Proactive Network Protection Through DNS Security Insights

Exploring proactive network protection methods using DNS, security challenges, botnet threats, firewall management, malware controls, and DNS-based malware control. Discussions on DNS security vulnerabilities, DNSSEC, threat intelligence, machine learning, and best practices like RPZ for DNS protection against malicious activities like phishing, spam, and botnets. Emphasizing the importance of DNS-based security measures in combating evolving cyber threats and ensuring network resilience and integrity.

• DNS Security
• Network Protection
• Botnet Threats
• Malware Controls
• Cybersecurity

rserv Follow

Uploaded on Oct 01, 2024 | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. Proactive Network Protection Through DNS S. Alireza Vaziri

2. Today Security Challenges Methods of Network Protection DNS and DNSSEC Agenda DNS RPZ Threat Intelligence Machine Learning Classifier

3. Alireza Vaziri Me Network Engineer Security Practitioner

4. Botnets Today s Headache Spams Phishing

5. Worst Botnet Countries

6. Firewall IDPS Antivirus Patch Management Technical Malware Controls Are we secure? NO!

7. Resource Hungry RIP DPI Everything is Encrypted Polymorphic Malwares

8. NetFlow Based Botnet Detection Flow Based Analysis on malware traffic Machine Learning based prediction

9. afobal.cl alvoportas.com.br bestdove.in.ua blogerjijer.pw Malware Distribution URLs bright.su dau43vt5wtrd.tk domnicpeter.in.net dzitech.net fadzulani.com hruner.com

11. Fast DNS-Based Malware Control Cheap Easy to deploy

12. Stateless Query DNS is vulnerable by design Easy to hijack No integrity check RFC 3833

13. Answers are signed DNSSEC Resolver check integrity

14. Zone being updated periodically Check Query and Response for malicious records DNS RPZ (Response Policy Zone) Return bad domains with NXDOMAIN Redirect user to custom page Block C&C, Phishing, Malware

15. response-policy { zone "rpz"; }; $TTL 300 @ IN SOA localhost. need.to.know.only. ( 201802121 ; Serial number 60 ; Refresh every minute 60 ; Retry every minute 432000 ; Expire in 5 days 60 ) ; negative caching 1 minute IN NS LOCALHOST. BIND RPZ example.com *.example.com IN CNAME . IN CNAME .

16. Quad9 OpenDNS CloudFlare DNS Success Stories

18. Automatic Multiple Source (Blacklists) Zone Update Manually added hosts AXFR/IXFR

19. Local Threat Intelligence Detecting New Malicious Domain Holding Reputation Score (ASN, IP, Domain)

20. Alexa Rank Google Page Rank Number of subdomain Background Check Number of and . Domain age in WHOIS PTR record ASN

21. Shaparak.ir Protect Top Hosts from Phishing Bankmellat.ir Bmi.ir Tamin.ir

22. Used in Google search Fuzzy Logic

23. Dataset from Phishtank and RBLs Machine Learning Domain Background Check Train and Test data

24. Blacklist fetching Add new domains to list Fetch Extra Data Procedure Check DNS logs Train ML model

25. Domain Type Trusted Malicious Dataset 1000 700 KNN Classifier KNN 10 6 Train/Test 50/50 50/50 Accuracy 85.7% 82.2%

26. DNS RPZ is not a total solution (Domain Fronting) What is missing? RPZ cannot control direct IP connectivity RPZ cannot control URLs

27. Public Threat Intelligence feed What do we need? STIX, TAXII, CybOX Public Resolver Shadowserver

28. Publish https://github.com/aliereza/MLDNS

29. Questions?