Photo by Abbas Tehrani on Unsplash

Photo by Abbas Tehrani on Unsplash

Employing DNS in network security

Revealing Traces

Article from ADMIN 70/2022
By
A holistic approach to designing network architecture and cybersecurity uses DNS for cyber defense to detect attacks at an early stage and fend them off before major damage takes place.

The corporate network has long ceased to be a single perimeter with branch offices connected to the outside world by the Internet. In the growing network jungle, however, an overall perspective is often difficult to maintain, which is why dividing the network into individual silos to give it structure seems tempting at first glance. This approach would definitely be wrong, because thinking in silos causes problems. Most important is the often missing ability to communicate between isolated solutions because a wide variety of security tools are implemented in the silos – and usually more than one.

Next-generation firewalls, web gateways, email security, endpoint security – the security solutions in the individual sectors are often piled up on top of one another. The unintended consequence of this strategy is that communication between the individual systems is poor, and often even incorrect. For example, if interfaces are not configured correctly, the security tools can trigger false or duplicate alerts among themselves, overwhelming what are already overburdened security teams. However, the tool for achieving a unified, comprehensive view of your network already exists – the Domain Name System (DNS). After all, as the hub of communications on the Internet, DNS can be the heart of integrated network management and security.

More Is Not Always Better

In IT departments, when workflows are not fully covered by just one security tool, communication interfaces need to be kept as up-to-date as possible at all times, and employees need to be constantly trained in the use of the many tools. These resources could be put to better use elsewhere. This problem is even more pronounced in large enterprises, which can be geographically widespread and might be working on restructuring such as mobile use, a multicloud rollout, or software-as-a-service (SaaS) and software-defined (SD)-WAN

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Malware analysis in the sandbox
    In malware analysis, a sandbox can provide insight into the software and its run-time environment. While a sandbox can prevent the execution of malicious code with built-in detection mechanisms, malware developers can use countermeasures to take advantage of those same detection mechanisms.
  • Diving into infrastructure security
    How to deal with threat intelligence on the corporate network when the existing security tools are not effective.
  • Security analysis with Microsoft Advanced Threat Analytics
    Classic security safeguards, like antivirus and firewall products, are imperative for system protection. To search proactively for network intruders, as well, Microsoft offers Advanced Threat Analytics – a tool that will help even less experienced admins.
  • DNS name resolution with HTTPS
    Now that web content is encrypted by HTTPS, the underlying name resolution is often unprotected. We look at the classic DNS protocol and investigate whether DNS over HTTPS could be the solution to ensure the confidentiality of DNS requests.
  • Turla Malware Variant Targets Linux
comments powered by Disqus