Proactive Network Protection Through DNS Security Insights

Slide Note
Embed
Share

Exploring proactive network protection methods using DNS, security challenges, botnet threats, firewall management, malware controls, and DNS-based malware control. Discussions on DNS security vulnerabilities, DNSSEC, threat intelligence, machine learning, and best practices like RPZ for DNS protection against malicious activities like phishing, spam, and botnets. Emphasizing the importance of DNS-based security measures in combating evolving cyber threats and ensuring network resilience and integrity.


Uploaded on Oct 01, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Proactive Network Protection Through DNS S. Alireza Vaziri

  2. Today Security Challenges Methods of Network Protection DNS and DNSSEC Agenda DNS RPZ Threat Intelligence Machine Learning Classifier

  3. Alireza Vaziri Me Network Engineer Security Practitioner

  4. Botnets Today s Headache Spams Phishing

  5. Worst Botnet Countries

  6. Firewall IDPS Antivirus Patch Management Technical Malware Controls Are we secure? NO!

  7. Resource Hungry RIP DPI Everything is Encrypted Polymorphic Malwares

  8. NetFlow Based Botnet Detection Flow Based Analysis on malware traffic Machine Learning based prediction

  9. afobal.cl alvoportas.com.br bestdove.in.ua blogerjijer.pw Malware Distribution URLs bright.su dau43vt5wtrd.tk domnicpeter.in.net dzitech.net fadzulani.com hruner.com

  10. Fast DNS-Based Malware Control Cheap Easy to deploy

  11. Stateless Query DNS is vulnerable by design Easy to hijack No integrity check RFC 3833

  12. Answers are signed DNSSEC Resolver check integrity

  13. Zone being updated periodically Check Query and Response for malicious records DNS RPZ (Response Policy Zone) Return bad domains with NXDOMAIN Redirect user to custom page Block C&C, Phishing, Malware

  14. response-policy { zone "rpz"; }; $TTL 300 @ IN SOA localhost. need.to.know.only. ( 201802121 ; Serial number 60 ; Refresh every minute 60 ; Retry every minute 432000 ; Expire in 5 days 60 ) ; negative caching 1 minute IN NS LOCALHOST. BIND RPZ example.com *.example.com IN CNAME . IN CNAME .

  15. Quad9 OpenDNS CloudFlare DNS Success Stories

  16. Automatic Multiple Source (Blacklists) Zone Update Manually added hosts AXFR/IXFR

  17. Local Threat Intelligence Detecting New Malicious Domain Holding Reputation Score (ASN, IP, Domain)

  18. Alexa Rank Google Page Rank Number of subdomain Background Check Number of and . Domain age in WHOIS PTR record ASN

  19. Shaparak.ir Protect Top Hosts from Phishing Bankmellat.ir Bmi.ir Tamin.ir

  20. Used in Google search Fuzzy Logic

  21. Dataset from Phishtank and RBLs Machine Learning Domain Background Check Train and Test data

  22. Blacklist fetching Add new domains to list Fetch Extra Data Procedure Check DNS logs Train ML model

  23. Domain Type Trusted Malicious Dataset 1000 700 KNN Classifier KNN 10 6 Train/Test 50/50 50/50 Accuracy 85.7% 82.2%

  24. DNS RPZ is not a total solution (Domain Fronting) What is missing? RPZ cannot control direct IP connectivity RPZ cannot control URLs

  25. Public Threat Intelligence feed What do we need? STIX, TAXII, CybOX Public Resolver Shadowserver

  26. Publish https://github.com/aliereza/MLDNS

  27. Questions?

Related


More Related Content