Photo by Abbas Tehrani on Unsplash

Photo by Abbas Tehrani on Unsplash

Employing DNS in network security

Revealing Traces

Article from ADMIN 70/2022
A holistic approach to designing network architecture and cybersecurity uses DNS for cyber defense to detect attacks at an early stage and fend them off before major damage takes place.

The corporate network has long ceased to be a single perimeter with branch offices connected to the outside world by the Internet. In the growing network jungle, however, an overall perspective is often difficult to maintain, which is why dividing the network into individual silos to give it structure seems tempting at first glance. This approach would definitely be wrong, because thinking in silos causes problems. Most important is the often missing ability to communicate between isolated solutions because a wide variety of security tools are implemented in the silos – and usually more than one.

Next-generation firewalls, web gateways, email security, endpoint security – the security solutions in the individual sectors are often piled up on top of one another. The unintended consequence of this strategy is that communication between the individual systems is poor, and often even incorrect. For example, if interfaces are not configured correctly, the security tools can trigger false or duplicate alerts among themselves, overwhelming what are already overburdened security teams. However, the tool for achieving a unified, comprehensive view of your network already exists – the Domain Name System (DNS). After all, as the hub of communications on the Internet, DNS can be the heart of integrated network management and security.

More Is Not Always Better

In IT departments, when workflows are not fully covered by just one security tool, communication interfaces need to be kept as up-to-date as possible at all times, and employees need to be constantly trained in the use of the many tools. These resources could be put to better use elsewhere. This problem is even more pronounced in large enterprises, which can be geographically widespread and might be working on restructuring such as mobile use, a multicloud rollout, or software-as-a-service (SaaS) and software-defined (SD)-WAN

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus