Presentation slide for courses, classes, lectures et al.

Slides:

Advertisements

Similar presentations

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Advertisements

COPYRIGHT © 2010 TECTIA CORPORATION. ALL RIGHTS RESERVED. Proactive Measures to Prevent Data Theft Securing, Auditing and Controlling remote.

Simulation and Analysis of DDos Attacks Poongothai, M Department of Information Technology,Institute of Road and Transport Technology, Erode Tamilnadu,

Trusted Internet Connections. Background Pervasive and sustained cyber attacks against the United States continue to pose a potentially devastating impact.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

Department Of Computer Engineering

Website Hardening HUIT IT Security | Sep

Norman SecureSurf Protect your users when surfing the Internet.

Test Review. What is the main advantage to using shadow copies?

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

CLOUD COMPUTING  IT is a service provider which provides information.  IT allows the employees to work remotely  IT is a on demand network access.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

DNS Security Pacific IT Pros Nov. 5, Topics DoS Attacks on DNS Servers DoS Attacks by DNS Servers Poisoning DNS Records Monitoring DNS Traffic Leakage.

Auditing Information Systems (AIS)

Overview Abstract Vulnerability: An Overview Cloud Computing Cloud-Specific Vulnerabilities Architectural Components and Vulnerabilities Conclusion.

Course code: ABI 204 Introduction to E-Commerce Chapter 5: Security Threats to Electronic Commerce AMA University 1.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

DNS Security Risks Section 0x02. Joke/Cool thing traceroute traceroute c

Information Security Officer Meeting

Security fundamentals

Chapter 40 Internet Security.

Network security Vlasov Illia

Increasing Information and Data Security in Today’s Cybersecurity World 2017 Conference Review 6/6/2017.

Module 3: Enabling Access to Internet Resources

DNS Security Advanced Network Security Peter Reiher August, 2014

Cybersecurity - What’s Next? June 2017

Partner Toolbox Cloud Infrastructure & Management

DNS Security Issues SeongHo Cho DPNM Lab., POSTECH

Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM

Public Facilities and Cyber Security

Real-time protection for web sites and web apps against ATTACKS

Secure Software Confidentiality Integrity Data Security Authentication

Medical Device Cybersecurity Legislative Activities - Overview

Objectives Differentiate between the different editions of Windows Server 2003 Explain Windows Server 2003 network models and server roles Identify concepts.

Some bits on how it works

Unit 5: Providing Network Services

Cloud Security.

DNSSEC Iván González Montemayor A

Security in Networking

CIS 333Competitive Success/tutorialrank.com

CIS 333 Education for Service-- tutorialrank.com.

CLOUD COMPUTING SECURITY

11/15/2018 3:42 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

An Introduction to Computer Networking

PRIVILEGED ACCOUNT ABUSE

Distributed Peer-to-peer Name Resolution

Developing a Baseline On Cloud Security Jim Reavis, Executive Director

National Cyber Security

Brandon Traffanstedt Systems Engineer - Southeast

NET 536 Network Security Lecture 8: DNS Security

Firewalls Jiang Long Spring 2002.

NET 536 Network Security Lecture 6: DNS Security

Intrusion Detection system

4/9/2019 5:05 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS.

Information Protection

Designing IIS Security (IIS – Internet Information Service)

Information Protection

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Cloud Computing for Wireless Networks

Presentation transcript:

DNS Flag Day 2019 What you need to know about this Day can affect your CI Operations Presentation slide for courses, classes, lectures et al. InfraGard Louisiana Member’s Alliance Charles George, CISSP – Water Sector

Domain Name Services Discussion Defining DNS, the change, potential impact and opportunity Regulatory Impacts Operational Impacts Internal networks Hybrid Networks Cloud-only environments How to know if your environment is affected right now? What about suppliers and partners? Bring it to the strategic planning process now Why education is critically important – Skills, Resources, Time

Does this apply to me? January 2019: “An emergency directive from the Department of Homeland Security provides “required actions” for U.S. government agencies to prevent widespread DNS hijacking attacks.” – Threatpost.com DHS has issued a four-step plan that must be enacted. 1. Audit all .gov and agency-managed domains on authoritative and secondary DNS servers and ensure that they direct traffic to the intended location. NS records and those associated with key agency services should be prioritized. If DNS changes are discovered, they must be reported to Cyber Security and Infrastructure Security Agency (CISA). 2. All federal agencies have been instructed to change DNS account passwords on accounts that can make changes to the agency’s DNS records. New unique, complex passwords should be set. 3. All DNS accounts that can make changes to DNS records should have multi-factor authentication enabled. If MFA cannot be enabled on systems, CISA must be notified. 4. CISA will begin regular delivery of newly added certificates to Certificate Transparency (CT) logs for agency domains via the Cyber Hygiene service in the next 10 days. CT logs must be immediately monitored for certificates that have been issued that have not been requested by the agency. If logs are found to be inaccurate, they must be reported to CISA.

What Changed? DNS => EDNS Essentially a workaround has existed so long that not everyone thinks of it as a work around….. It comes down to the number of bits allowed in the response for an address on the Internet by a client Just as “extensions or plug-ins” for a web browser allow additional capabilities to be added, DNS also provides for extensions Enforcement of certain rules will cause issues with both legacy and contemporary services that have misused these protocols

DNS – More than a web address DNS as an analogy: Need to call someone? Seen another way: Need to go to a new place? What if your number is misdirected? If you do not know where you are going, any path can take you there.

DNS History Printers, e-mail, reports Database & applications became the norm Multi-site operations, partners & suppliers require more external connections Internet booms now customers, partners, suppliers, etc. are everywhere Service-to-service, Remote Hosting, Cloud environments, Web Services, Etc.

DNS – Threats, Attacks & Trends Understanding the threats and proactively seeking weaknesses within your environment – before an incident or breach. Recommendation: Develop in-house Threat Hunting capabilities Types of breaches noted in 2018 (Source: Verizon DIBR):

Common Attacks on DNS Zero-day attack – the attacker exploits a previously unknown vulnerability in the DNS protocol stack or DNS server software. Cache poisoning – the attacker corrupts a DNS server by replacing a legitimate IP address in the server’s cache with that of another, rogue address. Cache poisoning may also be referred to as DNS poisoning. Denial of Service – an attack in which the DNS mechanisms become overwhelmed by DNS requests and becomes unable to service legitimate requests. Distributed Denial of Service – a Denial of Service attack involving many sources of DNS request generated by bots or zombie computers against a targeted DNS service provider or IP address. DNS amplification - the attacker takes advantage of a DNS server that permits recursive lookups and uses recursion to spread his attack to other DNS servers.

DNS Attack Examples – How it works The obligatory “technical diagrams”:

References & Resources Flag Day Resources DNS Internet Flag Day (www.flagday.net) https://www.isc.org/blogs/dns-flag-day/ US CERT Resources DNS Testing Information & Tools: http://ednscomp.isc.org/ Compliance Testing Tool Source Code Repo: GitHub Repo for Test Tool Source Code References Cited: Secure Domain Name System (DNS) Deployment Guide - NIST Special Publication 800-81-2 InfoTech Research Group Microsoft Azure DNS - Getting Ready for Flag Day Center for Internet Security (CIS) DNS standards (1987 - RFC1035) & EDNS (1999 (RFC2671 and RFC6891) 2018 Data Breach Investigations Report - Verizon

Charles George, CISSP President, First Maridian LLC cj Charles George, CISSP President, First Maridian LLC cj.george@firstmaridian.com Conclusion to course, lecture, et al.