YoVDO

DNS in Enterprise IR Collection Analysis and Response

Offered By: YouTube

Tags

Conference Talks Courses Data Analysis Courses Cybersecurity Courses Digital Forensics Courses DNS Courses Data Collection Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore DNS in enterprise incident response, collection, analysis, and response through this 47-minute conference talk from Derbycon 2016. Delve into critical data choices, border collection methods, and logging techniques including query resolution and protocol interpretation. Learn about rich myths, histogram preparation, isolation tunneling, and domain analysis. Discover where DNS queries should be rare, understand DNS tunneling and TXT records, and examine false positives, prefetch responses, and DNSSEC. Gain insights into RBZ (Response Policy Zones) and their implementation in incident response strategies.

Syllabus

Introduction
What is Coinbase
Data is critical
Three critical choices
Collect at your border
Query Resolution Logging
Protocol Interpretation Logging
Standalone DNS Logging
Rich Myths
Preparing
Histogram
Isolation tunneling
Domains
Where should be rare
DNS Tunnel
TXT Records
False Positives
Prefetch
Response
RBZ
DNSSEC
Go RBZ


Related Courses

Foundations of Computer Science for Teachers
The University of Texas at Austin via edX Computer Forensics
Rochester Institute of Technology via edX FinTech Security and Regulation (RegTech)
The Hong Kong University of Science and Technology via Coursera Cyber Security
CEC via Swayam Fundamentos de Ciberseguridad: un enfoque práctico
Inter-American Development Bank via edX