Proactive Network Protection Through DNS Security Insights

Slide Note
Embed
Share

Exploring proactive network protection methods using DNS, security challenges, botnet threats, firewall management, malware controls, and DNS-based malware control. Discussions on DNS security vulnerabilities, DNSSEC, threat intelligence, machine learning, and best practices like RPZ for DNS protection against malicious activities like phishing, spam, and botnets. Emphasizing the importance of DNS-based security measures in combating evolving cyber threats and ensuring network resilience and integrity.

rserv
rserv Follow

Uploaded on Oct 01, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Proactive Network Protection Through DNS S. Alireza Vaziri

  2. Today Security Challenges Methods of Network Protection DNS and DNSSEC Agenda DNS RPZ Threat Intelligence Machine Learning Classifier

  3. Alireza Vaziri Me Network Engineer Security Practitioner

  4. Botnets Today s Headache Spams Phishing

  5. Worst Botnet Countries

  6. Firewall IDPS Antivirus Patch Management Technical Malware Controls Are we secure? NO!

  7. Resource Hungry RIP DPI Everything is Encrypted Polymorphic Malwares

  8. NetFlow Based Botnet Detection Flow Based Analysis on malware traffic Machine Learning based prediction

  9. afobal.cl alvoportas.com.br bestdove.in.ua blogerjijer.pw Malware Distribution URLs bright.su dau43vt5wtrd.tk domnicpeter.in.net dzitech.net fadzulani.com hruner.com

  10. Fast DNS-Based Malware Control Cheap Easy to deploy

  11. Stateless Query DNS is vulnerable by design Easy to hijack No integrity check RFC 3833

  12. Answers are signed DNSSEC Resolver check integrity

  13. Zone being updated periodically Check Query and Response for malicious records DNS RPZ (Response Policy Zone) Return bad domains with NXDOMAIN Redirect user to custom page Block C&C, Phishing, Malware

  14. response-policy { zone "rpz"; }; $TTL 300 @ IN SOA localhost. need.to.know.only. ( 201802121 ; Serial number 60 ; Refresh every minute 60 ; Retry every minute 432000 ; Expire in 5 days 60 ) ; negative caching 1 minute IN NS LOCALHOST. BIND RPZ example.com *.example.com IN CNAME . IN CNAME .

  15. Quad9 OpenDNS CloudFlare DNS Success Stories

  16. Automatic Multiple Source (Blacklists) Zone Update Manually added hosts AXFR/IXFR

  17. Local Threat Intelligence Detecting New Malicious Domain Holding Reputation Score (ASN, IP, Domain)

  18. Alexa Rank Google Page Rank Number of subdomain Background Check Number of and . Domain age in WHOIS PTR record ASN

  19. Shaparak.ir Protect Top Hosts from Phishing Bankmellat.ir Bmi.ir Tamin.ir

  20. Used in Google search Fuzzy Logic

  21. Dataset from Phishtank and RBLs Machine Learning Domain Background Check Train and Test data

  22. Blacklist fetching Add new domains to list Fetch Extra Data Procedure Check DNS logs Train ML model

  23. Domain Type Trusted Malicious Dataset 1000 700 KNN Classifier KNN 10 6 Train/Test 50/50 50/50 Accuracy 85.7% 82.2%

  24. DNS RPZ is not a total solution (Domain Fronting) What is missing? RPZ cannot control direct IP connectivity RPZ cannot control URLs

  25. Public Threat Intelligence feed What do we need? STIX, TAXII, CybOX Public Resolver Shadowserver

  26. Publish https://github.com/aliereza/MLDNS

  27. Questions?

Related


Understanding DNS Performance and Issues in Information-Centric Networks

Understanding DNS Performance and Issues in Information-Centric Networks

jennli
Understanding Domain Name System (DNS) and Content Distribution Networks (CDNs)

Understanding Domain Name System (DNS) and Content Distribution Networks (CDNs)

idecl
Challenges of DNS Centrality in Internet Infrastructure

Challenges of DNS Centrality in Internet Infrastructure

jessic
Understanding Domain Name Service (DNS) in Linux Network Administration

Understanding Domain Name Service (DNS) in Linux Network Administration

teey962
DNS Forensics & Protection: Analyzing and Securing Network Traffic

DNS Forensics & Protection: Analyzing and Securing Network Traffic

hanish
Understanding Network Security Fundamentals

Understanding Network Security Fundamentals

chae_220
Understanding DNS Flag Day and EDNS: A Comprehensive Overview

Understanding DNS Flag Day and EDNS: A Comprehensive Overview

tri_m
DNS Testing and Signatures Rollover Analysis

DNS Testing and Signatures Rollover Analysis

naif959
Roadmap for DNS Load Balancing Service at CERN - HEPiX Autumn 2020 Workshop

Roadmap for DNS Load Balancing Service at CERN - HEPiX Autumn 2020 Workshop

norbert
Automating DNS Maintenance with Catalog Zones: A New Approach

Automating DNS Maintenance with Catalog Zones: A New Approach

kkai
Understanding the Domain Name System (DNS) Structure

Understanding the Domain Name System (DNS) Structure

paj
Understanding DNS Centrality: The Internet's Core Challenge

Understanding DNS Centrality: The Internet's Core Challenge

aren_ete
Improving DNS Security with KINDNS Best Practices

Improving DNS Security with KINDNS Best Practices

ceis
Understanding BIND DNS Security Vulnerabilities and Configuration

Understanding BIND DNS Security Vulnerabilities and Configuration

taki_11
Understanding DNS Replication with BIND9

Understanding DNS Replication with BIND9

rtoa
Unveiling IBDNS: The Intentionally Broken DNS Server

Unveiling IBDNS: The Intentionally Broken DNS Server

nabi_611
Understanding Domain Names for Authoritative DNS Servers

Understanding Domain Names for Authoritative DNS Servers

asy_mar
Understanding Factors in Country Names and DNS Confusion

Understanding Factors in Country Names and DNS Confusion

lil_lie
Proactive Leadership and Quality Management Insights

Proactive Leadership and Quality Management Insights

evon_323
IPv6 Security and Threats Workshop Summary

IPv6 Security and Threats Workshop Summary

lori_4
Understanding Security Onion: Network Security Monitoring Tools

Understanding Security Onion: Network Security Monitoring Tools

sadhbh
Understanding DNS Firewall Architecture at Virginia Tech

Understanding DNS Firewall Architecture at Virginia Tech

lathyndi
Proactive Security Measures in Wireless Network Design

Proactive Security Measures in Wireless Network Design

lockwood_a
Cyber Threat Detection and Network Security Strategies

Cyber Threat Detection and Network Security Strategies

lilliemae

More Related Content

Upgrade Requirements, Challenges, and Solutions for Same-Server DoT Implementation
Upgrade Requirements, Challenges, and Solutions for Same-Server DoT Implementation
Client Privacy Preservation through Secured DNS - Feisty Forwarders
Client Privacy Preservation through Secured DNS - Feisty Forwarders
Understanding L-Root: An Overview of ICANN DNS Operations
Understanding L-Root: An Overview of ICANN DNS Operations
Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication
Legal Framework on Information Security in the Ministry of Trade, Tourism, and Telecommunication
BCA 601(N): Computer Network Security
BCA 601(N): Computer Network Security
Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University
Comprehensive Course Review: Security Research Cornerstones at Carnegie Mellon University
Understanding Snort: An Open-Source Network Intrusion Detection System
Understanding Snort: An Open-Source Network Intrusion Detection System
Common Framework on Public Health Protection and Health Security in the UK
Common Framework on Public Health Protection and Health Security in the UK
Enhancing Network Security with Software-Defined Snort and OpenFlow
Enhancing Network Security with Software-Defined Snort and OpenFlow
Certified Protection Professional (CPP) Certification Examination Review
Certified Protection Professional (CPP) Certification Examination Review
Exploring Query Name Minimization in DNS Resolution
Exploring Query Name Minimization in DNS Resolution
Understanding BGP and DNS Worms in Network Security
Understanding BGP and DNS Worms in Network Security
DNS Research Federation: Advancing Understanding of Cybersecurity Impact
DNS Research Federation: Advancing Understanding of Cybersecurity Impact
Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill
Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill
Groundskeeping Safety and Personal Protective Equipment Training
Groundskeeping Safety and Personal Protective Equipment Training
Real-Time Data-Driven Network Security Workshop by Joe St. Sauver
Real-Time Data-Driven Network Security Workshop by Joe St. Sauver
Understanding Network Security Vulnerabilities and Attacks
Understanding Network Security Vulnerabilities and Attacks
Country Names in the Domain Name System (DNS)
Country Names in the Domain Name System (DNS)
The Forgotten Side of DNS: Orphan and Abandoned Records
The Forgotten Side of DNS: Orphan and Abandoned Records
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update
Enhancing SWIFT Security Measures for ReBIT: March 2018 Update
Network Slicing with OAI 5G CN Workshop Overview
Network Slicing with OAI 5G CN Workshop Overview
Understanding the Role of Security Champions in Organizations
Understanding the Role of Security Champions in Organizations
Understanding the Roles of a Security Partner
Understanding the Roles of a Security Partner
Progress of Network Architecture Work in FG IMT-2020
Progress of Network Architecture Work in FG IMT-2020