Enviar pesquisa
Carregar
Dns security threats and solutions
•
3 gostaram
•
420 visualizações
F
Frank Victory
Seguir
Infloblox Cricket Liu slides from the Denver OWASP presentation on August 17th, 2016
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 41
Recomendados
DNS Security Threats and Solutions
DNS Security Threats and Solutions
InnoTech
Advanced DNS Protection
Advanced DNS Protection
Srikrupa Srivatsan
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Jennifer Nichols
Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy?
Digital Transformation EXPO Event Series
Infoblox Secure DNS Solution
Infoblox Secure DNS Solution
Srikrupa Srivatsan
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
Jisc
DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
Recomendados
DNS Security Threats and Solutions
DNS Security Threats and Solutions
InnoTech
Advanced DNS Protection
Advanced DNS Protection
Srikrupa Srivatsan
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Jennifer Nichols
Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy?
Digital Transformation EXPO Event Series
Infoblox Secure DNS Solution
Infoblox Secure DNS Solution
Srikrupa Srivatsan
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Cómo mejorar la seguridad de los servicios de DNS, DHCP e IPAM
Mundo Contact
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
Jisc
DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PROIDEA
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
NetCraftsmen
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
MyNOG
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
MyNOG
Denial of Service
Denial of Service
MarketingArrowECS_CZ
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PROIDEA
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
The Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
Acquia
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
Radware
How to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
Seungjoo Kim
Denial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
MarketingArrowECS_CZ
DDoS Attack and Mitigation
DDoS Attack and Mitigation
Devang Badrakiya
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
ShortestPathFirst
DDOS Attack
DDOS Attack
Ahmed Salama
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWARE
Deivid Toledo
What is ddos attack
What is ddos attack
Dosarrest007
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
btpsec
Fast flux hosting and DNS
Fast flux hosting and DNS
amiable_indian
Fast flux
Fast flux
Swapnil Patil
Mais conteúdo relacionado
Mais procurados
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PROIDEA
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
NetCraftsmen
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
MyNOG
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
MyNOG
Denial of Service
Denial of Service
MarketingArrowECS_CZ
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PROIDEA
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
Marta Pacyga
The Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
Acquia
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
Radware
How to launch and defend against a DDoS
How to launch and defend against a DDoS
jgrahamc
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
Seungjoo Kim
Denial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
MarketingArrowECS_CZ
DDoS Attack and Mitigation
DDoS Attack and Mitigation
Devang Badrakiya
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
ShortestPathFirst
DDOS Attack
DDOS Attack
Ahmed Salama
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWARE
Deivid Toledo
What is ddos attack
What is ddos attack
Dosarrest007
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
btpsec
Mais procurados
(20)
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
Infoblox Cloud Solutions - Cisco Mid-Atlantic User Group
DDoS Threats Landscape : Countering Large-scale DDoS attacks
DDoS Threats Landscape : Countering Large-scale DDoS attacks
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
Are you ready for the next attack? Reviewing the SP Security Checklist
Are you ready for the next attack? Reviewing the SP Security Checklist
Denial of Service
Denial of Service
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
PLNOG15 :DDOS Attacks & Collateral Damage. Can we avoid it? Asraf Ali
The Anatomy of DDoS Attacks
The Anatomy of DDoS Attacks
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
How to launch and defend against a DDoS
How to launch and defend against a DDoS
How the CC Harmonizes with Secure Software Development Lifecycle
How the CC Harmonizes with Secure Software Development Lifecycle
Denial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
DDoS Attack and Mitigation
DDoS Attack and Mitigation
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDoS Open Threat Signaling (DOTS) Working Group Presentation on draft-ietf-do...
DDOS Attack
DDOS Attack
DDoS Mitigation - DefensePro - RADWARE
DDoS Mitigation - DefensePro - RADWARE
What is ddos attack
What is ddos attack
Ddos and mitigation methods.pptx (1)
Ddos and mitigation methods.pptx (1)
Destaque
Fast flux hosting and DNS
Fast flux hosting and DNS
amiable_indian
Fast flux
Fast flux
Swapnil Patil
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
LicensingScopeAndBoundaries
LicensingScopeAndBoundaries
William Francis
Bmit meet theexperts_2013
Bmit meet theexperts_2013
William Visterin
Workgroup Issues
Workgroup Issues
Infrastructure 2.0
Education webinar april 2012
Education webinar april 2012
Infoblox
Wp ipam infoblox
Wp ipam infoblox
islamet
Network automation seminar
Network automation seminar
patmisasi
Long Infoblox
Long Infoblox
SagehenCapitalManagement
Ipadd mngt
Ipadd mngt
James1280
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
Courtland Smith
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program
Wiley
DNS Security
DNS Security
johnmcclure00
How to Sell Security to Your CIO
How to Sell Security to Your CIO
Rapid7
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
Rahul Neel Mani
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Paladion Networks
Cyber crime v3
Cyber crime v3
Jamison Utter
DNS, DHCP & IPAM with IPv6
DNS, DHCP & IPAM with IPv6
Andreas Taudte
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
Maarten Balliauw
Destaque
(20)
Fast flux hosting and DNS
Fast flux hosting and DNS
Fast flux
Fast flux
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
LicensingScopeAndBoundaries
LicensingScopeAndBoundaries
Bmit meet theexperts_2013
Bmit meet theexperts_2013
Workgroup Issues
Workgroup Issues
Education webinar april 2012
Education webinar april 2012
Wp ipam infoblox
Wp ipam infoblox
Network automation seminar
Network automation seminar
Long Infoblox
Long Infoblox
Ipadd mngt
Ipadd mngt
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
10 Steps to Creating a Corporate Phishing Awareness Program
10 Steps to Creating a Corporate Phishing Awareness Program
DNS Security
DNS Security
How to Sell Security to Your CIO
How to Sell Security to Your CIO
Threat Exposure Management - Reduce your Risk of a Breach
Threat Exposure Management - Reduce your Risk of a Breach
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Cyber crime v3
Cyber crime v3
DNS, DHCP & IPAM with IPv6
DNS, DHCP & IPAM with IPv6
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
Semelhante a Dns security threats and solutions
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
Wilson Rogerio Lopes
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter
NetSecure Day
Make the internet safe with DNS Firewall
Make the internet safe with DNS Firewall
Bangladesh Network Operators Group
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
APNIC
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
APNIC
RedisConf18 - The Versatility of Redis - Powering our critical business using...
RedisConf18 - The Versatility of Redis - Powering our critical business using...
Redis Labs
[Redis conf18] The Versatility of Redis
[Redis conf18] The Versatility of Redis
Eiti Kimura
Malware vs Big Data
Malware vs Big Data
Frank Denis
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
Swiss IPv6 Council
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
Tom Paseka
Hunting Botnets with Zmap
Hunting Botnets with Zmap
HeadlessZeke
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
Cohesive Networks
BigData Clusters Redefined
BigData Clusters Redefined
DataWorks Summit
DNS Security Presentation ISSA
DNS Security Presentation ISSA
Srikrupa Srivatsan
NetFlow Deep Dive: NetFlow Tips and Tricks to get the Most Out of Your Networ...
NetFlow Deep Dive: NetFlow Tips and Tricks to get the Most Out of Your Networ...
SolarWinds
PHDAYS: DGAs and Threat Intelligence
PHDAYS: DGAs and Threat Intelligence
John Bambenek
Building a Large Scale SolarWinds Installation
Building a Large Scale SolarWinds Installation
SolarWinds
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
ThousandEyes
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PROIDEA
Решение Cisco Collaboration Edge
Решение Cisco Collaboration Edge
Cisco Russia
Semelhante a Dns security threats and solutions
(20)
DDoS Attacks - Scenery, Evolution and Mitigation
DDoS Attacks - Scenery, Evolution and Mitigation
#NSD15 - Attaques DDoS Internet et comment les arrêter
#NSD15 - Attaques DDoS Internet et comment les arrêter
Make the internet safe with DNS Firewall
Make the internet safe with DNS Firewall
DDoS Mitigation using BGP Flowspec
DDoS Mitigation using BGP Flowspec
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
RedisConf18 - The Versatility of Redis - Powering our critical business using...
RedisConf18 - The Versatility of Redis - Powering our critical business using...
[Redis conf18] The Versatility of Redis
[Redis conf18] The Versatility of Redis
Malware vs Big Data
Malware vs Big Data
IPv6 Security - Myths and Reality
IPv6 Security - Myths and Reality
HKNOG 1.0 - DDoS attacks in an IPv6 World
HKNOG 1.0 - DDoS attacks in an IPv6 World
Hunting Botnets with Zmap
Hunting Botnets with Zmap
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
"How overlay networks can make public clouds your global WAN" by Ryan Koop o...
BigData Clusters Redefined
BigData Clusters Redefined
DNS Security Presentation ISSA
DNS Security Presentation ISSA
NetFlow Deep Dive: NetFlow Tips and Tricks to get the Most Out of Your Networ...
NetFlow Deep Dive: NetFlow Tips and Tricks to get the Most Out of Your Networ...
PHDAYS: DGAs and Threat Intelligence
PHDAYS: DGAs and Threat Intelligence
Building a Large Scale SolarWinds Installation
Building a Large Scale SolarWinds Installation
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
PLNOG16: DDOS SOLUTIONS – CUSTOMER POINT OF VIEW, Piotr Wojciechowski
Решение Cisco Collaboration Edge
Решение Cisco Collaboration Edge
Mais de Frank Victory
Container security Familiar problems in new technology
Container security Familiar problems in new technology
Frank Victory
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifacts
Frank Victory
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackers
Frank Victory
CNG 256 cloud computing
CNG 256 cloud computing
Frank Victory
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetooth
Frank Victory
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017
Frank Victory
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Frank Victory
Active defensecombo clean
Active defensecombo clean
Frank Victory
Cng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policies
Frank Victory
Authentication vs authorization
Authentication vs authorization
Frank Victory
9.0 security (2)
9.0 security (2)
Frank Victory
Lesson 6 web based attacks
Lesson 6 web based attacks
Frank Victory
Mais de Frank Victory
(12)
Container security Familiar problems in new technology
Container security Familiar problems in new technology
Kealy OWASP interactive_artifacts
Kealy OWASP interactive_artifacts
Automation and open source turning the tide on the attackers
Automation and open source turning the tide on the attackers
CNG 256 cloud computing
CNG 256 cloud computing
CNG 256 wireless wi-fi and bluetooth
CNG 256 wireless wi-fi and bluetooth
Differential learning SnowFROC 2017
Differential learning SnowFROC 2017
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Phishing Forensics - SnowFROC - Denver Chapter of OWASP
Active defensecombo clean
Active defensecombo clean
Cng 125 – chapter 12 network policies
Cng 125 – chapter 12 network policies
Authentication vs authorization
Authentication vs authorization
9.0 security (2)
9.0 security (2)
Lesson 6 web based attacks
Lesson 6 web based attacks
Último
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ridwan Fadjar
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Allon Mureinik
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
Pixlogix Infotech
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
naman860154
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
2toLead Limited
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
Pooja Nehwal
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
soniya singh
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
shyamraj55
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
Paola De la Torre
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Sinan KOZAK
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
Último
(20)
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
How to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Dns security threats and solutions
1.
1 | ©
2013 Infoblox Inc. All Rights Reserved.1 | © 2013 Infoblox Inc. All Rights Reserved. DNS Security: Threats and Solutions Cricket Liu, Chief DNS Architect
2.
2 | ©
2013 Infoblox Inc. All Rights Reserved.2 | © 2013 Infoblox Inc. All Rights Reserved. Outline • Threat: Distributed Denial of Service and DNS • Solutions: Monitoring DNS Traffic, Anycast and Response Rate Limiting • Threat: Cache Poisoning • Solutions: Query Port Randomization and DNSSEC • Threat: Malware Propagation, Command and Control • Solution: Response Policy Zones • Threat: DNS Tunneling • Solution: Advanced DNS Protection
3.
3 | ©
2013 Infoblox Inc. All Rights Reserved.3 | © 2013 Infoblox Inc. All Rights Reserved. DDoS and DNS • DDoS attacks are twice the threat to DNS ̶ DDoS attacks target name servers ̶ DDoS attacks use name servers
4.
4 | ©
2013 Infoblox Inc. All Rights Reserved.4 | © 2013 Infoblox Inc. All Rights Reserved. DDoS Attacks Target Name Servers • Authoritative name servers are obviously a critical resource ̶ Without them, your customers can’t get to your web site, send you email • Authoritative name servers are easy to find dig ns company.example. – ”…big increase in proportion of attacks targeting DNS in Q2” – Arbor Networks –Up from 8% to 13.3% – Recent DNS query flooding attack against a Prolexic customer: 119 Gbps
5.
5 | ©
2013 Infoblox Inc. All Rights Reserved.5 | © 2013 Infoblox Inc. All Rights Reserved. And DDoS Attacks Use Name Servers • Why? ̶ Because name servers make surprisingly good amplifiers This one goes to eleven…
6.
6 | ©
2013 Infoblox Inc. All Rights Reserved.6 | © 2013 Infoblox Inc. All Rights Reserved. DDoS Illustrated Open recursive name servers Evil resolver Target Response to spoofed address Spoofed query
7.
7 | ©
2013 Infoblox Inc. All Rights Reserved.7 | © 2013 Infoblox Inc. All Rights Reserved. $ dig @sfba.sns-pb.isc.org. any isc.org. +norec +dnssec ; <<>> DiG 9.9.1-P1 <<>> @sfba.sns-pb.isc.org. any isc.org. +norec +dnssec ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34036 ;; flags: qr aa; QUERY: 1, ANSWER: 26, AUTHORITY: 0, ADDITIONAL: 15 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;isc.org. IN ANY ;; ANSWER SECTION: isc.org. 7200 IN SOA ns-int.isc.org. hostmaster.isc.org. 2013090300 7200 3600 24796800 3600 isc.org. 7200 IN RRSIG SOA 5 2 7200 20131002233248 20130902233248 50012 isc.org. hUfqnG5gKbygAeVRHjP5As31lsheMKNPD7g9MJlWZTrmD2de6Z/eCwUX kQxRT5TV0lFWjtGFuA0a4svbCZ1qHS9d/rhWc7IMziu2u+L9tbho+c4j szvGAJ9kYvalNbgpmkHdm+wmOHWmiY3cYKcl5Ps8gs5N0Q1JdkaCARPF HQs= isc.org. 7200 IN NS sfba.sns-pb.isc.org. isc.org. 7200 IN NS ns.isc.afilias-nst.info. isc.org. 7200 IN NS ams.sns-pb.isc.org. isc.org. 7200 IN NS ord.sns-pb.isc.org. isc.org. 7200 IN RRSIG NS 5 2 7200 20131002233248 20130902233248 50012 isc.org. Fdfb5ND2XUlnk/nPcPOaNBCK6307LdrhC/dqdS+TMtBjKMmXU2NJBl0h D8fOnOdKbzlwNk1JLPXq25znMNBw+ZdjMekctR2r2jTO2Xm9mT+su4ff 8r1pMcUGhpsq73V6NjIbgA3LT6zfv4gWyFdos60Ma/Bsq26SmpECQFNA RpI= isc.org. 60 IN A 149.20.64.69 isc.org. 60 IN RRSIG A 5 2 60 20131002233248 20130902233248 50012 isc.org. CkSV2VzLktJGH2PXEJl1QssxeyyUYM5pALjb06NMW0BC5vcFyuQYng2l NE/Z0J1XIHflWwGo9Gv1YZ0u/K6rGPXwgWmkl/6t0T8uNtk9u3XDhaMx QBg2P2ZAp1NEg6r3ccznGu9y+Q71g/IxcK+5Ok7gI8L18hBTi+vpCAKY q6A= isc.org. 7200 IN MX 10 mx.pao1.isc.org. isc.org. 7200 IN RRSIG MX 5 2 7200 20131002233248 20130902233248 50012 isc.org. fiALi/ebGauXvqfL4vHt5YzgIY/X0kh2WNE37wICVU6BYKkqDuWF2h5T 4ry2TmdcKj4pqVOJVSDF/A7zzRPkcpcwibTM8h5yDEMJzELAsSimj2mX BFsqTgFGtDXIGV9IU7qryFkVMrDlj9gcLkTlg1EZpyxwQH2y2XCT5BhA bQA= isc.org. 7200 IN TXT "v=spf1 a mx ip4:204.152.184.0/21 ip4:149.20.0.0/16 ip6:2001:04F8::0/32 ip6:2001:500:60::65/128 ~all" isc.org. 7200 IN TXT "$Id: isc.org,v 1.1845 2013-08-16 16:16:50 dmahoney Exp $" isc.org. 7200 IN RRSIG TXT 5 2 7200 20131002233248 20130902233248 50012 isc.org. J0UV7iIvQn7Pzu/itUN1JH4hLg8bjQo/73kBef/T/yzx/P8t6VX+MYDC ysyXNigSi1JPoWfYt7qu6eXcALQEwJ/Z156Rebefjls4R18wr+BttzWF ICb+zJ7K7o4meckc7ZQr12gIAXjij09dr9omYoObWo6/IH76S6N3Er4i xdg= isc.org. 60 IN AAAA 2001:4f8:0:2::69 isc.org. 60 IN RRSIG AAAA 5 2 60 20131002233248 20130902233248 50012 isc.org. OBWafw6hmgueTvaL06Q3zzpKODW3OIWKxHr3Z30mag1vJW5ECwlkK3xI lPr4A1Rg6SZiJp78yewBWkDB0436cY1uCJ0yzsk9YWlLW/5hScy1ueaH s2tfymZD7UdOh0FuLs05gunsxK2Of3DCG3Zh3cD4FMnu8ju1CuLD2+dU W1U= isc.org. 7200 IN NAPTR 20 0 "S" "SIP+D2U" "" _sip._udp.isc.org. isc.org. 7200 IN RRSIG NAPTR 5 2 7200 20131002233248 20130902233248 50012 isc.org. s9cuc6O0e2kgBNffd6dyJyJH1Zm5Wd0pRO1q5aKMc7UsiKFUI7MI7Q8N VzTqwM/zWh2VzvtV/w1O3IHuSiXBN9k51Loy4WGHJSDcXs865PWjHJwJ jRqfz1bE+LsW/aZD2Ud/iGyhCoQPeZIOcqB6plB+keIf3mGR0bHkdjV+ Zw4= isc.org. 3600 IN NSEC _adsp._domainkey.isc.org. A NS SOA MX TXT AAAA NAPTR RRSIG NSEC DNSKEY SPF isc.org. 3600 IN RRSIG NSEC 5 2 3600 20131002233248 20130902233248 50012 isc.org. K3/RL0nn54FkFvcPnaecG26JjQVCZL1g41zB02YssxZnE/3lX9X4O8uk DrONRdvKEeMq51YUy8NBljWAlPOIRYD0lWUMrXuSNHMyGIFwHFIZqNrN CuQUl+24oPQXi3/wWX0TGH5XW9XF2IB+Dc1zdP/5qRHiKCjAnYDNE384 PAQ= isc.org. 7200 IN DNSKEY 257 3 5 BEAAAAOhHQDBrhQbtphgq2wQUpEQ5t4DtUHxoMVFu2hWLDMvoOMRXjGr hhCeFvAZih7yJHf8ZGfW6hd38hXG/xylYCO6Krpbdojwx8YMXLA5/kA+ u50WIL8ZR1R6KTbsYVMf/Qx5RiNbPClw+vT+U8eXEJmO20jIS1ULgqy3 47cBB1zMnnz/4LJpA0da9CbKj3A254T515sNIMcwsB8/2+2E63/zZrQz Bkj0BrN/9Bexjpiks3jRhZatEsXn3dTy47R09Uix5WcJt+xzqZ7+ysyL KOOedS39Z7SDmsn2eA0FKtQpwA6LXeG2w+jxmw3oA8lVUgEf/rzeC/bB yBNsO70aEFTd isc.org. 7200 IN DNSKEY 256 3 5 BQEAAAABwuHz9Cem0BJ0JQTO7C/a3McR6hMaufljs1dfG/inaJpYv7vH XTrAOm/MeKp+/x6eT4QLru0KoZkvZJnqTI8JyaFTw2OM/ItBfh/hL2lm Cft2O7n3MfeqYtvjPnY7dWghYW4sVfH7VVEGm958o9nfi79532Qeklxh x8pXWdeAaRU= isc.org. 7200 IN RRSIG DNSKEY 5 2 7200 20131002230127 20130902230127 12892 isc.org. ioYDVytf4YoAHCVxdz6U/fuQCaH2f2XVUExEexo48e55vLVSre5GkBG1 Wyn/4FeWLOUVWm5HElbL/hK2QEResp0csAwTnllU7W8fM65aS7pIO9JZ QWMvkPxQjsTYzEP1P2GA8NVGRUhz17RMLLSFgAJS9aEI7xK0fMwsd9U4 Az+B9J8xVz5GGMb8FStEXMYauE9r8Z5G4ZzRZUv619lXYH+Uhha5QUfq IcVYvtOt+QLlwdWV4Kt3fp3m6KveBAnIiorPSjOd40PfWZD3CQ4GqVIc EyYai55bKN1hVgtFRhL8MqGexvbPvU49RKekeJihf7pzfM6nlo5+Xqvj WBe+EQ== Amplification: They Go Past Eleven… Query for isc.org/ANY 44 bytes sent, 4077 bytes received ~93x amplification!
8.
8 | ©
2013 Infoblox Inc. All Rights Reserved.8 | © 2013 Infoblox Inc. All Rights Reserved. A Little Math • Say each bot has a measly 1 Mbps connection to the Internet ̶ It can send 1Mbps/44B =~ 2909 qps ̶ That generates 2909 pps * 4077B =~ 93 Mbps • So 11 bots > 1 Gbps
9.
9 | ©
2013 Infoblox Inc. All Rights Reserved.9 | © 2013 Infoblox Inc. All Rights Reserved. Solution: Monitoring DNS Traffic • Monitor traffic to your name servers, including ̶ Aggregate query rate ̶ Top queriers
10.
10 | ©
2013 Infoblox Inc. All Rights Reserved.10 | © 2013 Infoblox Inc. All Rights Reserved. Monitoring Aggregate Query Rate
11.
11 | ©
2013 Infoblox Inc. All Rights Reserved.11 | © 2013 Infoblox Inc. All Rights Reserved. Setting an Alert on Aggregate Query Rate
12.
12 | ©
2013 Infoblox Inc. All Rights Reserved.12 | © 2013 Infoblox Inc. All Rights Reserved. Monitoring Top Clients
13.
13 | ©
2013 Infoblox Inc. All Rights Reserved.13 | © 2013 Infoblox Inc. All Rights Reserved. Solution: Anycast • Anycast allows multiple, distributed name servers to share a single virtual IP address • Each name server advertises a route to that address to its neighbors • Queries sent to that address are routed to the closest name server instance
14.
14 | ©
2013 Infoblox Inc. All Rights Reserved.14 | © 2013 Infoblox Inc. All Rights Reserved. Anycast in Action Router 2 Router 4Router 3 Router 1 Server instance A Server instance B Client DNS query to 10.0.0.1 Routing table from Router 1: Destination Mask Next-Hop Distance 192.168.0.0 /29 127.0.0.1 0 10.0.0.1 /32 192.168.0.1 1 10.0.0.1 /32 192.168.0.2 2 192.168.0.1 192.168.0.2 10.0.0.1 10.0.0.1
15.
15 | ©
2013 Infoblox Inc. All Rights Reserved.15 | © 2013 Infoblox Inc. All Rights Reserved. Anycast in Action Router 2 Router 4Router 3 Router 1 Server instance A Server instance B Client Routing table from Router 1: Destination Mask Next-Hop Distance 192.168.0.0 /29 127.0.0.1 0 10.0.0.1 /32 192.168.0.1 1 10.0.0.1 /32 192.168.0.2 2 192.168.0.1 192.168.0.2 10.0.0.1 10.0.0.1
16.
16 | ©
2013 Infoblox Inc. All Rights Reserved.16 | © 2013 Infoblox Inc. All Rights Reserved. How Does Anycast Address DDoS? • From any one location on the Internet, you can only see (and hence attack) a single member of an anycast group at once • If you succeed in taking out that replica, routing will shift traffic to another ̶ The first replica will probably recover ̶ It’s like Whac-A-Mole
17.
17 | ©
2013 Infoblox Inc. All Rights Reserved.17 | © 2013 Infoblox Inc. All Rights Reserved. Anycast Made Easy
18.
18 | ©
2013 Infoblox Inc. All Rights Reserved.18 | © 2013 Infoblox Inc. All Rights Reserved. Solution: Response Rate Limiting • Originally a patch to BIND 9 by Paul Vixie and Vernon Schryver ̶ Now included in BIND 9, other name servers • Applies to authoritative name servers used in DDoS attacks against others • Prevents these name servers from sending the same response to the same client too frequently
19.
19 | ©
2013 Infoblox Inc. All Rights Reserved.19 | © 2013 Infoblox Inc. All Rights Reserved. How RRL Works isc.org/ANY [4077 byte response] token bucket Evil resolver Target isc.org name servers
20.
20 | ©
2013 Infoblox Inc. All Rights Reserved.20 | © 2013 Infoblox Inc. All Rights Reserved. How Well Does RRL Work? • Pretty darn well
21.
40 | ©
2013 Infoblox Inc. All Rights Reserved.40 | © 2013 Infoblox Inc. All Rights Reserved. • Tunneling data surreptitiously into or out of a network using DNS as a vector ̶ This is often effective because - DNS is generally allowed into and out of an organization (e.g., you can look up Internet domain names from inside the network) - DNS queries and responses are usually poorly monitored ̶ Can be used - As a command and control channel for a botnet - To download new code to existing malware - To exfiltrate data from the internal network to a drop server Threat: DNS Tunneling
22.
41 | ©
2013 Infoblox Inc. All Rights Reserved.41 | © 2013 Infoblox Inc. All Rights Reserved. DNS Tunneling Example: Infiltration Recursive name server Infected host Forwarder hacker.org name server D: [infected host] A: 0.[id].hacker.org TXT “0.[base-64-encoded data]” 0.[id].hacker.org TXT “1.[base-64-encoded data]” … S: [infected host] Q: 0.[id].hacker.org/TXT ?
23.
42 | ©
2013 Infoblox Inc. All Rights Reserved.42 | © 2013 Infoblox Inc. All Rights Reserved. DNS Tunneling Example: Exfiltration Recursive name server Infected host Forwarder hacker.org name server D: [infected host] A: NXDOMAIN S: [infected host] Q: 0.[base-32-encoded data].[id].hacker.org/A ? D: [infected host] A: NXDOMAIN S: [infected host] Q: 1.[base-32-encoded data].[id].hacker.org/A ?
24.
43 | ©
2013 Infoblox Inc. All Rights Reserved.43 | © 2013 Infoblox Inc. All Rights Reserved. DNS Tunneling Example: Exfiltration, Take 2 Recursive name server Infected host Forwarder hacker.org name server S: [random] Q: 0.[base-32-encoded data].[id].hacker.org/A ? S: [random] Q: 1.[base-32-encoded data].[id].hacker.org/A ?
25.
44 | ©
2013 Infoblox Inc. All Rights Reserved.44 | © 2013 Infoblox Inc. All Rights Reserved. Sound Complicated to Implement? OzymanDNS: http://dankaminsky.com/2004/07/29/51/ Iodine: http://code.kryo.se/iodine Dns2tcp: http://www.hsc.fr/ressources/outils/dns2tcp NSTX: http://savannah.nongnu.org/projects/nstx Squeeza: http://www.sensepost.com Heyoka: http://heyoka.sourceforge.net
26.
45 | ©
2013 Infoblox Inc. All Rights Reserved.45 | © 2013 Infoblox Inc. All Rights Reserved. Infoblox Advanced Appliances Advanced Appliances include next-generation programmable processors for deep packet inspection
27.
46 | ©
2013 Infoblox Inc. All Rights Reserved.46 | © 2013 Infoblox Inc. All Rights Reserved. Infoblox Advanced Appliances • Infoblox Advanced Appliances use heuristics to detect, report and thwart DNS tunneling ̶ “Hmm, that’s a lot of queries for TXT records.” ̶ “Those are interesting-looking domain names you’re looking up.” • They also help combat ̶ Cache poisoning ̶ DDoS attacks ̶ Malformed DNS messages • And they’re updated automatically to respond to new threats
28.
47 | ©
2013 Infoblox Inc. All Rights Reserved.47 | © 2013 Infoblox Inc. All Rights Reserved.
29.
48 | ©
2013 Infoblox Inc. All Rights Reserved.48 | © 2013 Infoblox Inc. All Rights Reserved. Threat: Malware Uses DNS • Malware infects clients when they visit malicious web sites, whose names are resolved using DNS • Malware then uses DNS to evade detection ̶ Resolving compiled-in lists of domain names until it finds an active command-and-control server ̶ Resolving domain names synthesized by a domain generation algorithm until it finds an active command-and-control server • Malware can then use DNS as a covert communications channel ̶ As a bidirectional command-and-control channel ̶ As a channel to download new malicious code ̶ As a channel to exfiltrate valuable data
30.
49 | ©
2013 Infoblox Inc. All Rights Reserved.49 | © 2013 Infoblox Inc. All Rights Reserved. Solution: Response Policy Zones • Many organizations on the Internet track malicious activity ̶ They know which web sites are malicious ̶ They know which domain names malware look up to rendezvous with command-and-control servers • Response Policy Zones are funny-looking zones that embed rules instead of records ̶ The rules say, “If someone looks up a record for this [malicious] domain name, or that points to this [malicious] IP address, do this.” ̶ This is generally “return an error” or “return the address of this walled garden” instead
31.
50 | ©
2013 Infoblox Inc. All Rights Reserved.50 | © 2013 Infoblox Inc. All Rights Reserved. How Response Policy Zones Work Infected client Local recursive name server Master name server (run by RPZ feed provider) RPZ data via zone transferQuery for malicious domain name Error or redirect log
32.
51 | ©
2013 Infoblox Inc. All Rights Reserved.51 | © 2013 Infoblox Inc. All Rights Reserved. Where Do I Get One of These Newfangled RPZs?• From Infoblox! • From a provider such as Spamhaus or SURBL • From a commercial provider such as Internet Identity or Farsight Security
33.
52 | ©
2013 Infoblox Inc. All Rights Reserved.52 | © 2013 Infoblox Inc. All Rights Reserved. Managing Response Policy Zones
34.
53 | ©
2013 Infoblox Inc. All Rights Reserved.53 | © 2013 Infoblox Inc. All Rights Reserved. Managing Response Policy Zones (continued)
35.
55 | ©
2013 Infoblox Inc. All Rights Reserved.55 | © 2013 Infoblox Inc. All Rights Reserved. Analytics in the Cloud • There’s a limit to an individual name server’s ability to detect malicious activity ̶ Limited visibility into DNS traffic (i.e., only some of one organization’s traffic) ̶ Limited time window (i.e., only current DNS traffic plus a cache of a few hours) • To do a better job, we need to ̶ Aggregate traffic and ̶ Store it longer
36.
56 | ©
2013 Infoblox Inc. All Rights Reserved.56 | © 2013 Infoblox Inc. All Rights Reserved. Passive DNS Recursive name server Root name servers com name servers example.com name servers Analytics Cloud pDNS replication
37.
57 | ©
2013 Infoblox Inc. All Rights Reserved.57 | © 2013 Infoblox Inc. All Rights Reserved. Closing the Loop Analytics Cloud Customer 1 Customer 2 … Customer 9000 RPZ
38.
58 | ©
2013 Infoblox Inc. All Rights Reserved.58 | © 2013 Infoblox Inc. All Rights Reserved. What Can Analytics Do? • Identify fast-fluxing and similar techniques • Identify tunneling, even previously unknown • Identify Domain-Generation Algorithms (DGAs), even previously unknown • Identify suspicious resolution patterns, e.g., east-west resolution • Identify potential unauthorized access to cloud-based services • Identify cache poisoning of your domain names in others’ caches • Identify tradename infringement and phishing • Provide herd immunity
39.
59 | ©
2013 Infoblox Inc. All Rights Reserved.59 | © 2013 Infoblox Inc. All Rights Reserved. Here Comes the Cavalry! • Anycast • Response Rate Limiting • The DNS Security Extensions • Response Policy Zones • Advanced DNS Protection
40.
61 | ©
2013 Infoblox Inc. All Rights Reserved.61 | © 2013 Infoblox Inc. All Rights Reserved. Questions?
41.
62 | ©
2013 Infoblox Inc. All Rights Reserved.62 | © 2013 Infoblox Inc. All Rights Reserved. Thank you!