Posts

Showing posts from October, 2018

Common DNS attacks

The Domain Name System (DNS) makes the Internet usable for humans. It is fundamental to the proper operation of virtually all Internet Protocol (IP) network applications, from web browsing to email, from messaging to multi-media applications and more. By its very nature, the global Internet DNS system serves as a distributed data repository containing domain names (e.g., web addresses) and corresponding IP address information. DNS has proven extremely effective and scalable in practice and most people take DNS for granted given its proven reliability. However, its essential function and decentralized architecture serve to attract attackers seeking to exploit its distributed structure and rich data store for sinister activities. Every time you enter a web address or send an email, you use DNS. DNS translates human-preferred "www" names into computer-preferred binary addresses. This translation service is more commonly referred to as a name resolution process, whereby a web a

Proper DNS deployment one key to DNS security

Two basic tenants of information technology (IT) network security practices entail partitioning DNS server deployments and corresponding functions based on trust zones and in employing a multi-layered defense in depth style approach. I’ll use the term “trust sectors” instead of “trust zones” given the ambiguity of the word “zone” in a DNS context. Establishing an effective defense is critical as is preparation, monitoring, event detection to rapidly identify attacks in progress and enact recovery plans to perform mitigation actions to minimize or nullify their impacts. Event post-mortems are also critical to feeding back to the security plan to apply lessons learned to improve detection and recovery times. Generally, DNS deployment designs should account for high availability, performance, scalability, human intervention and of course, security. Using a trust sector approach to DNS server deployment allows you to segment namespace and resolution responsibility which provides a solid

NIST Cybersecurity Framework Core applied to DNS

The National Institute of Standards and Technologies (NIST) Cybersecurity Framework (CSF) is a de facto security implementation standard not only for the U.S. government, but for organizations worldwide. This framework defines a common lexicon to facilitate documentation and communication of security requirements and level of implementation. In addition, the framework enables an organization to identify risks and to prioritize the mitigation of risks with respect to business priorities and available resources. NIST’s CSF seeks to facilitate communications within an  organization as well as to external parties when conveying security goals, maturity status, improvement plans and risks. The framework is comprised of three major components: The framework core defines security activities and desired outcomes for the lifecycle of an organization’s management of cybersecurity risk. The core includes detailed references to existing standards to enable common cross-standard categorization