We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAyden Gallup
Modified about 1 year ago
Domain Name System (DNS) Network Security Asset or Achilles Heel? Seema Kathuria, Sr. Product Marketing Manager, Infoblox February 19, 2015
Session Overview/Speaker Info © 2015 Infoblox Inc. All Rights Reserved.2 Domain Name System (DNS) – Network Security Asset or Achilles Heel? Speaker: Seema Kathuria Session Abstract: The DNS is a key building block of the Internet which is fast becoming one of the top-rated vectors for external (“outside-in”) attacks on the infrastructure and internal (“inside out”) attacks from malware. Most IT professionals know very little about the DNS and, subsequently, have done little to protect this critical asset. This session will discuss common vulnerabilities and attack surfaces, different types of DNS threat vectors, and security strategies/techniques to mitigate for this oft ignored security threat to network architecture. If built into a project plan from inception, the right network architecture can be designed to protect against the multitude of DNS attack vectors. Speaker Bio: Seema has 10 years of experience in technology product marketing at various technology and network security companies, including Check Point Software and Imperva. Currently, she is responsible for product messaging and positioning, competitive intelligence, and bringing to market Infoblox’s Secure DNS solutions that protect critical network infrastructure. Seema is responsible for creating market awareness on DNS security through thought leadership assets, presentations at security trade shows, and customer events. Immediately prior to Infoblox, Seema led product marketing and sales enablement activities at Juniper Networks for its high-end firewall and threat intelligence security solutions.
Agenda © 2015 Infoblox Inc. All Rights Reserved.3 How to Protect Yourself? -Anatomy of an attack: DNS Hijacking -Anatomy of an attack: Reflection Attack -Anatomy of an attack: Data Exfiltration via DNS Tunneling Common Attack Vectors What is DNS and How Does It Work? Q&A Threat Landscape Trends
What is the Domain Name System (DNS)? © 2015 Infoblox Inc. All Rights Reserved.4 Address book for The Internet Translates “google.com” to Invented in 1983 by Paul Mokapetris (UC Irvine) DNS Outage = Business Downtime Without DNS, The Internet & Network Communications Would Stop
How Does DNS Work? © 2015 Infoblox Inc. All Rights Reserved.5 ISP DNS SERVER ROOT DNS SERVER “I need directions to “That domain is not in my server, I will ask another DNS Server” “That’s in my cache, it maps to: “That’s in my cache, it maps to: “Great, I’ll put that in my cache in case I get another request” “Great, now I know how to get to
For Bad Guys, DNS Is a Great Target © 2015 Infoblox Inc. All Rights Reserved.6 DNS is the cornerstone of the Internet used by every business and government DNS as a protocol is easy to exploit DNS Outage = Business Downtime Traditional protection is ineffective against evolving threats
Defense-in-Depth and DNS Security Gap © 2015 Infoblox Inc. All Rights Reserved.7 Firewalls and IDS/IPS devices don’t effectively address DNS security threats Proliferation of BYOD devices, mobile users means threats may be inside the firewall DNS technology is ideal for defending against threats and disrupting APT/malware communications from infected devices Traditional security products generally don’t focus on DNS DNS security layer needed to fill gap
The DNS Security Challenges © 2015 Infoblox Inc. All Rights Reserved.8 Defending against DNS attacks including data exfiltration via DNS tunneling 2 Preventing malware from using DNS to communicate to malicious domains 3 Securing the DNS platform 1
DNS Attack Vectors © 2015 Infoblox Inc. All Rights Reserved.9
Anatomy of an Attack © 2015 Infoblox Inc. All Rights Reserved.10 Syrian Electronic Army
Anatomy of an Attack © 2015 Infoblox Inc. All Rights Reserved.11 Distributed Reflection DoS Attack (DrDoS) How the attack works Attacker Internet Spoofed Queries Open Recursive Servers Amplified Reflected Packets Target Victim Combines reflection and amplification Uses third-party open resolvers in the Internet (unwitting accomplice) Attacker sends spoofed queries to the open recursive servers Uses queries specially crafted to result in a very large response Causes DDoS on the victim’s server
Anatomy of an Attack © 2015 Infoblox Inc. All Rights Reserved.12 Data Exfiltration via DNS Tunneling 1.File containing sensitive info converted to text, broken into chunks and exfiltrated via DNS 2.Exfiltrated data put back together and decrypted to get the valuable information 3.Used spoofed addresses
The Rising Tide of DNS Threats © 2015 Infoblox Inc. All Rights Reserved.13 Are You Prepared? DNS Top attacks DNS amplification: Use amplification in DNS reply to flood victim TCP/UDP/ICMP floods: Flood victim’s network with large amounts of traffic Protocol anomalies: Malformed DNS packets causing server to crash DNS cache poisoning: Corruption of a DNS cache database with a rogue address DNS hijacking: Subverting resolution of DNS queries to point to rogue DNS server DNS tunneling: Tunneling of another protocol through DNS for data ex-filtration Reconnaissance: Probe to get information on network environment before launching attack DNS based exploits: Exploit vulnerabilities in DNS software Fragmentation: Traffic with lots of small out of order fragments DNS reflection/DrDos: Use third party DNS servers to propagate DDoS attack NXDOMAIN: Flood DNS server with requests for non-existent domains Phantom Domain: Force DNS server to resolve multiple non-existent domains and wait for responses
APT/Malware Examples © 2015 Infoblox Inc. All Rights Reserved.14 CryptoLocker “Ransomware” and GameOver Zeus CryptoLocker: Targets Windows-based computers Appears as attachment within seemingly legitimate Upon infection, encrypts files: local hard drive and mapped network drives Ransom: 72 hours to pay $300USD If not paid, encryption key deleted and data irretrievable Only way to stop (after executable has started) is by blocking outbound connection to encryption server GameOver Zeus: 500,000 to 1M infections worldwide Hundreds of millions of dollars stolen Highly sophisticated and hard to track Uses P2P communication to control infected devices or botnet Upon infection, it monitors machine for finance-related information Takes control of private online transactions and diverts funds to criminal accounts Responsible for distribution of CryptoLocker, and infected systems can be used for DDoS attacks
Security Breaches using APTs/Malware © 2015 Infoblox Inc. All Rights Reserved.15 Q4 Q Q2 Q1
Protection Best Practices © 2015 Infoblox Inc. All Rights Reserved.16
Help Is On The Way! © 2015 Infoblox Inc. All Rights Reserved.17 Collaboration Dedicated Appliances Monitoring DNSSEC RPZ Advanced DNS Protection
Get the Teams Talking – Questions to Ask: © 2015 Infoblox Inc. All Rights Reserved.18 Who in your organization is responsible for DNS Security? What methods, procedures, tools do you have in place to detect and mitigate DNS attacks? Would you know if an attack was happening? Would you know how to stop it? Network Team Security Team IT Apps Team IT OPS Team
Hardened DNS Appliances © 2015 Infoblox Inc. All Rights Reserved.19 Dedicated hardware with no unnecessary logical or physical ports No OS-level user accounts—only admin accts Immediate updates to new security threats Secure HTTPS-based access to device management No SSH or root-shell access Encrypted device-to-device communication –Many open ports are subject to attack –Users have OS-level account privileges on server –Requires time-consuming manual updates Conventional Server ApproachHardened Appliance Approach Multiple Open Ports Limited Port Access Update Service Secure Access
Advanced DNS Protection © 2015 Infoblox Inc. All Rights Reserved.20 Reporting Server Automatic updates Updated Threat- Intelligence Server Advanced DNS Protection (External DNS) Reports on attack types, severity Amplification Cache Poisoning Legitimate Traffic Reconnaissance DNS Exploits Advanced DNS Protection (Internal DNS) Rules distribution Data for Reports
© 2015 Infoblox Inc. All Rights Reserved.21 An infected device brought into the office. Malware spreads to other devices on network. 123 Malware makes a DNS query to find “home” (botnet / C&C). DNS Server looks at the DNS response and blocks the connection to the malicious domain. Malicious domains DNS Server with RPZ capability Blocked communication attempt sent to Syslog Malware / APT 12 Malware / APT spreads within network; Calls home 4 Query to malicious domain logged; security teams can now identify requesting endpoint and attempt remediation RPZ regularly updated with malicious domain data using available reputational feeds 4 Reputational Feed: IPs, Domains, etc. of Bad Servers Internet Intranet 32 Response Policy Zones - RPZ Blocking Responses from Malicious Domains
Take the DNS Security Risk Assessment © 2015 Infoblox Inc. All Rights Reserved.22 1.Analyzes your organization’s DNS setup to assess level of risk of exposure to DNS threats 2.Provides DNS Security Risk Score and analysis based on answers given 3.www.infoblox.com/dnssecurityscorewww.infoblox.com/dnssecurityscore Higher score = higher DNS security risk!!
© 2015 Infoblox Inc. All Rights Reserved.23 Try DNS Firewall Virtual Evaluation Use DNS to Find Malware/APT Lurking in Your Network Two options: Port Span and Standalone No hardware (100% virtual) Non-disruptive to production network 60-day trial See Malware/APT activity with reports
Call to Action © 2015 Infoblox Inc. All Rights Reserved.24 DNS security vulnerabilities pose a significant threat Raise the awareness of DNS and DNS security vulnerabilities in your organization There are many resources available to help Seek help if needed to protect DNS Talk to Infoblox
Infoblox Overview © 2015 Infoblox Inc. All Rights Reserved.25 Founded in 1999 Headquartered in Santa Clara, CA with global operations in 25 countries Market leadership DDI market leader (Gartner) 50% DDI market share (IDC) 7,000+ customers 74,000+ systems shipped to 100 countries 45 patents, 27 pending IPO April 2012: NYSE BLOX Leader in technology for network control 32% CAGR $MM Total Revenue (Fiscal Year Ending July 31)
IT Analyst Validation © 2015 Infoblox Inc. All Rights Reserved.26 Gartner: “usage of a commercial DDI solution can reduce (network) OPEX by 50% or more.” IDC: Infoblox is the only major DDI vendor to gain market share over the past three years. Gartner: “Infoblox is the DDI market leader in terms of mainstream brand awareness.” Worldwide DDI Market Share – 2013
© 2015 Infoblox Inc. All Rights Reserved.27
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Domain Name System (DNS) Network Security Asset or Achilles.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Securing DNS Infrastructure Matt Gowarty | Senior Product Marketing.
1 | © 2013 Infoblox Inc. All Rights Reserved. Securing DNS Infrastructure Srikrupa Srivatsan | Senior Product Marketing Manager August 2014.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2015 Infoblox Inc. All Rights Reserved. CONFIDENTIAL DNS Security with AntiDDoS and AntiMalware for.
1 | © 2013 Infoblox Inc. All Rights Reserved. Protecting Critical Network Infrastructure Krupa Srivatsan | Senior Product Marketing Manager January 2014.
1 | © 2013 Infoblox Inc. All Rights Reserved. 1 | © 2014 Infoblox Inc. All Rights Reserved. Securing DNS Infrastructure Steven Barber | Principle Sales.
© 2011 Infoblox Inc. All Rights Reserved. Infoblox – control, secure & automate Mike Carroll.
1 | © 2013 Infoblox Inc. All Rights Reserved. Securing External & Internal DNS Edward O’Connell | Sr. Product Marketing Manager February 2014.
1 | © 2013 Infoblox Inc. All Rights Reserved. Logicalis Breakfast Briefing Ceire McQuaid and Gary Cox – Network Discovery and DNS Security 10 th July 2014.
Protecting Against Cyber Attacks PLEASE TAKE A MINUTE TO LOOK AT THIS IMPORTANT MESSAGE. THIS IS HAPPENING HERE AND NOW! LET US SAVE YOU AND YOUR INFORMATION.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Review iClickers. Ch 1: The Importance of DNS Security.
FINANCIAL SECTOR CYBER ATTACKS MALWARE TYPES & REMEDIATION BEST PRACTICES Prepared by: Elias Diab President and CEO, Infotechglobe Cyber Security Solutions.
Managing and Securing Endpoints Bruce Hotte Chief Information Officer Jeff Swan Network Supervisor The definition of “endpoint” used to be simple: a.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
1 | © 2013 Infoblox Inc. All Rights Reserved. Authoritative IP Address Management (IPAM) and its Security Implications Rick Bylina, Sr. Product Marketing.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
Palo Alto Networks Jay Flanyak Channel Business Manager
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Dell Connected Security Solutions Simplify & unify.
Enterprise’ Ever-Evolving Challenge & Constraints Dealing with BYOD Challenges Enable Compliance to Regulations Stay Current with New Consumption Models.
Network security Product Group 2 McAfee Network Security Platform.
The Changing World of Endpoint Protection Hashem El Telawi October 2015.
Jeong, Hyun-Cheol. 2 Contents DDoS Attacks in Korea 1 1 Countermeasures against DDoS Attacks in Korea Countermeasures against DDoS Attacks in.
* Agenda What is the DNS ? Poisoning the cache Short term solution Long term solution.
Supplied on \web site. on January 10 th, 2008 Customer Security Management Reducing Internet fraud June 1 st, 2008 eSAC Walk Thru © Copyright Prevx Limited.
APA of Isfahan University of Technology In the name of God.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
DoS/DDoS attack and defense Nguyen Tien Thanh. Outline Denial of Service attack – Introduction – Impact of DoS attack – DoS attack types (ping flood,
1 COPYRIGHT © 2015 ALCATEL-LUCENT. ALL RIGHTS RESERVED. Cognitive Security: Security Analytics and Autonomics for Virtualized Networks Lalita Jagadeesan.
© 2013 Infoblox Inc. All Rights Reserved. Paul UKNOF 26 – 13 Sep 2013, London Paul Ebersman.
An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –
Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.
SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
Common forms and remedies Neeta Bhadane Raunaq Nilekani Sahasranshu.
© A10 Networks, Inc. Distributed Prevention of DoS Collaboration is key.
© 2017 SlidePlayer.com Inc. All rights reserved.