Review iClickers. Ch 1: The Importance of DNS Security.

Slides:



Advertisements
Similar presentations
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Advertisements

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
1 DNSSEC From a protocol bug to a security advantage Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
DNS Security A.Lioy, F.Maino, M. Marian, D.Mazzocchi Computer and Network Security Group Politecnico di Torino (Italy) presented by: Marius Marian.
Chapter 7 HARDENING SERVERS.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
25.1 Chapter 25 Domain Name System Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Domain Name System ( DNS )  DNS is the system that provides name to address mapping for the internet.
Domain Name System Security Extensions (DNSSEC) Hackers 2.
Chabot College ELEC Name Resolution.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
Tony Kombol ITIS Who knows this? Who controls this? DNS!
Domain Name Service (DNS) at Colorado State University
TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)
Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.
CSUF Chapter 6 1. Computer Networks: Domain Name System 2.
Distributed Systems. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community.
IIT Indore © Neminath Hubballi
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 17 Domain Name System (DNS)
Test cases for domain checks – a step towards a best practice Mats Dufberg,.SE Sandoche Balakrichenan, AFNIC.
Olaf M. Kolkman. Domain Pulse, February 2005, Vienna. DNSSEC Basics, Risks and Benefits Olaf M. Kolkman
October 15, 2002Serguei A. Mokhov, 1 Intro to DNS SOEN321 - Information Systems Security.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
TCP/IP Protocol Suite 1 Chapter 17 Upon completion you will be able to: Domain Name System: DNS Understand how the DNS is organized Know the domains in.
Domain Name System CH 25 Aseel Alturki
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.
Packet Filtering & Firewalls. Stateless Packet Filtering Assume We can classify a “good” packet and/or a “bad packet” Each rule can examine that single.
TODAY & TOMORROW DAY 2 - GROUP 5 PRESENTED BY: JAMES SPEIRS CHARLES HIGBY BRADY REDFEARN Domain Name System (DNS)
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Tony Kombol ITIS DNS! overview history features architecture records name server resolver dnssec.
Configuring Name Resolution and Additional Services Lesson 12.
Domain Name System (DNS). DNS Server Service Overview of Domain Name System What Is a Domain Namespace? Standards for DNS Naming.
1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
* Agenda  What is the DNS ?  Poisoning the cache  Short term solution  Long term solution.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
Computer Networks Fall, 2007 Prof Peterson. CIS 235: Networks Fall, 2007 Western State College How’s it going??
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Chapter 18 Domain Name System (DNS)
DNS Security 1. Fundamental Problems of Network Security Internet was designed without security in mind –Initial design focused more on how to make it.
Ch 6: DNSSEC and Beyond Updated DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.
DNS Cache Poisoning (pretending to be the authoritative zone) ns.example.co m Webserver ( ) DNS Caching Server Client I want to access
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
So DNS is A client-server application that maps domain names into their corresponding IP addresses with the help of name servers. Mapping domain names.
Grades update. Homework #1 Count35 Minimum Value47.00 Maximum Value Average
Internet infrastructure 1. Infrastructure Security r User expectations  Reliable service  Reliable endpoints – although we know of spoofing and phishing.
Monitoring, analyzing and cleaning DNS configuration errors across European NRENs Slavko Gajin University of Belgrade, Serbia
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.
Security Issues with Domain Name Systems
DNS Security.
DNS Security Issues SeongHo Cho DPNM Lab., POSTECH
IMPLEMENTING NAME RESOLUTION USING DNS
DNS Cache Poisoning Attack
DNS security.
Chapter 19 Domain Name System (DNS)
ISMS Information Security Management System
NET 536 Network Security Lecture 8: DNS Security
Chapter 25 Domain Name System
NET 536 Network Security Lecture 6: DNS Security
Chapter 25 Domain Name System
(DNS – Domain Name System)
Windows Name Resolution
Presentation transcript:

Review iClickers

Ch 1: The Importance of DNS Security

How many times have attackers brought down the RNS root? A.Never B.1 time C.2 times D.3-10 times E.More than ten times

Which technique allows larger DNS packets? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

Which technique makes DoS attacks more effective? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

Which technique was used by the Kaminsky attack? A.DoS B.Cache poisoning C.DNSChanger D.Packet amplification E.EDNS

Ch 2: DNS Overview: Protocol, Architecture, and Applications

Which item contains data for a domain and its subdomains? A./etc/hosts B.FQDN C.TLD D.Zone E.Delegation

Which item was used for name resolution before DNS? A./etc/hosts B.FQDN C.TLD D.Zone E.Delegation

In a home network, a router is used as a DNS server. What is its role? A.Client B.Caching Server C.Resolver D.Authoritative Server E.None of the above

What item should be blocked on an SOA server? A.Iterative query B.Recursive query C.Delegation D.DNSSEC E.TCP

Which record contains an server's name? A.A B.AAAA C.MX D.PTR E.CNAME

Which record is used to block spam? A.RRSIG B.DS C.SPF D.NAPTR E.SOA

Ch 3: DNS Vulnerabilities

Which security problem makes your DNS server a hazard to others? A.Single point of failure B.Exposure of internal information C.Open resolver D.Unprotected zone transfers E.Server running in privileged mode

Which security problem is caused by Microsoft products querying blackhole servers? A.Single point of failure B.Exposure of internal information C.Open resolver D.Unprotected zone transfers E.Server running in privileged mode

Which security problem can be mitigated with source port randomization? A.Predictable Transaction ID B.CNAME chaining C.Cache poisoning D.MITM E.Packet amplification

Which security problem can be mitigated with DNSSEC? A.Predictable Transaction ID B.CNAME chaining C.Single point of failure D.MITM E.Packet amplification

Ch 4: Monitoring and Detecting Security Breaches

Which monitoring technique requires a SPAN port? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

Which monitoring technique stores one record for each TCP or UDP session? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

Which monitoring technique contains layer 7 data in a convenient form? A.Log data B.Network flow data C.Packet data D.Application level metadata E.None of the above

You see a lot of large DNS requests on your network, exceeding 300 bytes. What's going on? A.Transient domains B.Fast flux C.Phantom domains D.DNS Changer E.Tunneling

Ch 5: Prevention, Protection and Mitigation of DNS Service Disruption

Which technique uses BGP to spread out attacks? A.Geographically distributed B.Network distributed C.Caching acceleration D.Anycast E.Direct Delegation

Which technique requires you to trust another company, because if they go down, your site is down? A.Geographically distributed B.Network distributed C.Caching acceleration D.Anycast E.Direct Delegation

Which device is used temporarily, only during an attack? A.Failover B.Firewall C.IDS D.IPS E.Scrubber

Which entity has a self-signed DNSSEC key? A.. B..org C.ietf.org D.More than one of the above E.None of the above

Which protection does DNSSEC provide? A.Confidentiality and integrity B.Confidentiality and availability C.Authenticity and availability D.Authenticity and integrity E.None of the above

Ch 6: DNSSEC and Beyond

What prevents MITM attacks in DNSSEC? A.Trusted root B.CA C.Shared secret D.Nothing E.None of the above

Which item allows authenticated denial of existence, but exposes host names? A.DS B.NSEC C.NSEC3 D.RRSIG E.Glue records

Which item conceals host names with hashing? A.DS B.NSEC C.NSEC3 D.RRSIG E.Glue records

Which item renders DNS requests confidential? A.DNSCurve B.DNSSEC C.NSEC3 D.DS E.RR

Which item makes attacks possible on the target's LAN? A.DS Record B.Lack of Protection Between User Devices and Resolvers C.Lack of Protection of Glue Records D.Key Changes Don't Propagate E.NSEC3 DoS

Which attack is possible when a server changes hosting providers? A.Re-Addressing Replay Attack B.NSEC3 Offline Dictionary Attack C.No Protection of DNS or Lower Layer Header Data D.DNSSEC Data Inflate Zone Files and DNS Packet Sizes E.DNSSEC Increases Computational Requirements

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.