DNS Hardening - Proactive Network Security Using F5 iRules and Open Source Analysis Tools

Presented at BSidesLV 2016, Aug. 2, 2016, 5:30 p.m. (30 minutes)

DNS is the engine that drives the Internet. Almost all Internet activity makes use of DNS to properly route traffic. Most times, end users and service providers set up their DNS and promptly forget about the service. Rarely do they look at the log data or analyze traffic hitting their DNS servers. Providers can limit cache server exposure through access lists. Authoritative servers can gain some protection by using Anycast addressing. But in the end, DNS typically remains vulnerable to DNS amplification attacks, DDoS and other malicious traffic and is a lynchpin for almost every network.

As a DNS service provider, we faced unique challenges. How could we offer open DNS cache resolution while protecting the integrity of our service? How could we use data collected to uncover network compromise? How could we detect and mitigate DNS attacks before they impact customer-facing services? How could we give customers the tools needed to isolate compromised machines on their LAN? This is the abbreviated story of that journey. The answers are found in the data combined with the use of open source tools including Graylog, Elasticsearch and Kibana. My hope is that sharing our experiences can make life better for your network.

Presenters:

• Jim Nitterauer - Senior Security Specialist - AppRIver, LLC
  Currently a Senior Security Specialist at AppRiver, LLC. , his team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global SPAM & Virus filtering infrastructure as well as all internal applications. They also manage security operations for the entire company. He holds a CISSP certification. He is also well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 20 years. Jim has presented at Nolacon, ITEN WIRED, BSides Las Vegas, BSides Atlanta and a number of smaller conferences. He regularly attends national security conferences and is passionate about conveying the importance of developing, implementing and maintaining security policies for organizations. His talks convey unique and practical techniques that help attendees harden their security in practical and easy-to-deploy ways. Jim is a senior staff member with BSides Las Vegas, a member of the ITEN WIRED Planning Committee and the President of the Florida Panhandle (ISC)2 Chapter. He stays connected with the InfoSec and ethical hacker community and is well-known by his peers. When not at the computer, Jim can be found working out, playing guitar, traveling or just relaxing with an adult beverage.

Links:

• https://bsideslv2016.sched.com/event/7ZXg/dns-hardening-proactive-network-security-using-f5-irules-and-open-source-analysis-tools

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / DNS Exfiltration and Out-of-Band Attacks
• NolaCon 2016 / Analyzing DNS Traffic for Malicious Activity Using Open Source Logging Tools
• NolaCon 2019 / DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy