SlideShare uma empresa Scribd logo

Windows Server 2016 Webinar

Men and Mice
Men and Mice

A webinar that looks into the new features that the Windows Server 2016 will offer in the DNS, DHCP and IPv6 space. Showcase of some of the new stuff using the latest tech preview and the aim is to give administrators a quick overview of the Windows Server 2016 and enough information to decide if early adoption is worthwhile.

Tecnologia
1 de 30
Baixar para ler offline
Windows Server 2016 what is new in DNS (and IPv6 and DHCP) 1
© Men & Mice http://menandmice.com Windows Server 2016 DNS Policies Application Load-Distribution with DNS IPv6 Root-Hints DANE-Records Support Support for Unknown DNS Records Response-Rate-Limiting Other new Features in Windows Server 2016 2 the features discussed here are based on the 
 Technical Preview 5 (April 2016)
© Men & Mice http://menandmice.com DNS Policies DNS policies give fine control about how DNS queries should be answered by a DNS server • similar, but more powerful, than BIND 9 views • Use-cases • access control for DNS resolvers (prevent open resolver) • DNS based load-distribution • blackholing malicious clients • Filter based on DNS domains or Query-Type • Geo-Location-Aware DNS answers • Traffic-Engineering based on time-of-day • "Split-Brain" DNS configurations (CAUTION!) 3
© Men & Mice http://menandmice.com DNS Policies Every DNS zone can have one or more "ZoneScopes" • each ZoneScope can contain different DNS data (e.g. different IP-Addresses for the same name) • the DNS Policy defines, which ZoneScope is used when a DNS query reaches the DNS server 4
© Men & Mice http://menandmice.com DNS Policy criteria 5 Client Subnet Source address of the query Transport Protocol either UDP or TCP Internet Protocol either IPv4 or IPv6 Server Interface IP address on which interface the query comes in domain name an FQDN (wildcards possible) Query Type the requested DNS record type (A/AAAA/MX/SRV etc) Time of Day Time when the query is received
© Men & Mice http://menandmice.com DNS Policies DNS Policy criteria can be combined with boolean expressions ("AND", "OR", "NOT") Powerful DNS policies are possible … … that should be used carefully 6
© Men & Mice http://menandmice.com DNS Policies Demo 1 7 restricting DNS 
 recursion to subnets
© Men & Mice http://menandmice.com DNS Policies Demo 1 Get-DnsServerRecursionScope -Name .
 Set-DnsServerRecursionScope -Name . -EnableRecursion $False
 Add-DnsServerRecursionScope -Name "Clients" -EnableRecursion $True 
 Add-DnsServerClientSubnet -Name "MyNetwork" ` -IPv4Subnet "172.22.1.0/24" ! Add-DnsServerQueryResolutionPolicy -Name "ResolverPolicy" `
 -Action ALLOW -ApplyOnRecursion -RecursionScope "Clients" `
 -ClientSubnet "EQ,MyNetwork" 8
© Men & Mice http://menandmice.com DNS Policies Demo 2 9 Application load distribution using DNS
© Men & Mice http://menandmice.com DNS Policies Demo 2 Add-DnsServerZoneScope -ZoneName example.com -Name "scope1"
 Add-DnsServerZoneScope -ZoneName example.com -Name "scope2"
 Get-DnsServerZoneScope -ZoneName example.com ! Add-DnsServerResourceRecord -A -Name www -ZoneName example.com -IPv4Address 192.0.2.10 `
 -ZoneScope "scope1"
 Add-DnsServerResourceRecord -A -Name www -ZoneName example.com -IPv4Address 192.0.2.20 `
 -ZoneScope "scope2" 
 Add-DnsServerQueryResolutionPolicy -Name "Scope1LDPolicy" -ZoneName example.com `
 -ZoneScope "scope1,4;scope,2" -Action ALLOW -ServerInterfaceIP "EQ,172.22.1.150" ! Get-DnsServerQueryResolutionPolicy -ZoneName example.com 10
© Men & Mice http://menandmice.com IPv6 root hints Windows Server 2016 now comes with IPv6 root- hints preconfigured • root hints are required for every DNS server to find the start of all DNS resolution • Windows Server up to Windows 2012R2 only contain the IPv4 root-hints for the Internet (however it was possible to add the IPv6 root-hints manually) • This change makes it possible to run the Windows DNS server in an "IPv6-Only" network 11
© Men & Mice http://menandmice.com DANE TLSA Record support Windows Server 2016 adds support for the TLSA Resource Record type • TLSA is required for DANE (DNS Authenticated Named Entities) • "pinning" of TLS/SSL certificates via DNSSEC secured DNS • see our previous webinar "DNSSEC & DANE – E-Mail security reloaded" 
 https://www.menandmice.com/resources/educational-resources/webinars/dnssec-and-dane-e-mail-security-reloaded/ 12
© Men & Mice http://menandmice.com Demo: TLSA record 13
© Men & Mice http://menandmice.com Demo: TLSA Record Add-DnsServerResourceRecord -Name _25._tcp `
 -ZoneName example.com -TLSA -CertificateUsage DomainIssuedCertificate `
 -Selector SubjectPublicKeyInfo -MatchingType Sha256Hash `
 -CertificateAssociationData 831B809F32A1A9E8C52A5167A35A979F0719B89D08E9A3302264F99D 14
© Men & Mice http://menandmice.com Support for "Unknown Resource Records" With new protocols, new DNS record types are added to DNS •URI • SMIMEA and OPENPGPKEY • TA and TALINK • … RFC 3597 "Handling of Unknown DNS Resource Record (RR) Types" defines a way to provision a DNS server with resource records unknown to the server software 15
© Men & Mice http://menandmice.com Support for "Unknown Resource Records" the DNS server in Windows 2016 now supports these unknown resource records • enables DNS admins to support new protocols which were not published at the release time of windows server • the record data is given in hexadecimal notation • the BIND 9 utility "named-rrchecker" can be used to convert the data part of an DNS RR into the hexadecimal format Example: definition of an IPv4 Address "A"-Record: Add-DnsServerResourceRecord -Name www -ZoneName example.com -Type 1 -RecordData "0A000001" 16
© Men & Mice http://menandmice.com Demo: Unknown RRs 17
© Men & Mice http://menandmice.com Demo: Unknown RRs The Uniform Resource Identifier (URI) DNS Resource Record: https://tools.ietf.org/html/rfc7553 ! > echo 'IN URI 10 1 "http://www.example.com/path"' | named-rrchecker -u
 CLASS1 TYPE256 # 31 000a0001687474703a2f2f7777772e6578616d706c652e636f6d2f70617468 ! PowerShell> Add-DnsServerResourceRecord -Name _http._tcp -ZoneName example.com `
 -Type 256 -RecordData "000a0001687474703a2f2f7777772e6578616d706c652e636f6d2f70617468" 18
© Men & Mice http://menandmice.com Response Rate Limiting DNS responses from DNS servers in the Internet (Authoritative or DNS resolver) can be mis-used for denial of service attacks • A problem for a long time, but has been especially popular with attackers in the last five years • For additional coverage on this topic, watch our webinar "The dangers of DNS reflection attacks" 
 
 https://www.menandmice.com/resources/educational-resources/webinars/the-dangers-of-dns-reflection-attacks/ 19
© Men & Mice http://menandmice.com What is the problem 20 DNS is UDP "stateless" communication source IP addresses can be spoofed some DNS Server in the Internet Source IP Address "spoofed" Answer is delivered to the owner of the "spoofed" IP Address
© Men & Mice http://menandmice.com What is the problem 21 There are many many DNS servers to be found in the Internet
© Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • RRL was developed by Vernon Schryver and Paul Vixie and implemented in BIND 9, NSD, Knot and PowerDNS. It is now also available in Windows Server 2016.
 • as all DNS queries should go through a caching server 
 • identical queries should not be seen from the same source inside the TTL (Time to Live) 
 • if the DNS server sees (many) recurring queries within the TTL, it is likely an attack 22
© Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • response rate limiting counts the number of identical responses sent to a given network
 • will throttle outgoing responses if too much identical responses are sent
 • allows legit clients in the victims network to still resolve DNS data 23
© Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • in case an attack is detected, (almost) empty answers are sent with "TC" flag set
 • "TC" flag = answer truncated, retry over TCP
 • real caching DNS server will repeat the query over TCP (slower, but harder to spoof) 24
© Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) •RRL enabled on an authoritative server 25
© Men & Mice http://menandmice.com Demo: RRL 26
© Men & Mice http://menandmice.com Miscellaneous news DHCP: Network Access Protection (NAP) has been removed from DHCPv4 in Windows Server 2016 Containers with Docker: lightweight separation of Applications on a single Windows Server 2016 instance (can be used to separate a DNS or DHCP server) Nano-Server: minimal Windows Server 2016 image without GUI. Can be used to create a lightweight DNS-Server deployment Software Defined Networking (SDN) and Layer-4 Load- Balancer: load-balance DNS server (for example DNS resolver) 27
© Men & Mice http://menandmice.com Release Dates Windows Server 2016 will be released in Q3 2016 Men & Mice Suite 7.3 (September 2016) will support Windows Server 2016 Many of the new features will be supported in the Men & Mice GUI and Web-UI 28
© Men & Mice http://menandmice.com Upcoming Webinar June 9th, 2016 - Yeti-DNS ! Yet-DNS - an international research project 
 on the DNS root-server system Interview with Shane Kerr of BII How-To participate in Yeti-DNS with a 
 DNS resolver 29
© Men & Mice http://menandmice.com Thank you! ! Questions? Comments? 30

Recomendados

Active directory
Active directory Active directory
Active directory deshvikas
 
1 introduction to windows server 2016
1 introduction to windows server 20161 introduction to windows server 2016
1 introduction to windows server 2016Hameda Hurmat
 
Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Tuan Yang
 
install active directory and configure domain controller
install active directory and configure domain controllerinstall active directory and configure domain controller
install active directory and configure domain controllerAlRomaniRashad
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Tuan Yang
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in LinuxKnoldus Inc.
 
Presentation citrix desktop virtualization
Presentation citrix desktop virtualizationPresentation citrix desktop virtualization
Presentation citrix desktop virtualizationxKinAnx
 

Recomendados

Active directory
Active directory Active directory
Active directory deshvikas
 
1 introduction to windows server 2016
1 introduction to windows server 20161 introduction to windows server 2016
1 introduction to windows server 2016Hameda Hurmat
 
Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Tuan Yang
 
install active directory and configure domain controller
install active directory and configure domain controllerinstall active directory and configure domain controller
install active directory and configure domain controllerAlRomaniRashad
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Tuan Yang
 
Microsoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewMicrosoft Windows Server 2022 Overview
Microsoft Windows Server 2022 OverviewDavid J Rosenthal
 
Users and groups in Linux
Users and groups in LinuxUsers and groups in Linux
Users and groups in LinuxKnoldus Inc.
 
Presentation citrix desktop virtualization
Presentation citrix desktop virtualizationPresentation citrix desktop virtualization
Presentation citrix desktop virtualizationxKinAnx
 
VMware Presentation
VMware PresentationVMware Presentation
VMware PresentationEmirates Computers
 
Installation windows server 2019 standard
Installation windows server 2019 standardInstallation windows server 2019 standard
Installation windows server 2019 standardMr Cuong
 
6 understanding DHCP
6 understanding DHCP6 understanding DHCP
6 understanding DHCPHameda Hurmat
 
Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Tuan Yang
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services202066
 
Install active directory on windows server 2016 step by step
Install active directory on windows server 2016 step by stepInstall active directory on windows server 2016 step by step
Install active directory on windows server 2016 step by stepAhmed Abdelwahed
 
Windows 2019
Windows 2019Windows 2019
Windows 2019Gary Williams
 
Networking in linux
Networking in linuxNetworking in linux
Networking in linuxVarnnit Jain
 
Linux introduction, class 1
Linux introduction, class 1Linux introduction, class 1
Linux introduction, class 1Adrian Mikeliunas
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Diana Carolina Torres Viasus
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linuxPapu Kumar
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Netgate
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
Dns
DnsDns
Dnsdeshvikas
 
Wds
WdsWds
Wdsanilinvns
 
Chapter Two.pptx
Chapter Two.pptxChapter Two.pptx
Chapter Two.pptxssuser8347a1
 
What is active directory
What is active directoryWhat is active directory
What is active directoryAdeel Khurram
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 pptRaj Solanki
 
IT system and network administrator
IT system and network administratorIT system and network administrator
IT system and network administratorMuhammad Nasir ( MCSA/ MCTS / MCITP)
 
Microsoft Remote Desktop Services
Microsoft Remote Desktop ServicesMicrosoft Remote Desktop Services
Microsoft Remote Desktop ServicesRonnie Isherwood
 
OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewThreatReel Podcast
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
 

Mais conteúdo relacionado

Mais procurados

Installation windows server 2019 standard
Installation windows server 2019 standardInstallation windows server 2019 standard
Installation windows server 2019 standardMr Cuong
 
6 understanding DHCP
6 understanding DHCP6 understanding DHCP
6 understanding DHCPHameda Hurmat
 
Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Tuan Yang
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services202066
 
Install active directory on windows server 2016 step by step
Install active directory on windows server 2016 step by stepInstall active directory on windows server 2016 step by step
Install active directory on windows server 2016 step by stepAhmed Abdelwahed
 
Networking in linux
Networking in linuxNetworking in linux
Networking in linuxVarnnit Jain
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linuxPapu Kumar
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Netgate
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02gameaxt
 
What is active directory
What is active directoryWhat is active directory
What is active directoryAdeel Khurram
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 pptRaj Solanki
 
Microsoft Remote Desktop Services
Microsoft Remote Desktop ServicesMicrosoft Remote Desktop Services
Microsoft Remote Desktop ServicesRonnie Isherwood
 

Mais procurados (20)

VMware Presentation
VMware PresentationVMware Presentation
VMware Presentation
 
Installation windows server 2019 standard
Installation windows server 2019 standardInstallation windows server 2019 standard
Installation windows server 2019 standard
 
6 understanding DHCP
6 understanding DHCP6 understanding DHCP
6 understanding DHCP
 
Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)Windows Server 2016 First Look (Part 1)
Windows Server 2016 First Look (Part 1)
 
active-directory-domain-services
active-directory-domain-servicesactive-directory-domain-services
active-directory-domain-services
 
Install active directory on windows server 2016 step by step
Install active directory on windows server 2016 step by stepInstall active directory on windows server 2016 step by step
Install active directory on windows server 2016 step by step
 
Windows 2019
Windows 2019Windows 2019
Windows 2019
 
Networking in linux
Networking in linuxNetworking in linux
Networking in linux
 
Linux introduction, class 1
Linux introduction, class 1Linux introduction, class 1
Linux introduction, class 1
 
Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019Windows Server 2019 -InspireTech 2019
Windows Server 2019 -InspireTech 2019
 
Introduction 2 linux
Introduction 2 linuxIntroduction 2 linux
Introduction 2 linux
 
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
Monitoring pfSense 2.4 with SNMP - pfSense Hangout March 2018
 
Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02Microsoft Offical Course 20410C_02
Microsoft Offical Course 20410C_02
 
Dns
DnsDns
Dns
 
Wds
WdsWds
Wds
 
Chapter Two.pptx
Chapter Two.pptxChapter Two.pptx
Chapter Two.pptx
 
What is active directory
What is active directoryWhat is active directory
What is active directory
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 ppt
 
IT system and network administrator
IT system and network administratorIT system and network administrator
IT system and network administrator
 
Microsoft Remote Desktop Services
Microsoft Remote Desktop ServicesMicrosoft Remote Desktop Services
Microsoft Remote Desktop Services
 

Destaque

OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewThreatReel Podcast
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Canada
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityCheapSSLsecurity
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewThreatReel Podcast
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22CheapSSLsecurity
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteMen and Mice
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...ThreatReel Podcast
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlOpenDNS
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerOpenDNS
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Osecarrow
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & securityAvani Patel
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Canada
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishingecarrow
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampAlexander Benoit
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafeCheapSSLsecurity
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overviewCisco Canada
 

Destaque (20)

OISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) OverviewOISF: Regular Expressions (Regex) Overview
OISF: Regular Expressions (Regex) Overview
 
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
Cisco Connect Toronto 2017 - Accelerating Incident Response in Organizations...
 
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurityComodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
Comodo Multi Domain SSL Certificate: Key Features by CheapSSLsecurity
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) OverviewDerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
DerbyCon 7.0 Legacy: Regular Expressions (Regex) Overview
 
Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22Symantec (ISTR) Internet Security Threat Report Volume 22
Symantec (ISTR) Internet Security Threat Report Volume 22
 
Scripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice SuiteScripting and automation with the Men & Mice Suite
Scripting and automation with the Men & Mice Suite
 
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
(ISC)2 Cincinnati Tri-State Chapter: Phishing Forensics - Is it just suspicio...
 
Role of DNS in Botnet Command and Control
Role of DNS in Botnet Command and ControlRole of DNS in Botnet Command and Control
Role of DNS in Botnet Command and Control
 
Umbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic WorkerUmbrella Webcast: Redefining Security for the Nomadic Worker
Umbrella Webcast: Redefining Security for the Nomadic Worker
 
Dns Hardening Linux Os
Dns Hardening Linux OsDns Hardening Linux Os
Dns Hardening Linux Os
 
Tcp udp
Tcp udpTcp udp
Tcp udp
 
Cyber Security # Lec 2
Cyber Security # Lec 2Cyber Security # Lec 2
Cyber Security # Lec 2
 
Cyber crime & security
Cyber crime & securityCyber crime & security
Cyber crime & security
 
Cisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attackCisco Connect Toronto 2017 - Anatomy-of-attack
Cisco Connect Toronto 2017 - Anatomy-of-attack
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishing
 
Microsoft Cyber Security IT-Camp
Microsoft Cyber Security IT-CampMicrosoft Cyber Security IT-Camp
Microsoft Cyber Security IT-Camp
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
Phishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You SafePhishing Scams: 8 Helpful Tips to Keep You Safe
Phishing Scams: 8 Helpful Tips to Keep You Safe
 
Cisco umbrella overview
Cisco umbrella overviewCisco umbrella overview
Cisco umbrella overview
 

Semelhante a Windows Server 2016 Webinar

Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSECMen and Mice
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]APNIC
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]APNIC
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsF5 Networks
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of ThingsPeter Silva
 
How to choose the right IPAM for your organization final
How to choose the right IPAM for your organization finalHow to choose the right IPAM for your organization final
How to choose the right IPAM for your organization finalMichal Hrncirik
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDan York
 
EDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol ExtensionEDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol ExtensionAPNIC
 

Semelhante a Windows Server 2016 Webinar (20)

Windows 2012 and DNSSEC
Windows 2012 and DNSSECWindows 2012 and DNSSEC
Windows 2012 and DNSSEC
 
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
DNSSEC Tutorial, by Champika Wijayatunga [APNIC 38]
 
ION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSECION Islamabad - Deploying DNSSEC
ION Islamabad - Deploying DNSSEC
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
Quad9 and DNS Privacy
Quad9 and DNS PrivacyQuad9 and DNS Privacy
Quad9 and DNS Privacy
 
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
Understanding and Deploying DNSSEC, by Champika Wijayatunga [APRICOT 2015]
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
8 technical-dns-workshop-day4
8 technical-dns-workshop-day48 technical-dns-workshop-day4
8 technical-dns-workshop-day4
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
ION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSECION Bucharest - Deploying DNSSEC
ION Bucharest - Deploying DNSSEC
 
ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?ION Hangzhou - Why Deploy DNSSEC?
ION Hangzhou - Why Deploy DNSSEC?
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
 
The DNS of Things
The DNS of ThingsThe DNS of Things
The DNS of Things
 
RP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjonRP11_XaviertTorrentGorjon
RP11_XaviertTorrentGorjon
 
How to choose the right IPAM for your organization final
How to choose the right IPAM for your organization finalHow to choose the right IPAM for your organization final
How to choose the right IPAM for your organization final
 
Encrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPSEncrypted DNS - DNS over TLS / DNS over HTTPS
Encrypted DNS - DNS over TLS / DNS over HTTPS
 
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 HackathonDNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
DNS / DNSSEC / DANE / DPRIVE Results at IETF93 Hackathon
 
EDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol ExtensionEDNS (in)Compatibility: Adventures in Protocol Extension
EDNS (in)Compatibility: Adventures in Protocol Extension
 

Mais de Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksMen and Mice
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNSMen and Mice
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review WebinarMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices WebinarMen and Mice
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS ServerMen and Mice
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)Men and Mice
 

Mais de Men and Mice (20)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
Part 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows NetworksPart 2 - Local Name Resolution in Windows Networks
Part 2 - Local Name Resolution in Windows Networks
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 
DNSSEC best practices Webinar
DNSSEC best practices WebinarDNSSEC best practices Webinar
DNSSEC best practices Webinar
 
IETF 92 Webinar
IETF 92 WebinarIETF 92 Webinar
IETF 92 Webinar
 
The KNOT DNS Server
The KNOT DNS ServerThe KNOT DNS Server
The KNOT DNS Server
 
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
RIPE 69 & IETF 91 Webinar - DNS-Privacy, IPv6, DANE and DHCP(v6)
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 

Windows Server 2016 Webinar

  • 1. Windows Server 2016 what is new in DNS (and IPv6 and DHCP) 1
  • 2. © Men & Mice http://menandmice.com Windows Server 2016 DNS Policies Application Load-Distribution with DNS IPv6 Root-Hints DANE-Records Support Support for Unknown DNS Records Response-Rate-Limiting Other new Features in Windows Server 2016 2 the features discussed here are based on the 
 Technical Preview 5 (April 2016)
  • 3. © Men & Mice http://menandmice.com DNS Policies DNS policies give fine control about how DNS queries should be answered by a DNS server • similar, but more powerful, than BIND 9 views • Use-cases • access control for DNS resolvers (prevent open resolver) • DNS based load-distribution • blackholing malicious clients • Filter based on DNS domains or Query-Type • Geo-Location-Aware DNS answers • Traffic-Engineering based on time-of-day • "Split-Brain" DNS configurations (CAUTION!) 3
  • 4. © Men & Mice http://menandmice.com DNS Policies Every DNS zone can have one or more "ZoneScopes" • each ZoneScope can contain different DNS data (e.g. different IP-Addresses for the same name) • the DNS Policy defines, which ZoneScope is used when a DNS query reaches the DNS server 4
  • 5. © Men & Mice http://menandmice.com DNS Policy criteria 5 Client Subnet Source address of the query Transport Protocol either UDP or TCP Internet Protocol either IPv4 or IPv6 Server Interface IP address on which interface the query comes in domain name an FQDN (wildcards possible) Query Type the requested DNS record type (A/AAAA/MX/SRV etc) Time of Day Time when the query is received
  • 6. © Men & Mice http://menandmice.com DNS Policies DNS Policy criteria can be combined with boolean expressions ("AND", "OR", "NOT") Powerful DNS policies are possible … … that should be used carefully 6
  • 7. © Men & Mice http://menandmice.com DNS Policies Demo 1 7 restricting DNS 
 recursion to subnets
  • 8. © Men & Mice http://menandmice.com DNS Policies Demo 1 Get-DnsServerRecursionScope -Name .
 Set-DnsServerRecursionScope -Name . -EnableRecursion $False
 Add-DnsServerRecursionScope -Name "Clients" -EnableRecursion $True 
 Add-DnsServerClientSubnet -Name "MyNetwork" ` -IPv4Subnet "172.22.1.0/24" ! Add-DnsServerQueryResolutionPolicy -Name "ResolverPolicy" `
 -Action ALLOW -ApplyOnRecursion -RecursionScope "Clients" `
 -ClientSubnet "EQ,MyNetwork" 8
  • 9. © Men & Mice http://menandmice.com DNS Policies Demo 2 9 Application load distribution using DNS
  • 10. © Men & Mice http://menandmice.com DNS Policies Demo 2 Add-DnsServerZoneScope -ZoneName example.com -Name "scope1"
 Add-DnsServerZoneScope -ZoneName example.com -Name "scope2"
 Get-DnsServerZoneScope -ZoneName example.com ! Add-DnsServerResourceRecord -A -Name www -ZoneName example.com -IPv4Address 192.0.2.10 `
 -ZoneScope "scope1"
 Add-DnsServerResourceRecord -A -Name www -ZoneName example.com -IPv4Address 192.0.2.20 `
 -ZoneScope "scope2" 
 Add-DnsServerQueryResolutionPolicy -Name "Scope1LDPolicy" -ZoneName example.com `
 -ZoneScope "scope1,4;scope,2" -Action ALLOW -ServerInterfaceIP "EQ,172.22.1.150" ! Get-DnsServerQueryResolutionPolicy -ZoneName example.com 10
  • 11. © Men & Mice http://menandmice.com IPv6 root hints Windows Server 2016 now comes with IPv6 root- hints preconfigured • root hints are required for every DNS server to find the start of all DNS resolution • Windows Server up to Windows 2012R2 only contain the IPv4 root-hints for the Internet (however it was possible to add the IPv6 root-hints manually) • This change makes it possible to run the Windows DNS server in an "IPv6-Only" network 11
  • 12. © Men & Mice http://menandmice.com DANE TLSA Record support Windows Server 2016 adds support for the TLSA Resource Record type • TLSA is required for DANE (DNS Authenticated Named Entities) • "pinning" of TLS/SSL certificates via DNSSEC secured DNS • see our previous webinar "DNSSEC & DANE – E-Mail security reloaded" 
 https://www.menandmice.com/resources/educational-resources/webinars/dnssec-and-dane-e-mail-security-reloaded/ 12
  • 13. © Men & Mice http://menandmice.com Demo: TLSA record 13
  • 14. © Men & Mice http://menandmice.com Demo: TLSA Record Add-DnsServerResourceRecord -Name _25._tcp `
 -ZoneName example.com -TLSA -CertificateUsage DomainIssuedCertificate `
 -Selector SubjectPublicKeyInfo -MatchingType Sha256Hash `
 -CertificateAssociationData 831B809F32A1A9E8C52A5167A35A979F0719B89D08E9A3302264F99D 14
  • 15. © Men & Mice http://menandmice.com Support for "Unknown Resource Records" With new protocols, new DNS record types are added to DNS •URI • SMIMEA and OPENPGPKEY • TA and TALINK • … RFC 3597 "Handling of Unknown DNS Resource Record (RR) Types" defines a way to provision a DNS server with resource records unknown to the server software 15
  • 16. © Men & Mice http://menandmice.com Support for "Unknown Resource Records" the DNS server in Windows 2016 now supports these unknown resource records • enables DNS admins to support new protocols which were not published at the release time of windows server • the record data is given in hexadecimal notation • the BIND 9 utility "named-rrchecker" can be used to convert the data part of an DNS RR into the hexadecimal format Example: definition of an IPv4 Address "A"-Record: Add-DnsServerResourceRecord -Name www -ZoneName example.com -Type 1 -RecordData "0A000001" 16
  • 17. © Men & Mice http://menandmice.com Demo: Unknown RRs 17
  • 18. © Men & Mice http://menandmice.com Demo: Unknown RRs The Uniform Resource Identifier (URI) DNS Resource Record: https://tools.ietf.org/html/rfc7553 ! > echo 'IN URI 10 1 "http://www.example.com/path"' | named-rrchecker -u
 CLASS1 TYPE256 # 31 000a0001687474703a2f2f7777772e6578616d706c652e636f6d2f70617468 ! PowerShell> Add-DnsServerResourceRecord -Name _http._tcp -ZoneName example.com `
 -Type 256 -RecordData "000a0001687474703a2f2f7777772e6578616d706c652e636f6d2f70617468" 18
  • 19. © Men & Mice http://menandmice.com Response Rate Limiting DNS responses from DNS servers in the Internet (Authoritative or DNS resolver) can be mis-used for denial of service attacks • A problem for a long time, but has been especially popular with attackers in the last five years • For additional coverage on this topic, watch our webinar "The dangers of DNS reflection attacks" 
 
 https://www.menandmice.com/resources/educational-resources/webinars/the-dangers-of-dns-reflection-attacks/ 19
  • 20. © Men & Mice http://menandmice.com What is the problem 20 DNS is UDP "stateless" communication source IP addresses can be spoofed some DNS Server in the Internet Source IP Address "spoofed" Answer is delivered to the owner of the "spoofed" IP Address
  • 21. © Men & Mice http://menandmice.com What is the problem 21 There are many many DNS servers to be found in the Internet
  • 22. © Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • RRL was developed by Vernon Schryver and Paul Vixie and implemented in BIND 9, NSD, Knot and PowerDNS. It is now also available in Windows Server 2016.
 • as all DNS queries should go through a caching server 
 • identical queries should not be seen from the same source inside the TTL (Time to Live) 
 • if the DNS server sees (many) recurring queries within the TTL, it is likely an attack 22
  • 23. © Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • response rate limiting counts the number of identical responses sent to a given network
 • will throttle outgoing responses if too much identical responses are sent
 • allows legit clients in the victims network to still resolve DNS data 23
  • 24. © Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) • in case an attack is detected, (almost) empty answers are sent with "TC" flag set
 • "TC" flag = answer truncated, retry over TCP
 • real caching DNS server will repeat the query over TCP (slower, but harder to spoof) 24
  • 25. © Men & Mice http://menandmice.com One Solution: Response Rate Limiting (RRL) •RRL enabled on an authoritative server 25
  • 26. © Men & Mice http://menandmice.com Demo: RRL 26
  • 27. © Men & Mice http://menandmice.com Miscellaneous news DHCP: Network Access Protection (NAP) has been removed from DHCPv4 in Windows Server 2016 Containers with Docker: lightweight separation of Applications on a single Windows Server 2016 instance (can be used to separate a DNS or DHCP server) Nano-Server: minimal Windows Server 2016 image without GUI. Can be used to create a lightweight DNS-Server deployment Software Defined Networking (SDN) and Layer-4 Load- Balancer: load-balance DNS server (for example DNS resolver) 27
  • 28. © Men & Mice http://menandmice.com Release Dates Windows Server 2016 will be released in Q3 2016 Men & Mice Suite 7.3 (September 2016) will support Windows Server 2016 Many of the new features will be supported in the Men & Mice GUI and Web-UI 28
  • 29. © Men & Mice http://menandmice.com Upcoming Webinar June 9th, 2016 - Yeti-DNS ! Yet-DNS - an international research project 
 on the DNS root-server system Interview with Shane Kerr of BII How-To participate in Yeti-DNS with a 
 DNS resolver 29
  • 30. © Men & Mice http://menandmice.com Thank you! ! Questions? Comments? 30