The Domain Name System - DNS Operation, Threats, and Security Intelligence

Explore the intricacies of the Domain Name System (DNS) in this 36-minute conference talk from Louisville InfoSec 2016. Delve into DNS operation, potential threats, and security intelligence with expert Tom Kopchak. Learn about amplification attack processes, proper DNS server configuration, and the importance of only providing responses for domains you own. Discover the dangers of blind transfers and domain hijacking, and explore effective countermeasures. Examine DNS security use cases, including SSL traffic correlation challenges and threat intelligence using DNS data. Gain insights into forensic investigations, DNS data exfiltration detection, and the role of DNS in threat intelligence research. Enhance your understanding of DNS security to better protect your organization's digital infrastructure.

Intro
DOMAIN NAME SYSTEM Operation, Threats, and Security Intelligence
AMPLIFICATION ATTACK PROCESS
PROPER DNS SERVER CONFIGURATION
YOU ARE NOT AN ISP Unless, of course, you are ONLY PROVIDE RESPONSES FOR DOMAINS YOU OWN
BLIND TRANSFERS ARE BAD
DOMAIN HIJACKING
HOW DO WE STOP THIS?
DNS SECURITY USE CASES
SSL TRAFFIC CORRELATION Problem Reading encyrpted requests is hard
THREAT INTELLIGENCE USING DNS DATA DNS lookups for known malicious sites Hosting providers associated with ransomware
FORENSIC INVESTIGATIONS
DNS DATA EXFILTRATION Detect DNS tunneling - abnormally high number of lookups for a single domain
THREAT INTELLIGENCE RESEARCH