Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools

Presented at NolaCon 2016, May 20, 2016, 1 p.m. (Unknown duration).

DNS is the engine that makes the Internet work, converting recognizable names into IP addresses behind the scenes. Without DNS, the Internet as we know it would not exist. DNS tends to be a service that once configured, is often ignored. In today’s world of ongoing and evolving cyberattacks, DNS is often overlooked as a means of both detecting and mitigating network compromise. This talk will examine ways to analyze DNS traffic for signs of malicious activity, discuss ways to filter and secure DNS as well as examine how DNS data can be used to quickly identify compromised devices. We will examine a variety of tools used to analyze and uncover some common DNS attacks and network compromise including NXLog, Logstash, Graylog, Kibana and Elasticsearch.


Presenters:

  • Jim Nitterauer
    Jim Nitterauer, CISSP is currently a Senior Security Specialist at AppRiver, LLC. His team is responsible for global network deployments and manages the SecureSurf global DNS and SecureTide global SPAM and Virus filtering infrastructure as well as all internal applications and helps manage security operations for the entire company. He presents regularly at local regional and national conferences. He writes regularly for the AppRiver blog, Tripwire and Peerlyst. He is also well-versed in ethical hacking and penetration testing techniques, has joined the staff of BSides Las Vegas and has been involved in technology for more than 20 years. Twitter: @JNitterauer

Links:

Similar Presentations: