product iamge

DNS security management

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC). In addition, the text includes discussions on security applications facility by DNS, such as anti-spam, SPF, DANE and related CERT/SSHFP records. This important resource: Presents security approaches for the various types of DNS deployments by role (e.g., recursive vs. authoritative) Discusses DNS resolvers including host access protections, DHCP configurations and DNS recursive server IPs Examines DNS data collection, data analytics, and detection strategies With cyber attacks ever on the rise worldwide, DNS Security Management offers network engineers a much-needed resource that provides a clear understanding of the threats to networks in order to mitigate the risks and assess the strategies to defend against threats.

Author(s): Michael Dooley: Timothy Rooney
Series: Series on networks and services management
Publisher: John Wiley and Sons; IEEE Press
Year: 2017

Language: English
Pages: 0
City: Hoboken, New Jersey; Piscataway, NJ

NS Security Management
Contents
Preface
Acknowledgments

1 Introduction
Why Attack DNS?
Network Disruption
DNS as a Backdoor
DNS Basic Operation
Basic DNS Data Sources and Flows
DNS Trust Model
DNS Administrator Scope
Security Context and Overview
Cybersecurity Framework Overview
Framework Implementation
Whats Next

2 Introduction to the Domain Name System (DNS)
DNS Overview --
Domains and Resolution
Domain Hierarchy
Name Resolution
Zones and Domains
Dissemination of Zone Information
Additional Zones
Resolver Configuration
Summary

3 DNS Protocol and Messages DNS Message FormatEncoding of Domain Names
Name Compression
Internationalized Domain Names
DNS Message Format
DNS Update Messages
The DNS Resolution Process Revisited
DNS Resolution Privacy Extension
Summary

4 DNS Vulnerabilities
Introduction
DNS Data Security
DNS Information Trust Model
DNS Information Sources
DNS Risks
DNS Infrastructure Risks and Attacks
DNS Service Availability
Hardware/OS Attacks
DNS Service Denial
Pseudorandom Subdomain Attacks
Cache Poisoning Style Attacks
Authoritative Poisoning
Resolver Redirection Attacks
Broader Attacks that Leverage DNS Network ReconnaissanceDNS Rebinding Attack
Reflector Style Attacks
Data Exfiltration
Advanced Persistent Threats
Summary
5 DNS Trust Sectors
Introduction
Cybersecurity Framework Items
Identify
Protect
Detect
DNS Trust Sectors
External DNS Trust Sector
Basic Server Configuration
DNS Hosting of External Zones
External DNS Diversity
Extranet DNS Trust Sector
Recursive DNS Trust Sector
Tiered Caching Servers
Basic Server Configuration
Internal Authoritative DNS Servers
Basic Server Configuration
Additional DNS Deployment Variants
Internal Delegation DNS Master/Slave Servers Multi-Tiered Authoritative ConfigurationsHybrid Authoritative/Caching DNS Servers
Stealth Slave DNS Servers
Internal Root Servers
Deploying DNS Servers with Anycast Addresses
Other Deployment Considerations
High Availability
Multiple Vendors
Sizing and Scalability
Load Balancers
Lab Deployment
Putting It All Together
6 Security Foundation
Introduction
Hardware/Asset Related Framework Items
Identify: Asset Management
Identify: Business Environment
Identify: Risk Assessment
Protect: Access Control
Protect: Data Security
Protect: Information Protection
Protect: Maintenance Detect: Anomalies and EventsDetect: Security Continuous Monitoring
Respond: Analysis
Respond: Mitigation
Recover: Recovery Planning
Recover: Improvements
DNS Server Hardware Controls
DNS Server Hardening
Additional DNS Server Controls
Summary
7 Service Denial Attacks
Introduction
Denial of Service Attacks
Pseudorandom Subdomain Attacks
Reflector Style Attacks
Detecting Service Denial Attacks
Denial of Service Protection
DoS/DDoS Mitigation
Bogus Queries Mitigation
PRSD Attack Mitigation
Reflector Mitigation
Summary
8 Cache Poisoning Defenses
Introduction
Attack Forms
Packet Interception or Spoofing
ID Guessing or Query Prediction
Name Chaining
The Kaminsky DNS Vulnerability
Cache Poisoning Detection
Cache Poisoning Defense Mechanisms
UDP Port Randomization
Query Name Case Randomization
DNS Security Extensions
Last Mile Protection

9 SECURING AUTHORITATIVE DNS DATA
Introduction
Attack Forms
Resolution Data at Rest
Domain Registries
DNS Hosting Providers
DNS Data in Motion
Attack Detection
Authoritative Data
Domain Registry
Domain Hosting
Falsified Resolution
Defense Mechanisms
Defending DNS Data at Rest
Defending Resolution Data in Motion with DNSSEC
Summary

10 ATTACKER EXPLOITATION OF DNS
Introduction
Network Reconnaissance
Data Exfiltration
Detecting Nefarious use of DNS
Detecting Network Reconnaissance
DNS Tunneling Detection
Mitigation of Illicit DNS Use
Network Reconnaissance Mitigation
Mitigation of DNS Tunneling

11 MALWARE AND APTS
Introduction
Malware Proliferation Techniques
Phishing
Spear Phishing
Downloads
File Sharing
Email Attachments
Watering Hole Attack
Replication
Implantation
Malware Examples
Malware Use of DNS
DNS Fluxing
Dynamic Domain Generation
Detecting Malware
Detecting Malware Using DNS Data
Mitigating Malware Using DNS
Malware Extrication
DNS Firewall
Summary

12 DNS SECURITY STRATEGY
Major DNS Threats and Mitigation Approaches
Common Controls
Disaster Defense
Defenses Against Human Error
DNS Role-Specific Defenses
Stub Resolvers
Forwarder DNS Servers
Recursive Servers
Authoritative Servers
Broader Security Strategy
Identify Function
Protect Function
Detect Function
Respond Function
Recover Function

13 DNS APPLICATIONS TO IMPROVE NETWORK SECURITY
Safer Web Browsing
DNS-Based Authentication of Named Entities (DANE)
Email Security
Email and DNS
DNS Block Listing
Sender Policy Framework (SPF)
Domain Keys Identified Mail (DKIM)
Domain-Based Message Authentication, Reporting, and
Conformance (DMARC)
Securing Automated Information Exchanges
Dynamic DNS Update Uniqueness Validation
Storing Security-Related Information
Other Security Oriented DNS Resource Record Types
Summary

14 DNS SECURITY EVOLUTION

Appendix A: Cybersecurity Framework Core DNS Example
Appendix B: DNS Resource Record Types
Bibliography
Index