SlideShare a Scribd company logo

DNS Security Presentation ISSA

Download as PPTX, PDF
Srikrupa Srivatsan
Srikrupa Srivatsan

DNS is critical network infrastructure and securing it against attacks like DDoS, NXDOMAIN, hijacking and Malware/APT is very important to protecting any business.

Technology
1 of 27
Domain Name System (DNS) Network Security Asset or Achilles Heel? Srikrupa Srivatsan, Sr. Product Marketing Manager, Infoblox September 19, 2014 1 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
Agenda • What is DNS and How Does it Work? • Threat Landscape Trends • Common Attack Vectors ̶ Anatomy of an attack: DNS Hijacking ̶ Anatomy of an attack: Reflection Attack ̶ Anatomy of an attack: DNS DDoS • How To Protect Yourself? • Q & A 3 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
What is the Domain Name System (DNS)? • Address book for all of internet • Translates “google.com” to 173.194.115.96 • Invented in 1983 by Paul Mokapetris (UC Irvine) Without DNS, The Internet & Network Communications Would Stop 4 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
How Does DNS Work? 5 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. ISP DNS SERVER ROOT DNS SERVER WWW.GOOGLE.COM 173.194.115.96 “I need directions to www.google.com” “That domain is not in my server, I will ask another DNS Server” “That’s in my cache, it maps to: 173.194.115.96 “Great, I’ll put that in my cache in case I get another request” 173.194.115.96 “Great, now I know how to get to www.google.com”
For Bad Guys, DNS Is a Great Target DNS is the cornerstone of the Internet used by every business/ Government 6 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. DNS is fairly easy to exploit Traditional protection is ineffective against evolving threats DNS Outage = Business Downtime
The Rising Tide of DNS Threats Are You Prepared? In the last year alone there has been an increase of 200% DNS attacks1 7 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. 58% DDoS attacks1 With possible amplification up to 100x on a DNS attack, the amount of traffic delivered to a victim can be huge 28M Pose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks2 33M Number of open recursive DNS servers2 2M With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant 1. Quarterly Global DDoS Attack Report, Prolexic, 1st Quarter, 2013 2. www.openresolverproject.org
The Rising Tide of DNS Threats ? DNS attacks are rising for 3 reasons: 2 Asymmetric amplification 3 High-value target 8 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Countries of origin for the most DDoS attacks in the last year China US Brazil Russia France India Germany Korea Egypt Taiwan 1 Easy to spoof
The Rising Tide of DNS Threats Financial impact is huge The average loss for a 24-hour outage from a DDoS attack3 Avg estimated loss per DDoS event in 20123 -$7.7M -$13.6M 9 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Financial services Technology Government company -$17M 42% Enterprise 29% Commerce Financial Services Business Services 13% 21% 2% Healthcare 1% Automotive 5% Miscellaneous 5% Public Sector 17% Media & Entertainment 7% High Tech Consumer Goods 2% 5% Hotels 22% Retail Top Industries Targeted4 $27 million 3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, 2013 4. State of the Internet, Akamai, 2nd Quarter, 2013
DNS Attack Vectors 10 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
The DNS Security Challenges 1 Securing the DNS Platform Defending Against DNS Attacks DDoS / Cache Poisoning 2 3 Preventing Malware from using DNS 11 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
Anatomy of an Attack Syrian Electronic Army 12 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
Anatomy of an Attack Distributed Reflection DoS Attack (DrDoS) 13 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. How the attack works Internet Attacker Target Victim Combines reflection and amplification Uses third-party open resolvers in the Internet (unwitting accomplice) Attacker sends spoofed queries to the open recursive servers Uses queries specially crafted to result in a very large response Causes DDoS on the victim’s server
Anatomy of an Attack DNS DDoS For Hire • DDoS attacks against major U.S financial institutions • Launching (DDoS) taking advantage of Server bandwidth • 4 types of DDoS attacks: ̶ DNS amplification, ̶ Spoofed SYN, ̶ Spoofed UDP ̶ HTTP+ proxy support • Script offered for $800 14 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
The Rising Tide of DNS Threats 15 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Top 10 DNS attacks DNS amplification: Use amplification in DNS reply to flood victim Protocol anomalies: Malformed DNS packets causing server to crash DNS hijacking: Subverting resolution of DNS queries to point to rogue DNS server Reconnaissance: Probe to get information on network environment before launching attack Fragmentation: Traffic with lots of small out of order fragments TCP/UDP/ICMP floods: Flood victim’s network with large amounts of traffic DNS cache poisoning: Corruption of a DNS cache database with a rogue address DNS tunneling: Tunneling of another protocol through DNS for data ex-filtration DNS based exploits: Exploit vulnerabilities in DNS software DNS reflection/DrDos: Use third party DNS servers to propagate DDoS attack
Protection Best Practices 16 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
Help Is On the Way! 17 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Collaboration Dedicated Appliances Monitoring DNSSEC RPZ Advanced DNS Protection
Get the Teams Talking – Questions to Ask: • Who in your org is responsible for DNS Security? • What methods, procedures, tools do you have in place to detect and mitigate DNS attacks? • Would you know if an attack was happening, would you know how to stop it? Network Team 18 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Security Team IT Apps Team IT OPS Team
Hardened DNS Appliances Conventional Server Approach Hardened Appliance Approach 19 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..  Dedicated hardware with no unnecessary logical or physical ports  No OS-level user accounts – only admin accts  Immediate updates to new security threats  Secure HTTPS-based access to device management  No SSH or root-shell access  Encrypted device to device communication Multiple Open Ports – Many open ports subject to attack – Users have OS-level account privileges on server – Requires time-consuming manual updates Limited Port Access Update Secure Service Access 19
Monitoring & Alert on Aggregate Query Rate 20 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
DNSSEC • Fixes Kaminsky Vulnerability • DNS Security Extensions • Uses public key cryptography to verify the authenticity of DNS zone data (records) ̶ DNSSEC zone data is digitally signed using a private key for that zone ̶ A DNS server receiving DNSSEC signed zone data can verify the origin and integrity of the data by checking the signature using the public key for that zone 21 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
Advanced DNS Protection 22 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Reporting Server Automatic updates Updated Threat- Intelligence Server Advanced DNS Protection (External DNS) Reports on attack types, severity Legitimate Traffic Advanced DNS Protection (Internal DNS) Data for Reports
Response Policy Zones - RPZ Blocking Queries to Malicious Domains An infected device brought into 23 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. the office. Malware spreads to other devices on network. 1 2 3 Malware makes a DNS query to find “home.” (botnet / C&C). DNS Server detects & blocks DNS query to malicious domain Malicious domains DNS Server with RPZ Capability Blocked attempt sent to Syslog Malware / APT 1 2 Malware / APT spreads within network; Calls home 4 Query to malicious domain logged security teams can now identify requesting end-point and attmept remediation RPZ regularly updated with malicious domain data using available reputational feeds 4 Reputational Feed: IPs, Domains, etc. of Bad Servers Internet Intranet 3 2
Take the DNS Security Risk Assessment 1. Analyzes your organization’s DNS setup to assess level of risk of exposure to DNS threats 2. Provides DNS Security Risk Score and analysis based on answers given 3. www.infoblox.com/dnssecurityscore Higher score = higher DNS security risk!! 24 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
Call to Action • DNS security vulnerabilities pose a significant threat • Raise the awareness of DNS and DNS security vulnerabilities in your organization • There are multitudes of resources available to help • Seek help if needed to protect DNS • Talk to Infoblox 25 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
Infoblox Overview & Business Update Leader in technology for network control 26 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. ($MM) Founded in 1999 Headquartered in Santa Clara, CA with global operations in 25 countries Market leadership • DDI Market Leader (Gartner) • 50% DDI Market Share (IDC) 7,300+ customers 74,000+ systems shipped 46 patents, 27 pending IPO April 2012: NYSE BLOX Total Revenue (Fiscal Year Ending July 31) $35.0 $56.0 $61.7 $102.2 $132.8 $169.2 $225.0 $250 $200 $150 $100 $50 $0 FY2007 FY2008 FY2009 FY2010 FY2011 FY2012 FY2013
IT Analyst Validation • Gartner: “usage of a commercial DDI solution can reduce (network) OPEX by 50% or more.” • IDC: Infoblox is the only major DDI vendor to gain market share over the past three years. • Gartner: “Infoblox is the DDI market leader in terms of mainstream brand awareness.” 27 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Worldwide DDI Market Share – 2013
28 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Q&A

Recommended

Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisDvir Volk
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsJonas Bonér
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.Taras Matyashovsky
 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & FeaturesDataStax Academy
 
Introduction to memcached
Introduction to memcachedIntroduction to memcached
Introduction to memcachedJurriaan Persyn
 
Introduction to Apache ZooKeeper
Introduction to Apache ZooKeeperIntroduction to Apache ZooKeeper
Introduction to Apache ZooKeeperSaurav Haloi
 
Intro to HBase
Intro to HBaseIntro to HBase
Intro to HBasealexbaranau
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisArnab Mitra
 

Recommended

Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisDvir Volk
 
Scalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsScalability, Availability & Stability Patterns
Scalability, Availability & Stability PatternsJonas Bonér
 
From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.From cache to in-memory data grid. Introduction to Hazelcast.
From cache to in-memory data grid. Introduction to Hazelcast.Taras Matyashovsky
 
Cassandra Introduction & Features
Cassandra Introduction & FeaturesCassandra Introduction & Features
Cassandra Introduction & FeaturesDataStax Academy
 
Introduction to memcached
Introduction to memcachedIntroduction to memcached
Introduction to memcachedJurriaan Persyn
 
Introduction to Apache ZooKeeper
Introduction to Apache ZooKeeperIntroduction to Apache ZooKeeper
Introduction to Apache ZooKeeperSaurav Haloi
 
Intro to HBase
Intro to HBaseIntro to HBase
Intro to HBasealexbaranau
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisArnab Mitra
 
Apache Spark Architecture
Apache Spark ArchitectureApache Spark Architecture
Apache Spark ArchitectureAlexey Grishchenko
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm Chandler Huang
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBMike Dirolf
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
Apache Zookeeper
Apache ZookeeperApache Zookeeper
Apache ZookeeperNguyen Quang
 
From distributed caches to in-memory data grids
From distributed caches to in-memory data gridsFrom distributed caches to in-memory data grids
From distributed caches to in-memory data gridsMax Alexejev
 
Redis cluster
Redis clusterRedis cluster
Redis clusteriammutex
 
Stability Patterns for Microservices
Stability Patterns for MicroservicesStability Patterns for Microservices
Stability Patterns for Microservicespflueras
 
Redis Introduction
Redis IntroductionRedis Introduction
Redis IntroductionAlex Su
 
Redis Overview
Redis OverviewRedis Overview
Redis OverviewHoang Long
 
A simple introduction to redis
A simple introduction to redisA simple introduction to redis
A simple introduction to redisZhichao Liang
 
SQOOP PPT
SQOOP PPTSQOOP PPT
SQOOP PPTDushhyant Kumar
 
When to Use MongoDB
When to Use MongoDBWhen to Use MongoDB
When to Use MongoDBMongoDB
 
NoSQL databases - An introduction
NoSQL databases - An introductionNoSQL databases - An introduction
NoSQL databases - An introductionPooyan Mehrparvar
 
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDB
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDBComparing Apache Cassandra 4.0, 3.0, and ScyllaDB
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDBScyllaDB
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big DataRommel Garcia
 
HBase in Practice
HBase in PracticeHBase in Practice
HBase in Practicelarsgeorge
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security ArchitectureOwen O'Malley
 
Caching
CachingCaching
CachingNascenia IT
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBRavi Teja
 
Etsy Activity Feeds Architecture
Etsy Activity Feeds ArchitectureEtsy Activity Feeds Architecture
Etsy Activity Feeds ArchitectureDan McKinley
 
DNS Security
DNS SecurityDNS Security
DNS Securityinbroker
 

More Related Content

What's hot

Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm Chandler Huang
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBMike Dirolf
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013mumrah
 
From distributed caches to in-memory data grids
From distributed caches to in-memory data gridsFrom distributed caches to in-memory data grids
From distributed caches to in-memory data gridsMax Alexejev
 
Redis cluster
Redis clusterRedis cluster
Redis clusteriammutex
 
Stability Patterns for Microservices
Stability Patterns for MicroservicesStability Patterns for Microservices
Stability Patterns for Microservicespflueras
 
Redis Introduction
Redis IntroductionRedis Introduction
Redis IntroductionAlex Su
 
Redis Overview
Redis OverviewRedis Overview
Redis OverviewHoang Long
 
A simple introduction to redis
A simple introduction to redisA simple introduction to redis
A simple introduction to redisZhichao Liang
 
When to Use MongoDB
When to Use MongoDBWhen to Use MongoDB
When to Use MongoDBMongoDB
 
NoSQL databases - An introduction
NoSQL databases - An introductionNoSQL databases - An introduction
NoSQL databases - An introductionPooyan Mehrparvar
 
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDB
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDBComparing Apache Cassandra 4.0, 3.0, and ScyllaDB
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDBScyllaDB
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big DataRommel Garcia
 
HBase in Practice
HBase in PracticeHBase in Practice
HBase in Practicelarsgeorge
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security ArchitectureOwen O'Malley
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDBRavi Teja
 

What's hot (20)

Apache Spark Architecture
Apache Spark ArchitectureApache Spark Architecture
Apache Spark Architecture
 
Introduction to Storm
Introduction to Storm Introduction to Storm
Introduction to Storm
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDB
 
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
Introduction and Overview of Apache Kafka, TriHUG July 23, 2013
 
Apache Zookeeper
Apache ZookeeperApache Zookeeper
Apache Zookeeper
 
From distributed caches to in-memory data grids
From distributed caches to in-memory data gridsFrom distributed caches to in-memory data grids
From distributed caches to in-memory data grids
 
Redis cluster
Redis clusterRedis cluster
Redis cluster
 
Stability Patterns for Microservices
Stability Patterns for MicroservicesStability Patterns for Microservices
Stability Patterns for Microservices
 
Redis Introduction
Redis IntroductionRedis Introduction
Redis Introduction
 
Redis Overview
Redis OverviewRedis Overview
Redis Overview
 
A simple introduction to redis
A simple introduction to redisA simple introduction to redis
A simple introduction to redis
 
SQOOP PPT
SQOOP PPTSQOOP PPT
SQOOP PPT
 
When to Use MongoDB
When to Use MongoDBWhen to Use MongoDB
When to Use MongoDB
 
NoSQL databases - An introduction
NoSQL databases - An introductionNoSQL databases - An introduction
NoSQL databases - An introduction
 
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDB
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDBComparing Apache Cassandra 4.0, 3.0, and ScyllaDB
Comparing Apache Cassandra 4.0, 3.0, and ScyllaDB
 
Open Source Security Tools for Big Data
Open Source Security Tools for Big DataOpen Source Security Tools for Big Data
Open Source Security Tools for Big Data
 
HBase in Practice
HBase in PracticeHBase in Practice
HBase in Practice
 
Hadoop Security Architecture
Hadoop Security ArchitectureHadoop Security Architecture
Hadoop Security Architecture
 
Caching
CachingCaching
Caching
 
Introduction to MongoDB
Introduction to MongoDBIntroduction to MongoDB
Introduction to MongoDB
 

Viewers also liked

Etsy Activity Feeds Architecture
Etsy Activity Feeds ArchitectureEtsy Activity Feeds Architecture
Etsy Activity Feeds ArchitectureDan McKinley
 
DNS Security
DNS SecurityDNS Security
DNS Securityinbroker
 
Pushing Python: Building a High Throughput, Low Latency System
Pushing Python: Building a High Throughput, Low Latency SystemPushing Python: Building a High Throughput, Low Latency System
Pushing Python: Building a High Throughput, Low Latency SystemKevin Ballard
 
Airbnb tech talk: Levi Weintraub on webkit
Airbnb tech talk: Levi Weintraub on webkitAirbnb tech talk: Levi Weintraub on webkit
Airbnb tech talk: Levi Weintraub on webkitnaseemh
 
Анонимные записи в Haskell. Никита Волков
Анонимные записи в Haskell. Никита ВолковАнонимные записи в Haskell. Никита Волков
Анонимные записи в Haskell. Никита ВолковЮрий Сыровецкий
 
Монады для барабанщиков. Антон Холомьёв
Монады для барабанщиков. Антон ХоломьёвМонады для барабанщиков. Антон Холомьёв
Монады для барабанщиков. Антон ХоломьёвЮрий Сыровецкий
 
Intro to Functional Programming
Intro to Functional ProgrammingIntro to Functional Programming
Intro to Functional ProgrammingHugo Firth
 
Category theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) DataCategory theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) Datagreenwop
 
CSS/SVG Matrix Transforms
CSS/SVG Matrix TransformsCSS/SVG Matrix Transforms
CSS/SVG Matrix TransformsMarc Grabanski
 
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile FrameworkBuilding a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile FrameworkSt. Petersburg College
 
Introduction to jQuery Mobile - Web Deliver for All
Introduction to jQuery Mobile - Web Deliver for AllIntroduction to jQuery Mobile - Web Deliver for All
Introduction to jQuery Mobile - Web Deliver for AllMarc Grabanski
 
Who's More Functional: Kotlin, Groovy, Scala, or Java?
Who's More Functional: Kotlin, Groovy, Scala, or Java?Who's More Functional: Kotlin, Groovy, Scala, or Java?
Who's More Functional: Kotlin, Groovy, Scala, or Java?Andrey Breslav
 
"Немного о функциональном программирование в JavaScript" Алексей Коваленко
"Немного о функциональном программирование в JavaScript" Алексей Коваленко"Немного о функциональном программирование в JavaScript" Алексей Коваленко
"Немного о функциональном программирование в JavaScript" Алексей КоваленкоFwdays
 

Viewers also liked (17)

Etsy Activity Feeds Architecture
Etsy Activity Feeds ArchitectureEtsy Activity Feeds Architecture
Etsy Activity Feeds Architecture
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Pushing Python: Building a High Throughput, Low Latency System
Pushing Python: Building a High Throughput, Low Latency SystemPushing Python: Building a High Throughput, Low Latency System
Pushing Python: Building a High Throughput, Low Latency System
 
Airbnb tech talk: Levi Weintraub on webkit
Airbnb tech talk: Levi Weintraub on webkitAirbnb tech talk: Levi Weintraub on webkit
Airbnb tech talk: Levi Weintraub on webkit
 
Security of DNS
Security of DNSSecurity of DNS
Security of DNS
 
Анонимные записи в Haskell. Никита Волков
Анонимные записи в Haskell. Никита ВолковАнонимные записи в Haskell. Никита Волков
Анонимные записи в Haskell. Никита Волков
 
Монады для барабанщиков. Антон Холомьёв
Монады для барабанщиков. Антон ХоломьёвМонады для барабанщиков. Антон Холомьёв
Монады для барабанщиков. Антон Холомьёв
 
Intro to Functional Programming
Intro to Functional ProgrammingIntro to Functional Programming
Intro to Functional Programming
 
Category theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) DataCategory theory, Monads, and Duality in the world of (BIG) Data
Category theory, Monads, and Duality in the world of (BIG) Data
 
CSS/SVG Matrix Transforms
CSS/SVG Matrix TransformsCSS/SVG Matrix Transforms
CSS/SVG Matrix Transforms
 
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile FrameworkBuilding a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
Building a Simple Mobile-optimized Web App Using the jQuery Mobile Framework
 
HTML5 Essentials
HTML5 EssentialsHTML5 Essentials
HTML5 Essentials
 
Introduction to jQuery Mobile - Web Deliver for All
Introduction to jQuery Mobile - Web Deliver for AllIntroduction to jQuery Mobile - Web Deliver for All
Introduction to jQuery Mobile - Web Deliver for All
 
Who's More Functional: Kotlin, Groovy, Scala, or Java?
Who's More Functional: Kotlin, Groovy, Scala, or Java?Who's More Functional: Kotlin, Groovy, Scala, or Java?
Who's More Functional: Kotlin, Groovy, Scala, or Java?
 
"Немного о функциональном программирование в JavaScript" Алексей Коваленко
"Немного о функциональном программирование в JavaScript" Алексей Коваленко"Немного о функциональном программирование в JavaScript" Алексей Коваленко
"Немного о функциональном программирование в JavaScript" Алексей Коваленко
 
jQuery Essentials
jQuery EssentialsjQuery Essentials
jQuery Essentials
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 

Similar to DNS Security Presentation ISSA

PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PROIDEA
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPROIDEA
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PROIDEA
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsEmulex Corporation
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolJisc
 
Stopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaStopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaCloudflare
 
From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...Jisc
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsIJNSA Journal
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiProfessor Lili Saghafi
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarAdelaide Hill
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCCloudflare
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyNexusguard
 
ddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdfddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdfTuPhan66
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough? Zscaler
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCCloudflare
 

Similar to DNS Security Presentation ISSA (20)

Advanced DNS Protection
Advanced DNS ProtectionAdvanced DNS Protection
Advanced DNS Protection
 
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
 
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS ProtectionPLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
PLNOG 13: Adam Obszyński: Case Study – Infoblox Advanced DNS Protection
 
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
PLNOG16: DNS – przyjaciel e-szpiegów i e-złodziei. Analityka w służbie jej DN...
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
Stopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South AfricaStopping DDoS Attacks In South Africa
Stopping DDoS Attacks In South Africa
 
From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...From liability to asset, the role you should be playing in your security arch...
From liability to asset, the role you should be playing in your security arch...
 
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONSA SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
A survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigationsA survey of trends in massive ddos attacks and cloud based mitigations
A survey of trends in massive ddos attacks and cloud based mitigations
 
Check Point Ddos protector
Check Point Ddos protectorCheck Point Ddos protector
Check Point Ddos protector
 
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili SaghafiComputer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
Computer Security Cyber Security DOS_DDOS Attacks By: Professor Lili Saghafi
 
Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018Atelier Technique ARBOR NETWORKS ACSS 2018
Atelier Technique ARBOR NETWORKS ACSS 2018
 
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence WebinarEnhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
Enhancing Your Security Infrastructure with Infoblox Threat Intelligence Webinar
 
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDCThe Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
The Morphing DDoS and Bot Landscape: Featuring Guest Speaker from IDC
 
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense StrategyBKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
BKNIX Peering Forum 2017 : DDoS Attack Trend and Defense Strategy
 
ddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdfddos-protector-customer-presentation.pdf
ddos-protector-customer-presentation.pdf
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
 
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDCDefending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
Defending Threats Beyond DDoS Attacks: Featuring Guest Speaker from IDC
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

DNS Security Presentation ISSA

  • 1. Domain Name System (DNS) Network Security Asset or Achilles Heel? Srikrupa Srivatsan, Sr. Product Marketing Manager, Infoblox September 19, 2014 1 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 2. Agenda • What is DNS and How Does it Work? • Threat Landscape Trends • Common Attack Vectors ̶ Anatomy of an attack: DNS Hijacking ̶ Anatomy of an attack: Reflection Attack ̶ Anatomy of an attack: DNS DDoS • How To Protect Yourself? • Q & A 3 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 3. What is the Domain Name System (DNS)? • Address book for all of internet • Translates “google.com” to 173.194.115.96 • Invented in 1983 by Paul Mokapetris (UC Irvine) Without DNS, The Internet & Network Communications Would Stop 4 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 4. How Does DNS Work? 5 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. ISP DNS SERVER ROOT DNS SERVER WWW.GOOGLE.COM 173.194.115.96 “I need directions to www.google.com” “That domain is not in my server, I will ask another DNS Server” “That’s in my cache, it maps to: 173.194.115.96 “Great, I’ll put that in my cache in case I get another request” 173.194.115.96 “Great, now I know how to get to www.google.com”
  • 5. For Bad Guys, DNS Is a Great Target DNS is the cornerstone of the Internet used by every business/ Government 6 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. DNS is fairly easy to exploit Traditional protection is ineffective against evolving threats DNS Outage = Business Downtime
  • 6. The Rising Tide of DNS Threats Are You Prepared? In the last year alone there has been an increase of 200% DNS attacks1 7 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. 58% DDoS attacks1 With possible amplification up to 100x on a DNS attack, the amount of traffic delivered to a victim can be huge 28M Pose a significant threat to the global network infrastructure and can be easily utilized in DNS amplification attacks2 33M Number of open recursive DNS servers2 2M With enterprise level businesses receiving an average of 2 million DNS queries every single day, the threat of attack is significant 1. Quarterly Global DDoS Attack Report, Prolexic, 1st Quarter, 2013 2. www.openresolverproject.org
  • 7. The Rising Tide of DNS Threats ? DNS attacks are rising for 3 reasons: 2 Asymmetric amplification 3 High-value target 8 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Countries of origin for the most DDoS attacks in the last year China US Brazil Russia France India Germany Korea Egypt Taiwan 1 Easy to spoof
  • 8. The Rising Tide of DNS Threats Financial impact is huge The average loss for a 24-hour outage from a DDoS attack3 Avg estimated loss per DDoS event in 20123 -$7.7M -$13.6M 9 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Financial services Technology Government company -$17M 42% Enterprise 29% Commerce Financial Services Business Services 13% 21% 2% Healthcare 1% Automotive 5% Miscellaneous 5% Public Sector 17% Media & Entertainment 7% High Tech Consumer Goods 2% 5% Hotels 22% Retail Top Industries Targeted4 $27 million 3. Develop A Two-Phased DDoS Mitigation Strategy, Forrester Research, Inc. May 17, 2013 4. State of the Internet, Akamai, 2nd Quarter, 2013
  • 9. DNS Attack Vectors 10 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 10. The DNS Security Challenges 1 Securing the DNS Platform Defending Against DNS Attacks DDoS / Cache Poisoning 2 3 Preventing Malware from using DNS 11 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 11. Anatomy of an Attack Syrian Electronic Army 12 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 12. Anatomy of an Attack Distributed Reflection DoS Attack (DrDoS) 13 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. How the attack works Internet Attacker Target Victim Combines reflection and amplification Uses third-party open resolvers in the Internet (unwitting accomplice) Attacker sends spoofed queries to the open recursive servers Uses queries specially crafted to result in a very large response Causes DDoS on the victim’s server
  • 13. Anatomy of an Attack DNS DDoS For Hire • DDoS attacks against major U.S financial institutions • Launching (DDoS) taking advantage of Server bandwidth • 4 types of DDoS attacks: ̶ DNS amplification, ̶ Spoofed SYN, ̶ Spoofed UDP ̶ HTTP+ proxy support • Script offered for $800 14 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 14. The Rising Tide of DNS Threats 15 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Top 10 DNS attacks DNS amplification: Use amplification in DNS reply to flood victim Protocol anomalies: Malformed DNS packets causing server to crash DNS hijacking: Subverting resolution of DNS queries to point to rogue DNS server Reconnaissance: Probe to get information on network environment before launching attack Fragmentation: Traffic with lots of small out of order fragments TCP/UDP/ICMP floods: Flood victim’s network with large amounts of traffic DNS cache poisoning: Corruption of a DNS cache database with a rogue address DNS tunneling: Tunneling of another protocol through DNS for data ex-filtration DNS based exploits: Exploit vulnerabilities in DNS software DNS reflection/DrDos: Use third party DNS servers to propagate DDoS attack
  • 15. Protection Best Practices 16 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 16. Help Is On the Way! 17 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Collaboration Dedicated Appliances Monitoring DNSSEC RPZ Advanced DNS Protection
  • 17. Get the Teams Talking – Questions to Ask: • Who in your org is responsible for DNS Security? • What methods, procedures, tools do you have in place to detect and mitigate DNS attacks? • Would you know if an attack was happening, would you know how to stop it? Network Team 18 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Security Team IT Apps Team IT OPS Team
  • 18. Hardened DNS Appliances Conventional Server Approach Hardened Appliance Approach 19 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..  Dedicated hardware with no unnecessary logical or physical ports  No OS-level user accounts – only admin accts  Immediate updates to new security threats  Secure HTTPS-based access to device management  No SSH or root-shell access  Encrypted device to device communication Multiple Open Ports – Many open ports subject to attack – Users have OS-level account privileges on server – Requires time-consuming manual updates Limited Port Access Update Secure Service Access 19
  • 19. Monitoring & Alert on Aggregate Query Rate 20 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 20. DNSSEC • Fixes Kaminsky Vulnerability • DNS Security Extensions • Uses public key cryptography to verify the authenticity of DNS zone data (records) ̶ DNSSEC zone data is digitally signed using a private key for that zone ̶ A DNS server receiving DNSSEC signed zone data can verify the origin and integrity of the data by checking the signature using the public key for that zone 21 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 21. Advanced DNS Protection 22 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Reporting Server Automatic updates Updated Threat- Intelligence Server Advanced DNS Protection (External DNS) Reports on attack types, severity Legitimate Traffic Advanced DNS Protection (Internal DNS) Data for Reports
  • 22. Response Policy Zones - RPZ Blocking Queries to Malicious Domains An infected device brought into 23 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. the office. Malware spreads to other devices on network. 1 2 3 Malware makes a DNS query to find “home.” (botnet / C&C). DNS Server detects & blocks DNS query to malicious domain Malicious domains DNS Server with RPZ Capability Blocked attempt sent to Syslog Malware / APT 1 2 Malware / APT spreads within network; Calls home 4 Query to malicious domain logged security teams can now identify requesting end-point and attmept remediation RPZ regularly updated with malicious domain data using available reputational feeds 4 Reputational Feed: IPs, Domains, etc. of Bad Servers Internet Intranet 3 2
  • 23. Take the DNS Security Risk Assessment 1. Analyzes your organization’s DNS setup to assess level of risk of exposure to DNS threats 2. Provides DNS Security Risk Score and analysis based on answers given 3. www.infoblox.com/dnssecurityscore Higher score = higher DNS security risk!! 24 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 24. Call to Action • DNS security vulnerabilities pose a significant threat • Raise the awareness of DNS and DNS security vulnerabilities in your organization • There are multitudes of resources available to help • Seek help if needed to protect DNS • Talk to Infoblox 25 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved..
  • 25. Infoblox Overview & Business Update Leader in technology for network control 26 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. ($MM) Founded in 1999 Headquartered in Santa Clara, CA with global operations in 25 countries Market leadership • DDI Market Leader (Gartner) • 50% DDI Market Share (IDC) 7,300+ customers 74,000+ systems shipped 46 patents, 27 pending IPO April 2012: NYSE BLOX Total Revenue (Fiscal Year Ending July 31) $35.0 $56.0 $61.7 $102.2 $132.8 $169.2 $225.0 $250 $200 $150 $100 $50 $0 FY2007 FY2008 FY2009 FY2010 FY2011 FY2012 FY2013
  • 26. IT Analyst Validation • Gartner: “usage of a commercial DDI solution can reduce (network) OPEX by 50% or more.” • IDC: Infoblox is the only major DDI vendor to gain market share over the past three years. • Gartner: “Infoblox is the DDI market leader in terms of mainstream brand awareness.” 27 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Worldwide DDI Market Share – 2013
  • 27. 28 © 2013 Infoblox | 20134 IInc.. Allll Riightts Reserrved.. Q&A

Editor's Notes

  1. Networks are constantly being exploited using DNS for a variety of criminal purposes today. DNS is the cornerstone of the internet and attackers know that DNS is a high-value target. Without their DNS functioning properly, enterprises cannot conduct business online. DNS protocol is stateless which means attackers also cannot be traced easily. The DNS protocol can be exploited easily. It is easy to craft DNS queries that can cause the DNS server to crash or respond with a much amplified response that can congest the bandwidth. The queries can be spoofed which means attackers can direct huge amounts of traffic to its victim with the help of unsuspecting accomplices. (open resolvers on the internet) Traditional protection like firewalls leave port 53 open and don’t do much in terms of preventing DNS attacks. All these reasons make the DNS an ideal attack target.
  2. DNS Firewall – Case Study Example – SEA (Syrian Electronic Army) August 27th, 2013 SEA hacked the DNS registries for NY Times & Twitter at a Service Provider in Australia. The hack redirected users to SEA-controlled websites which contained malware. Infoblox DNS Firewall and its Subscription service helped protect our customers during this attack.
  3. --Results in a large amount of data to be sent to the victim’s IP address --Uses multiple such open resolvers, often thousands of servers
  4. The idea of controlling multiple, high-bandwidth empowered servers for launching DDoS attacks, compared to, for instance, controlling hundreds of thousands of malware-infected hosts, has always tempted cybercriminals to ‘innovate’ and seek pragmatic ‘solutions’ in order to achieve this particular objective. Among the most recent high profile example utilizing this server-based DDoS attack tactic is Operation Ababil, or Izz ad-Din al-Qassam a.k.a Qassam Cyber Fighters attacks against major U.S financial institutions, where the use of high-bandwidth servers was utilized by the attackers. This indicates that wishful thinking often tends to materialize. In this slide we’ll take a peek inside what appears to be a command and control PHP script in its early stages of development, which is capable of integrating multiple (compromised) servers for the purpose of launching distributed denial of service attacks (DDoS) taking advantage of their bandwidth. Currently, the PHP script supports four types of DDoS attack tactics, namely DNS amplification, spoofed SYN, spoofed UDP, and HTTP+proxy support. The script also acts as a centralized command and control management interface for all the servers where it has been (secretly) installed on. It’s currently offered for $800. Just like we’ve seen in numerous other cybercrime-friendly underground market releases, in this case, the author of the PHP script is once again forwarding the responsibility for its use to potential customers, and surprisingly, in times when fake scanned IDs continue getting systematically abused by cybercriminals, is expressing his trust in the user legitimization methods applied by his payment processor of choice – WebMoney.
  5. IN recent surveys, it turns out that there is no clear ownership of DNS security – mostly due to lack of awareness. The security teams see DNS as the Networking team’s responsibility, but networking teams are often looking to security teams for risk mitigation. Unclear roles and responsibilities cause the first layer of vulnerabilities…
  6. Port 53 – Domain Name System (DNS) Port 25 – Simple Mail Transfer Protocol (SMTP) -- Email Port 80 – HTTP -- Web Port 110 – Post Office Protocol (POP3) Port 1503 – Windows Live Messenger Port 1801 – Microsoft Messaging Dedicated hardware with no extraneous ports open for attack. No association with enterprise domain logins or passwords, only admin login rights, no user rights even available Immediate updates to new security threats. Encryption based transactions to manage appliance.
  7. The Adv Appliance can sit on the Grid. Now let’s see the Advanced DNS Protection in action. Regular GRID appliances like the GRID master and the reporting server sit on the GRID Let’s assume we have two Advanced Appliances, one external authoritative and the other functioning as an internal recursive server. DNS attacks come interspersed with legitimate DNS traffic at the external authoritative server. Advanced DNS Protection pre-processes the requests to filter out attacks It responds to legitimate DNS requests The attack types and patterns are sent to Infoblox Reporting server When Infoblox detects new threats, it creates rules and updates the Advanced Appliance. The rule updates are propagated to other Advanced Appliances on the Grid.
  8. Infoblox DNS Firewall – How does it work? 1. An infected mobile device is brought into the office. Upon connection, the malware starts to spread to other devices on the network. 2. The malware makes a DNS query for “bad” domain to find “home.” The DNS Firewall has the “bad” domain in its table and blocks the connection. 3. The DNS Server is continually updated by a reputational data feed service to reflect the rapidly changing list of malicious domains. 4. Infoblox Reporting provides list of blocked attempts as well as the IP address MAC address Device type (DHCP fingerprint) Host Name DHCP Lease history (on/off network) 5. Reputation data comes from: Infoblox DNS Firewall Subscription Service – blocking data on domains and IP addresses from 35+ sources throughout the world. Geo-blocking also apart of the service as well Infoblox DNS Firewall – FireEye Adapter – APT malware domains and IP addresses to be blocked communicated to DNS Firewall from from FireEye NX Series.
  9. This is a new Security Risk Assessment you can point your customers to any time. It’s on the external web site and customers such as Pep Boys, Twitter, and K-Mart have run assessments. Some major observations about customers in this context: Most don’t perform any security analysis on DNS traffic No team or person chartered with looking specifically at DNS security For those with on-premise external DNS servers no knowledge of how to handle DNS-based DDoS attacks Most of them use conventional DNS services (Microsoft or BIND) Possibly other services running on them Lots of open ports (security risks)
  10. DNS is critical infrastructure & not well understood DNS attacks are on the rise Traditional approaches are not sufficient There are a lot of good resources and technologies to help you protect DNS
  11. Infoblox is not a start-up. The company was started more than a dozen years ago – our technology is mature and field proven The company HQ is in the heart of Silicon Valley with global operations in all major geographies – We do business in 3 regions (Americas, EMEA, APJ) We have sales, support and development operations in 25 countries and we do business in over 70 countries around the world Infoblox makes essential technology to control networks – we’ll dig into that a bit later in the We are a market leader in the space that we serve – with Strong Positive ratings from Gartner (3 years in a row) and 40% market share (Note: Gartner Market Scope and market share stat is specific to DDI) Infoblox has a massive customer base – our latest count is 6,900 different companies- we have shipped 64,000 systems We are innovative, with a formal patent program for our employees. As of right now we own 32 patents and 25 more pending Last but not least – the company did a successful IPO in April 2012. We now share our financial results publicly – which can be seen on the right.