DNS in Enterprise IR Collection Analysis and Response
Offered By: YouTube
Course Description
Overview
Explore DNS in enterprise incident response, collection, analysis, and response through this 47-minute conference talk from Derbycon 2016. Delve into critical data choices, border collection methods, and logging techniques including query resolution and protocol interpretation. Learn about rich myths, histogram preparation, isolation tunneling, and domain analysis. Discover where DNS queries should be rare, understand DNS tunneling and TXT records, and examine false positives, prefetch responses, and DNSSEC. Gain insights into RBZ (Response Policy Zones) and their implementation in incident response strategies.
Syllabus
Introduction
What is Coinbase
Data is critical
Three critical choices
Collect at your border
Query Resolution Logging
Protocol Interpretation Logging
Standalone DNS Logging
Rich Myths
Preparing
Histogram
Isolation tunneling
Domains
Where should be rare
DNS Tunnel
TXT Records
False Positives
Prefetch
Response
RBZ
DNSSEC
Go RBZ
Related Courses
Social Network AnalysisUniversity of Michigan via Coursera Intro to Algorithms
Udacity Data Analysis
Johns Hopkins University via Coursera Computing for Data Analysis
Johns Hopkins University via Coursera Health in Numbers: Quantitative Methods in Clinical & Public Health Research
Harvard University via edX