[ed. note – this post was authored jointly by John Stuppi and Dan Hubbard]
The Domain Name Service (DNS) provides the IP addresses of intended domain names in response to queries from requesting end hosts. Because many threat actors today are leveraging DNS to compromise end hosts monitoring DNS is often a critical step in identifying and containing malware infections and investigating attacks. Yet our research found that few organizations actually monitor DNS for security purposes—or at all—which makes DNS a security “blind spot.”
We explore this issue in more detail Read More »
Tags: 2016 Annual Security Report, 2016 ASR, dns, Threat Research
Modern demands in virtualization, cloud, and the Internet of Things are shifting the network landscape and require advanced solutions to manage critical network services across physical, virtual, and cloud environments.
Recently, I had the opportunity to speak with InfoBlox’s Chief Technology Officer, Alan Conley, about automating core network services – DNS, DHCP, and IP Address Management (DDI) – with Cisco Application Centric Infrastructure (ACI). In this video interview, Alan spoke about the common challenges InfoBlox and Cisco customers face in security and automation in their data centers.
Alan eloquently explains how ACI micro segmentation to enhance security for East-West traffic in the data center complements InfoBlox’s secure DNS server that detects and mitigates malware and botnets trying to attack customer networks.
He also shared how a number of InfoBlox customers are looking for the integration of InfoBlox DDI and Cisco ACI to deliver highly secured solutions but also ones that are operationally agile.
I really encourage you to listen to Alan Conley’s enlightening interview.
For more information:
InfoBlox Enterprise-grade DNS, DHCP, and IP Address Management (DDI) datasheet
InfoBlox Demonstrates a New Approach to DNS Security blog
Tags: ACI, Alan Conley, Cisco ACI, DDI, DHCP, dns, Harry Petty, InfoBlox, IPAM, SDN
The Cisco 2014 Midyear Security Report has been released, diving into threat intelligence and cybersecurity trends for the first half of 2014.
You may be thinking, “What could have possibly changed since January?” True to form, the attacker community continues to evolve, innovate, and think up new ways to discover and exploit weak links in the security chain. Also true to form, they sometimes simply use tried and true methods to exploit some of the same old vulnerabilities that continue to present themselves. The 2014 Midyear Security Report hits on all aspects and once again illustrates that in the age of the Internet of Things, as the attack surface grows, so too grow the number of attacks, the types of attacks, and the impacts of these attacks. Read More »
Tags: dns, midyear security report, security
This post explains how to inspect the contents of windows DNS cache. Inspection can be used to check DNS entries, revealing if any malicious websites are being visited.
A Domain Name Server’s (DNS) cache of DNS records can be inspected to determine if your network is interacting with suspicious or malicious internet sites. To perform this task, perform the following:
For Windows 2003 and prior versions, you must install Windows Support Tools. Once installed, inspect and export the DNS cache using the command prompt (cmd.exe) window.
For Windows 2008 and later, The Windows PowerShell is a more advanced version of Windows Support Tools and is installed by default. Use the PowerShell window or run the PowerShell Script from the command prompt window to inspect and export the DNS cache.
How to Inspect the Cache from the CMD Prompt
Windows 2003 and Prior Using dnscmd
- From the support tools directory (\Program Files (x86)\Support Tools), run the following command to display the DNS cache output in the CMD window.
- To redirect the DNS cache output to a file, use the following command:
C:\Program Files (x86)\Support Tools>dnscmd /zoneprint ..cache > c:\cache_output.txt
Read More »
Tags: Cisco Security, dns, security
The registration is now open and there is still time left to respond to the call for papers for the upcoming FIRST Technical Colloquium April 7-8, 2014. Please contact us at firstname.lastname@example.org for speaker engagements. The event already has an exciting preliminary program covering:
- Savvy Attribution in the DNS – Using DNS to Geo-locate Malicious Actors
- Beyond Zone File Access: Discovering interesting Domain Names Using Passive DNS
- DNStap: High speed DNS logging without packet capture
- CVSS v3 – This One Goes to 11
- Securing the Internet Against DDoS Attacks
- Threat Actor Techniques
- Mitigating Attacks Targeting Administrator Credentials in the Enterprise
- Hardware: The root of trust in the cloud
- Targeted attack case study
- What does an enterprise monitor for targeted attacks? – CSIRT Playbook II
- Security uses for hadoop & big data
- Using HBASE for Packet capture
And many more current issues facing the incident response community. Learn how organizations operationalize intelligence to mitigate and detect advanced threats.
The event’s line-up includes so far already notables from Cisco Security Intelligence Operations (SIO), Symantec, Vrije Universiteit Amsterdam and Farsight. Looking forward to A great TC!
Tags: Amsterdam, DDoS, dns, FIRST, security, Technical Colloquium, TRAC