Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
NSA, CISA issue guidance on Protective DNS services
#1
Quote:
The National Security Agency (NSA) and Cybersecurity and Infrastructure Agency (CISA) released a [color=var(--theme-link_a)]joint information sheet
 Thursday that offers guidance on the benefits of using a Protective Domain Name System (PDNS).
[/color]
 
A PDNS service uses existing DNS protocols and architecture to analyze DNS queries and mitigate threats. It leverages various open source, commercial, and governmental threat feeds to categorize domain information and block queries to identified malicious domains.
 
According to NSA and CISA, the service provides defenses in various points of the network exploitation lifecycle, addressing phishing, malware distribution, command and control, domain generation algorithms, and content filtering. A PDNS can log and save suspicious queries and provide a blocked response, delaying or preventing malicious actions – such as ransomware locking victim files – while letting organizations investigate using those logged DNS queries.
 
The information sheet offers a list of providers, but NSA and CISA were clear that the federal agencies do not endorse one provider over another. The six companies listed are: Akamai, BlueCat, Cisco, EfficientIP, Neustar, and Nominet.
[color=var(--theme-link_a)]NSA and [color=var(--theme-link_a)]CISA[/color] based its recommendations on the  lessons learned from an NSA PDNS pilot, where NSA partnered with the Department of Defense Cyber Crime Center to offer PDNS-as-a-service to several members of the defense industrial base. Over a six-month period, the PDNS service examined more than 4 billion DNS queries to and from the participating networks, blocking millions of connections to identified malicious domains.[/color]
 
Researchers say security pros should think of PDNS solutions as a “DNS firewall” that represents a logical way to actively leverage threat intelligence related to registered domains, said Oliver Tavakoli, chief technology officer at Vectra.
“Like other preventive approaches, they are useful in protecting organizations from known bads, but ultimately fall short in blocking the early stages of a new attack or more sophisticated attacks,” Tavakoli said. “So it makes sense to implement PDNS to reduce attack surface, however, it should not be thought of as a preventive silver bullet that obviates the need to detect attackers who know how to bypass these protections.”
 
Ray Kelly, principal security engineer at WhiteHat Security, added that DNS exploitations are still incredibly rampant and require some attention because they are such an effective technique used by malicious actors. 
“The capability to reroute email, user web browsers, as well as distribute malware at scale are possible when a DNS address has been compromised,” Kelly said.  “Any steps to mitigate attack vectors such as DNS spoofing and DNS cache poisoning will go a long way to help keep users and companies safe from such threats.” 
 


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Firefox 98.0.2 fixes a crash on Windows, an add-ons issue, and more Mohammad.Poorya 0 1,563 03-23-2022 , 03:09 PM
Last Post: Mohammad.Poorya
  Multiple Cisco products exposed to DoS attack due to a Snort issue Bjyda 0 980 03-07-2021 , 11:01 PM
Last Post: Bjyda
  VMware addresses Remote Code Execution issue in View Planner Bjyda 0 980 03-05-2021 , 12:16 AM
Last Post: Bjyda
  NSA Releases Guidance on Zero-Trust Architecture Bjyda 0 786 02-27-2021 , 11:02 PM
Last Post: Bjyda
  CISA: Hackers bypassed MFA to access cloud service accounts tarekma7 0 774 01-14-2021 , 08:25 AM
Last Post: tarekma7

Forum Jump:


Users browsing this thread: 1 Guest(s)