDR enables proactive threat hunting by allowing security teams to search for indicators of compromise (IoCs) and suspicious activities across the entire security ecosystem. This helps in identifying and eliminating threats before they cause significant damage.

  • Improved operational efficiency: By consolidating and correlating security data from multiple sources, XDR simplifies security operations and reduces alert fatigue. It provides context-rich insights and actionable intelligence, enabling security teams to focus on critical threats and respond more efficiently.

SIEM (Security information and event management)


It is a cybersecurity solution that helps organizations collect, analyze, and correlate security event data from various sources within their IT infrastructure. SIEM systems provide real-time monitoring, threat detection, incident response, and compliance management capabilities.

Key features and benefits

  • Data Collection: SIEM collects log data, security events, and system activity logs from a wide range of sources, including network devices, servers, applications, firewalls, intrusion detection systems (IDS), and more. These logs contain valuable information about security events, user activities, and system behavior.

  • Log Management: SIEM systems store and manage log data in a centralized repository or database. This allows for easy search, retrieval, and long-term retention of logs for compliance and forensic purposes.

  • Event Correlation: SIEM analyzes and correlates log data from different sources to identify patterns, anomalies, and potential security incidents. It applies predefined rules or algorithms to match events and generate meaningful alerts or notifications.

  • Real-Time Monitoring: SIEM continuously monitors security events in real time and provides dashboards and visualizations to give security teams a holistic view of the organization's security posture. It allows them to track activities, detect threats, and respond promptly to incidents.

  • Threat Detection: SIEM uses rule-based correlation or advanced analytics techniques to detect potential security threats and malicious activities. It can identify patterns that indicate attacks, such as brute-force login attempts, suspicious network traffic, or unauthorized access attempts.

  • Incident Response: SIEM provides workflows and automation capabilities to streamline incident response processes. It enables security teams to investigate and respond to security incidents efficiently, including threat containment, analysis, and remediation.

  • Compliance Management: SIEM assists organizations in meeting regulatory compliance requirements by collecting and analyzing security logs for auditing purposes. It generates reports and provides evidence of compliance with standards such as PCI DSS, HIPAA, GDPR, and others.

  • Log Retention and Forensics: SIEM systems store logs for extended periods, allowing security teams to perform forensic analysis and investigations when necessary. This helps in understanding the scope and impact of security incidents and supports post incident remediation efforts.

XDR vs SIEM (Key Differences)

1. Data Sources:

  • SIEM primarily focuses on log data from various sources within the network, such as firewalls, servers, applications, and network devices. It collects and analyzes logs to identify security events and generate alerts.

  • XDR goes beyond logs and incorporates a broader range of security telemetry data. It collects and analyzes data from diverse sources, including endpoints, network traffic, cloud environments, and sometimes additional sources like cloud applications, email gateways, or user behavior analytics.

2. Endpoint vs. Network Focus:

  • SIEM traditionally places more emphasis on network-focused data sources, analyzing logs from network devices and servers. While it can incorporate some endpoint data, the primary focus is on network-centric security events.

  • XDR expands the scope to include both endpoint and network data. It incorporates endpoint detection and response (EDR) capabilities, analyzing endpoint activities, processes, and behaviors. It also includes network detection and response (NDR) functionalities to monitor network traffic and identify threats.

3. Threat Detection Approach:

  • SIEM typically relies on rule-based correlation and signature-based detection to identify security incidents. It uses predefined rules and signatures to match events and generate alerts based on known patterns.

  • XDR leverages advanced analytics, machine learning, and threat intelligence to detect sophisticated threats. It applies behavioral analytics, anomaly detection, and machine learning algorithms to identify anomalies, unknown threats, and indicators of compromise.

4. Response and Automation:

  • SIEM systems provide alerting and reporting capabilities, allowing security teams to investigate and respond to incidents manually. While some level of automation is possible, the focus is primarily on generating alerts and providing analysis for human decision-making.

  • XDR offers more extensive automation and orchestration capabilities. It can automate response actions, such as isolating compromised endpoints, blocking malicious network traffic, or initiating remediation tasks.

5. Holistic View and Context:

  • SIEM provides visibility into security events and logs, allowing security teams to monitor activities and detect threats within the network.

  • XDR aims to provide a unified and holistic view of the organization's security posture. By collecting and correlating data from various sources, including endpoints, network, and cloud.

Gmail Advanced Optimization


Plus Addressing

Probably you receive a lot of unsolicited emails every day. That happens because many companies sell your data for data brokers. The Google "Plus Addressing" feature helps you to add additional information in your gmail address.


  • If your email is "" and you want to to create a Amazon Account

  • You can add "+amazon" in you email. So your email will be on Amazon ""

  • You will receive the amazon emails in your gmail like the other emails, but you will be able to see the receiver as ""

  • If Amazon sells your data for data brokers you will know what they did

Warning: Nowadays, many companies already know this trick and are blocking Plus Addressing

Dotted Addressing

Unlike Plus Addressing, companies don't block dots in the Gmail address.

It's not as flexible, but it's another way to change your email address without having to create another Gmail account.

DNSSEC on Google Domain with Cloudflare


Activating DNSSEC on Google Domains with Cloudflare

In Cloudflare -> DNS -> Settings -> Activate DNSSEC

Get the:

  • Tag Key

  • Digest

In Google Domains -> DNS

Paste the:

  • Tag Key

  • Algorithm = 13

  • Digest Type = SHA256

  • Digest

Cloudflare / Google DNSSEC

Wait a couple minutes and it is done.

You can go back to Cloudflare and see the message "Success! Your domain is protected with DNSSEC."

Reverse DNS


What is reverse DNS?
A reverse DNS lookup is a DNS query for the domain name associated with a given IP address. This accomplishes the opposite of the more commonly used forward DNS lookup, in which the DNS system is queried to return an IP address.

Standards from the Internet Engineering Task Force (IETF) suggest that every domain should be capable of reverse DNS lookup, but as reverse lookups are not critical to the normal function of the Internet, they are not a hard requirement. As such, reverse DNS lookups are not universally adopted.

How does reverse DNS work?
Reverse DNS lookups query DNS servers for a PTR (pointer) record; if the server does not have a PTR record, it cannot resolve a reverse lookup. PTR records store IP addresses with their segments reversed, and they append "" to that. For example if a domain has an IP address of, the PTR record will store the domain's information under

In IPv6, the latest version of the Internet Protocol, PTR records are stored within the "" domain instead of ""

What are reverse DNS lookups used for?
Reverse lookups are commonly used by email servers. Email servers check and see if an email message came from a valid server before bringing it onto their network. Many email servers will reject messages from any server that does not support reverse lookups or from a server that is highly unlikely to be legitimate. Spammers often use IP addresses from hijacked machines, which means there will be no PTR record. Or, they may use dynamically assigned IP addresses that lead to server domains with highly generic names.

Logging software also employs reverse lookups in order to provide users with human-readable domains in their log data, as opposed to a bunch of numeric IP addresses.



System -> General Setup -> System

Hostname: pfSense (Default)

Domain: (Default)

pfSense recommends to not end the domain name with '.local' as the final part (Top Level Domain, TLD), because 'local' TLD is widely used and it will not network correctly. That is why it recommends "" (Acronym ARPA stands for Address and Routing Parameter Area Domain)

pfSense | NordVPN


NordVPN Steps

pfSense Configuration Steps

  • Create the Certificate (System -> Certificate -> Authorities)

  • Crete the OpenVPN Client (VPN -> OpenVPN -> Clients)

  • Check Instance (Status -> OpenVPN)

  • Assign Interfaces (Interfaces -> Interface Assignments)

  • Create Aliases (Firewall -> Aliases -> IP)

  • Update NAT Outbound (Firewall -> NAT -> Outbound)

  • Update LAN Rules (Firewall -> Rules -> LAN)

  • Update Gateway IP Monitoring (System -> Routing -> Gateways)

  • Check Gateway Status (Status -> Gateways)

  • Install Watchdog Service (System -> Package Manager -> Available Packages)

  • Add NordVPN as a Service in Watchdog (Services -> Service Watchdog)

pfSense | Bufferbloat


Before starting, use a "Bufferbloat Test Site" to determine if changes are necessary. If the firewall already receives a high score the circuit may not be prone to bufferbloat and thus may not require these limiters.

Bufferbloat Test Site:

Configuring CoDel Limiters for Bufferbloat

This configuration requires a limiter and queue for both download and upload, plus a floating rule to apply the limiters to outgoing traffic.

  • Create Download Limiter and Queue (Firewall -> Traffic Shaper -> Limiters)

  • Create Upload Limiter and Queue (Firewall -> Traffic Shaper -> Limiters)

  • Create Floating Rule (Firewall -> Rules ->  Floating)

Create Download Limiter and Queue

  • Navigate to Firewall > Traffic Shaper, Limiters tab

  • Click + New Limiter

  • Configure the limiter with the following settings:

    • Enable: Checked

    • Name: WANDown

    • Bandwidth: 95 (Set equal to WAN download bandwidth. Confirm via speed test first)

    • Mask: None

    • Description: WAN Download

    • Queue Management Algorithm: Tail Drop

    • Scheduler: FQ_CODEL (The page will display FQ_CODEL options and their default values after saving this limiter, but leave them at defaults)

    • Queue Length: 1000 (Can vary depending on the speed of the link, but 1000 should be a safe default for most high speed WANs (100Mbit/s). For very high speed WANs (e.g. 1Gbit/s+), consider increasing further to 3000-5000)

    • ECN: Checked

  • Click Save

  • Click + Add New Queue under WANDown

  • Configure the queue with the following:

    • Enable: Checked

    • Name: WANDownQ

    • Mask: None

    • Description: WAN Download Queue

    • Queue Management Algorithm: Tail Drop

  • Leave the other fields at their default values

  • Click Save

Create Upload Limiter and Queue

  • Navigate to Firewall > Traffic Shaper, Limiters tab

  • Click + New Limiter

  • Configure the limiter with the following settings:

    • Enable: Checked

    • Name: WANUp

    • Bandwidth: 95 (Set equal to WAN download bandwidth. Confirm via speed test first)

    • Mask: None

    • Description: WAN Upload

    • Queue Management Algorithm: Tail Drop

    • Scheduler: FQ_CODEL (The page will display FQ_CODEL options and their default values after saving this limiter, but leave them at defaults)

    • Queue Length: 1000 (Can vary depending on the speed of the link, but 1000 should be a safe default for most high speed WANs (100Mbit/s). For very high speed WANs (e.g. 1Gbit/s+), consider increasing further to 3000-5000)

    • ECN: Checked

  • Click Save

  • Click + Add New Queue under WANUp

  • Configure the queue with the following:

    • Enable: Checked

    • Name: WANUpQ

    • Mask: None

    • Description: WAN Upload Queue

    • Queue Management Algorithm: Tail Drop

  • Leave the other fields at their default values

  • Click Save

Create Floating Rule

  • Navigate to Firewall > Rules, Floating tab

  • Click Add to create a new rule at the bottom of the list

  • Configure the rule as follows:

    • Action: Pass

    • Quick: Checked

    • Interface: WAN

    • Direction: Out

    • Address Family: IPv4 (If the WAN can carry both IPv4 and IPv6, make a separate rule for each address family)

    • Protocol: Any

    • Source: WAN Address (It is important not to match too loosely on the source, especially when a firewall has multiple WANs)

    • Destination: Any

    • Description: CoDel Limiters

    • Gateway: WAN_DHCP (Must be set to the gateway for this WAN interface)

    • In / Out Pipe: WANUpQ / WANDownQ (On WAN floating rules in the outbound direction, “in” traffic is upload, and “out” traffic is download, from the perspective of LAN clients.)

    • Save

  • Apply Changes

  • Reset states to force all traffic to use new limiters

What is jitter?

Jitter is a measure of the variation in latency over time. If your connection suffers from bufferbloat, you'll often also see higher jitter. Too much jitter can cause issues with realtime video and audio calls and online games.

What is ECN?

Explicit Congestion Notification is a means to do network congestion control without dropping packets.

What is CoDel?

CoDel (the name comes from “controlled delay”) was a fundamental advance in the state of the art of network of Active Queue Management (AQM).

How does bufferbloat negatively affect your connection?

Bufferbloat can make web browsing slower, make video calls stutter, and cause VoIP calls will break up. Real-time games will lag.


Bufferbloat causes degraded connectivity anytime your Internet connection is under heavy use by any user or application. If a large upload or download of data is happening, other applications and users will slow down.


How often is someone on your network really under heavy use? You'd be surprised! Many apps are bandwidth-hungrier than you might imagine. For example, most smartphone's photo-taking apps backup all photos and videos to the cloud as soon as they're taken.

  • Video Calls:

    • If you suffer from bufferbloat during video calls then your call will suffer from delays and occasional dropouts.

  • Gaming:

    • Latency is incredibly important for many online games. When your network is suffering from bufferbloat, the latency will spike, causing noticeable delays, or “lag.” Severe bufferbloat will affect your performance against the other players and your enjoyment of the game. Despite this impact, many routers that advertise themselves as “gaming routers” lack the critical feature to address bufferbloat.

How do you determine which services will work well on my connection?

You can use the following criteria to determine if a particular service will work on your Internet connection. (This is just a general guideline).

  • Web Browsing:

    • Download speed > 2 Mbps

    • Upload speed > 100 Kbps

    • Latency < 500 ms

  • Audio Calls:

    • Download speed > 100 Kbps

    • Upload speed > 100 Kbps

    • 95th Percentile Latency < 400 ms

  • 4K Video Streaming:

    • Download speed > 25 Mbps

  • Video Conferencing:

    • Download speed > 10 Mbps

    • Upload speed > 5 Mbps

    • 95th Percentile Latency < 400 ms

  • Low Latency Gaming:

    • Download speed > 10 Mbps

    • Upload speed > 3 Mbps

    • 95th Percentile Latency < 40 ms


pfSense | Forgotten Password


The firewall administrator password can easily be reset using the firewall console if it has been lost.


  • Access the physical console (Connect to the Console)

  • Use option "3" (Reset admin account and password) to change the password for the admin account 

This option can also reset the "admin" account if it is disabled or expired.

pfSense | DNS over TLS | DNS Resolver


Configuring DNS over TLS

  • This prevents intermediate parties from viewing the content of DNS queries and can also assure that DNS is being provided by the expected DNS servers

  • This feature is only supported by the DNS Resolver

  • Navigate to System -> General

  • Locate the DNS Server Settings Section

  • Add or replace entries in the DNS Servers section such that only the chosen DNS over TLS servers are in the list

    • Address: (e.g. IP address of an upstream DNS Server providing DNS over TLS service

    • Hostname: (e.g. Hostname of the same upstream DNS Server in the Address field, used for TLS certificate validation

  • DNS Server Override: Uncheck "Allow DNS server list to be overridden by DHCP/PPP on WAN" (This could add DNS servers to the configuration which do not support DNS over TLS)

  • DNS Resolution Behavior: Set "Use local DNS (, ignore remote DNS Servers" (This makes the firewall itself use only the DNS Resolver and it will not attempt to contact the DNS servers directly. This prevents DNS requests from the firewall being leaked unencrypted on port 53 if the resolver is temporarily unavailable (DNS Resolution Behavior))

  • Click Save

Warning: About Hostname - The hostname is technically optional but dangerous to omit. The DNS Resolver must have the hostname to validate that the correct server is providing a given response. The response is still encrypted without the hostname, but the DNS Resolver has no way to validate the response to determine if the query was intercepted and answered by a third party server (Man-in-the-Middle attack).

Enable DNS over TLS for Forwarded Queries

  • Configure the DNS Resolver to use DNS over TLS for outgoing queries

  • The DNS Resolver will now send queries to all upstream forwarding DNS servers using SSL/TLS on the default port of 853

  • Navigate to Services -> DNS Resolver

    • Enable DNSSEC Support: Uncheck (DNSSEC is not generally compatible with forwarding mode, with or without DNS over TLS)

    • Enable Forwarding Mode: Check

    • Use SSL/TLS for outgoing DNS Queries to Forwarding Servers: Check

  • Click Save

  • Click Apply Changes

Warning (Caveats):

  • Blocking External Client DNS Queries: Clients can make their own connections to DNS over TLS servers, so block them on TCP/UDP ports 53 and 853 to ensure they only query the DNS Resolver

  • Redirecting Client DNS Requests: Redirecting DNS over TLS queries to the DNS Resolver may or may not work, depending on the clients. Setup the DNS over TLS server and add port forward redirects for TCP/UDP ports 53 and 853 to redirect DNS queries to the firewall

Redirecting Client DNS Requests

  • To restrict client DNS to only the DNS Resolver or Forwarder on pfSense® software, use a port forward to capture all client DNS requests.

  • With this port forward in place, DNS requests from local clients to any external IP address will result in the query being answered by the firewall itself. Access to other DNS servers on port 53 is impossible.

Tip: This can be adapted to allow access to only a specific set of DNS servers by changing the Destination network from “LAN Address” to an alias containing the allowed DNS servers. The Invert match box should remain checked.

Warning: Either The DNS Resolver or DNS Forwarder must be active and it must bind to and answer queries on Localhost, or All interfaces.

The following example uses the LAN interface but the same technique will work with any local interface.

  • Navigate to Firewall > NAT, Port Forward tab

  • Click Add to create a new rule

  • Fill in the following fields on the port forward rule:

    • Interface: LAN

    • Protocol: TCP/UDP

    • Destination: Invert Match checked, LAN Address

    • Destination Port Range: DNS (53)

    • Redirect Target IP:

    • Redirect Target Port: DNS (53)

    • Description: Redirect DNS

    • NAT Reflection: Disable

Warning: Clients using DNS over TLS or DNS over HTTPS could circumvent this protection. Redirecting or blocking port 853 may help with DNS over TLS, depending on the clients. (See "Blocking External Client DNS Queries" for additional advice)

Blocking External Client DNS Queries

This procedure configures the firewall to block DNS requests from local clients to servers outside the local network. With no other accessible DNS servers, clients are forced to send DNS requests to the DNS Resolver or DNS Forwarder on pfSense® software for resolution.

Warning: If DNS requests to other DNS servers are blocked, such as by following Blocking External Client DNS Queries, ensure the rule to pass DNS to is above any rule that blocks DNS.

  • Navigate to Firewall > Rules, LAN tab

  • Create the block rule as the first rule in the list:

  • Click Add to create a new rule at the top of the list

  • Fill in the following fields on the rule:

    • Action: Reject

    • Interface: LAN

    • Protocol: TCP/UDP

    • Destination: Any

    • Destination Port Range: DNS (53)

    • Description: Block DNS to Everything Else

  • Create the pass rule to allow DNS to the firewall, above the block rule:

  • Click Add to create a new rule at the top of the list

  • Fill in the following fields on the rule:

    • Action: Pass

    • Interface: LAN

    • Protocol: TCP/UDP

    • Destination: LAN Address

    • Destination Port Range: DNS (53)

    • Description: Pass DNS to the Firewall

  • Click Apply Changes to reload the ruleset

Warning: When complete, there will be two rule entries, and the pass rule should be above the block rule.

Blocking External Client DNS Queries | DNS over TLS

Another concern is that clients could use DNS over TLS to resolve hosts. DNS over TLS sends DNS requests over an encrypted channel on an alternate port, 853.

This traffic can be blocked with a firewall rule for port 853 using the same procedure used for 53. Though if the firewall will not be providing DNS over TLS service to clients, do not add the pass rule.

Blocking External Client DNS Queries | DNS over HTTPS

  • Similar to DNS over TLS, clients may also use DNS over HTTPS (DoH). This is harder to block as it uses port 443. Blocking port 443 on common public DNS servers may help (e.g.,

  • Some browsers automatically attempt to use DNS over HTTPS because they believe it to be more secure and better for privacy, though that is not always the case. Each browser may have its own methods of disabling this feature. Firefox uses a “canary” domain by default if the user has not manually enabled DNS over HTTPS. If Firefox cannot resolve this name, Firefox disables DNS over HTTPS.

To prevent Firefox from using DNS over HTTPS, add the following to the DNS Resolver custom options:

server: local-zone: "" always_nxdomain

pfSense | DNS Setup

System → General Settings -> DNS Server Settings

DNS-over-TLS (DoT)


  • DNS Server IPv4 Primary:

  • DNS Server IPv4 Secondary:

  • DNS Server IPv6 Primary: 2606:4700:4700::1111

  • DNS Server IPv6 Secondary: 2606:4700:4700::1001

  • Port: 853

  • Hostname for TLS Authentication:


  • DNS Server IPv4 Primary:

  • DNS Server IPv4 Secondary:

  • DNS Server IPv6 Primary: 2001:4860:4860::8888

  • DNS Server IPv6 Secondary: 2001:4860:4860::8844

  • Port: 853

  • Hostname for TLS Authentication:


  • DNS Server IPv4 "Secure":

  • DNS Server IPv4 "Insecure":

  • DNS Server IPv6 "Secure": 2620:fe::fe

  • DNS Server IPv6 "Insecure": 2620:fe::10

  • Port: 853

  • Hostname for TLS Authentication:

DNS-over-HTTPS (DoH)



Network Protocols


Network protocols are the sets of standards that allow two or more machines connected to the internet to communicate with each other. It works as a universal language, which can be interpreted by computers from any manufacturer, using any operating system.

They are responsible for taking data transmitted over the network and dividing it into small pieces, which are called packets. Each packet carries source and destination addressing information. Protocols are also responsible for systematizing the establishment, control, traffic and closure phases.

Key elements that define network protocols:

  • Syntax: Represents the format of the data and the order in which it is presented

  • Semantics: Refers to the meaning of each syntactic set that gives meaning to the message sent

  • Timing: Defines an acceptable packet transmission speed

Types of Network Protocols

For communication between computers to be carried out correctly, both computers must be configured according to the same parameters and comply with the same communication standards.

The network is divided into layers, each with a specific function. The different types of network protocols vary according to the type of service used and the corresponding layer.


The main layers and their main protocol types:


  • Application Layer: WWW, HTTP, SMTP, Telnet, FTP, SSH, NNTP, RDP, IRC, SNMP, POP3, IMAP, SIP, DNS, PING

  • Transport Layer: TCP, UDP, RTP, DCCP, SCTP

  • Network Layer: IPv4, IPv6, IPsec, ICMP

  • Physical Link Layer: Ethernet, Modem, PPP, FDDi

Transmission Control Protocol (TCP)


TCP is a popular communication protocol which is used for communicating over a network. It divides any message into series of packets that are sent from source to destination and there it gets reassembled at the destination.


Internet Protocol (IP)


IP is designed explicitly as addressing protocol. It is mostly used with TCP. The IP addresses in packets help in routing them through different nodes in a network until it reaches the destination system. TCP/IP is the most popular protocol connecting the networks.

User Datagram Protocol (UDP)


UDP is a substitute communication protocol to Transmission Control Protocol implemented primarily for creating loss-tolerating and low-latency linking between different applications.

Post office Protocol (POP)


POP3 is designed for receiving incoming E-mails.

Simple mail transport Protocol (SMTP)


SMTP is designed to send and distribute outgoing E-Mail.


File Transfer Protocol (FTP)


FTP allows users to transfer files from one machine to another. Types of files may include program files, multimedia files, text files, and documents, etc.


Hyper Text Transfer Protocol (HTTP)


HTTP is designed for transferring a hypertext among two or more systems. HTML tags are used for creating links. These links may be in any form like text or images. HTTP is designed on Client-server principles which allow a client system for establishing a connection with the server machine for making a request. The server acknowledges the request initiated by the client and responds accordingly.


Hyper Text Transfer Protocol Secure (HTTPS)


HTTPS is abbreviated as Hyper Text Transfer Protocol Secure is a standard protocol to secure the communication among two computers one using the browser and other fetching data from web server. HTTP is used for transferring data between the client browser (request) and the web server (response) in the hypertext format, same in case of HTTPS except that the transferring of data is done in an encrypted format. So it can be said that https thwart hackers from interpretation or modification of data throughout the transfer of packets.


SSL - Secure Sockets Layer


It is an encryption-based Internet security protocol. It was first developed by Netscape in 1995 for the purpose of ensuring privacy, authentication, and data integrity in Internet communications. SSL is the predecessor to the modern TLS encryption used today.

A website that implements SSL/TLS has "HTTPS" in its URL instead of "HTTP."

TLS - Transport Layer Security

It is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP). In this article we will focus on the role of TLS in web application security.

TLS was proposed by the Internet Engineering Task Force (IETF), an international standards organization, and the first version of the protocol was published in 1999. The most recent version is TLS 1.3, which was published in 2018.



Telnet is a set of rules designed for connecting one system with another. The connecting process here is termed as remote login. The system which requests for connection is the local computer, and the system which accepts the connection is the remote computer.




Gopher is a collection of rules implemented for searching, retrieving as well as displaying documents from isolated sites. Gopher also works on the client/server principle.

Protocols used by SAP

Common Programming Interface for Communication (CPI-C)

SAP uses Common Programming Interface for Communication (CPIC) protocol to transfer data between systems. CPIC is an SAP specific protocol.

Open Data Protocol (OData)

The Open Data Protocol (OData) is a standardized protocol for exposing and accessing information from
various sources. OData is based on core protocols, including HTTP, AtomPub (Atom Publishing Protocol), XML,
and JSON (Java Script Object Notation).

MQTT - Message Queuing Telemetry Transport

MQTT is a message protocol for machine-to-machine communication (M2M) and IoT. You can use the MQTT source system to set up a connection to an MQTT broker (MQTT server). It is most commonly run over TCP/IP stack, but there are MQTT implementations that use other protocols.

The  supported communication protocol between SAP S/4HANA and SAP Cloud Platform Enterprise Messaging will be MQTT (over Websocket). With the feature of Enterprise Event Enablement of S/4HANA, you can pass the S/4HANA event to the external systems via the middleware called SAP Cloud Platform Enterprise Messaging.

HTTP vs MQTT: HTTP is typically a transient interface in which each request is a short-lived session. MQTT sessions are long-lived. Another important difference is that HTTP operates on a command-response basis. A command gets sent to the server and a response returns.

TCP vs UDP | Protocol Comparison


Whether your data is transferred quickly and in full depends on which network protocols you use, UDP or TCP. They both do the same job but in different ways. One is more reliable and the other one is faster.

TCP (transmission control protocol) is connection-based, so it establishes a connection between the receiver and sender and maintains it while transferring data. It guarantees that the data arrives completely intact.

UDP (User Datagram Protocol) is connectionless, so it doesn’t establish a prior connection between two parties. It has the potential to lose data along the way, but in return you’ll have much higher speeds.

  • Reliability

    • TCP: High

    • UDP: Lower

  • Speed

    • TCP: Lower

    • UDP: High

  • Transfer Method

    • TCP: Packets are delivered in a sequence

    • UDP: Packets are delivered in a stream

  • Error Detection and Correction

    • TCP: Yes

    • UDP: No

  • Congestion Control

    • TCP: Yes

    • UDP: No

  • Acknowledgement

    • TCP: Yes

    • UDP: Only the Checksum (Checksum is the final two bytes of the UDP header, a field that's used by the sender and receiver to check for data corruption)

Warning: UDP is not recommended for transmitting large files.

References: Palo Alto Networks (; Wikipedia (; Google (; Oracle (; Raspberry PI (; Microsoft (; CloudFlare (; NordVPN (

bottom of page