Open DNS resolvers have to be closed ● Open resolvers respond to recursive queries from any host on the Internet ● Amplification DNS attack 2.

Slides:

Advertisements

Similar presentations

TERMINAL SERVER DEPLOYMENT PLAN. STEP 1: PREPARATION  UTILIZE THE CURRENT SERVER FOR: ACTIVE DIRECTORY (AD) ACTIVE DIRECTORY (AD) NEEDED FOR STORAGE.

Advertisements

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Web Server Administration

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

1 Enabling Secure Internet Access with ISA Server.

11 CONFIGURE INTERNET EXPLORER Chapter 5. Chapter 5: Configure Internet Explorer2 CHAPTER OVERVIEW AND OBJECTIVES  Configuring Accessibility and Language.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Chapter Overview Creating Sites and Subnets Configuring Intersite Replication Troubleshooting Active Directory Replication.

Module 3 DNS Types.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Internet Setup in Microsoft Windows Windows Layering Bindings Adding Adapters, Protocols, and Clients TCP/IP Configuration.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

Name Resolution Domain Name System.

Internal NetworkExternal Network. Hub Internal NetworkExternal Network WS.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Windows Server 2008 R2 Domain Name System Chapter 5.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 7: Domain Name System.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.

Chapter 13 Microsoft DNS Server n DNS server: A Microsoft service that resolves computer names to IP addresses, such as resolving the computer name Brown.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Windows Small Business Server 2003 Setting up and Connecting David Overton Partner Technical Specialist.

Installing SME Version 5 –1)Set the computer to boot from the CDRom by changing the BIOS setting. –2)Startup the computer with the CD in the CD drive –3)Type.

Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.

Firewalls. Intro to Firewalls Basically a firewall is a __________to keep destructive forces away from your ________ ____________.

Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Firewall Security.

NUOL Internet Application Services Midterm presentation 22 nd March, 2004.

2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

DNS DNS overview DNS operation DNS zones. DNS Overview Name to IP address lookup service based on Domain Names Some DNS servers hold name and address.

NetTech Solutions Protecting the Computer Lesson 10.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

11.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 11: Introducing WINS, DNS,

(ITI310) By Eng. BASSEM ALSAID SESSIONS 9: Dynamic Host Configuration Protocol (DHCP)

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.

A presentation by John Rowley for IUP COSC 356 Dr. William Oblitey Faculty member in attendance.

IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.

Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia

Swiss NREN protection with DNS RPZ

Firewall Techniques Matt Cupp.

Enabling Secure Internet Access with TMG

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Planning, Configuring, And Troubleshooting WINS.

Securing the Network Perimeter with ISA 2004

Fix Windows Live Mail Error ID 0X

What’s New in Fireware v12.1.1

Information Security Session October 24, 2005

Firewalls Jiang Long Spring 2002.

AbbottLink™ - IP Address Overview

SharePoint services Provides team collaboration through SharePoint Sites and makes it easy for communities to work together on documents, tasks, contacts,

Securing web applications Externally

Presentation transcript:

Open DNS resolvers have to be closed ● Open resolvers respond to recursive queries from any host on the Internet ● Amplification DNS attack 2

Still Open DNS resolvers in NREN – Why? ● Reason offered – users are not aware of danger ●Remedy: have to work on their education, boost collaboration ●Following: reminder + instruction to fix problem on the most popular platform in Serbian NREN i.e. BIND 9.x and Microsoft DNS server on Windows 2003, 2008 ●The expected result did not occur !!! ●Lesson learned – some reasons may stay invisible from NREN’s point of view ● 78% of the persistently open resolvers in our NREN fit to template: ●DNS service on Microsoft platform Windows 2003, 2008 with primary zone file configured for at least one domain ●DNS service is integrated with few other services on the same server ●basic security protection implemented by packet filtering on router on uplink to NREN (caution if high bandwith availabe 1Gbps) ● Reason found out - lack of security DNS feature inherited in platform used at campuses ●Remedy: add another box –DNS server (with option to accept/deny recursive queries based on its ip source address, preferably BIND 9.x) or –firewall (stateful packet inspection) 3

Solution – add DNS server on site ● Option available Disable recursion block all requests 4

Solution – add DNS server at NREN 5

Solution – add firewall 6

Reasons of slow changes One vendor choice (Microsoft solution) has been already made Not easy to maintain just one “very different” box Hard to accept to outsource such an successfully provided and old service Preferable – the matter of very modest budget available in most institutions ● Option to wait on Microsoft to add appropriate feature in its platforms - It is not solution! 7

How to check? - Useful links ● Find the number of known open DNS resolver ●Per AS (for each AS over time period Jun Jun 2013) – factory.com/surveys/openresolvers/ASN-reports/ html – factory.com/surveys/openresolvers/ASN-reports/ ●Per address space (masks “longer” than /22) – –paste an address into the search box near the top ● Fast check for a single domain. ● under Recursive Querieswww.intoDNS.com ● Also … 8

Thank you!

Solutions – additional server Without Animation 5