Dan Kaminsky, the security researcher who first sounded the alarm that the entire Internet was in grave danger due to a widespread vulnerability, has revealed in front of a packed audience at the Black Hat security conference the details behind the initial subterfuge — and potential problems that could still pick apart the Web world as we know it. At the heart of the matter is the Domain Name System, which handles Internet addresses and routes traffic accordingly.
I was trying to find anyone who has experience with Bluecat. They provide DNS protection services and I'm possibly looking to get it for my business. Their product listings are here https://www.bluecatnetworks.com
Can you guys tell me your personal experiences or do you think their services are necessary for me. I run a chain of restaurants in Toronto.
"The vulnerability is that your DNS gets poisoned. You can tell if your DNS is poisoned by looking at your cache [in a DNS server], but what you can't tell is if any user queried your data, got back bad data, and then acted on it. DNS doesn't log queries, so you have no record of it," Mel Beckman, a California-based system administrator for multiple name servers, told TechNewsWorld.
To challenge this quote, I would say that traditionally you can get visibility to who and when a client has made a query to the DNS server. Knowingly, you have to put your DNS server into Debugging mode for an AD DNS server or Query logging mode for a linux DNS server; both these options have a expensive resource cost that would impact the response times from the server. I think it is worth mentioning that enterprise DNS products like Infoblox have solved this issues and provide the visibility that is critical for remediation or forensics by developing a DNS server based on BIND without the resource overhead of turning on query logging. Something to consider if your organization is looking for solutions against DNS Exploits. I have many safe and satisfied customers where I have recommend Infoblox as a DNS solution.
Loading ...
Where Are All the Dangerous DNS Exploits? Nowhere and Everywhere
Posted by: Chris Maxcer August 7, 2008 02:00 PMDan Kaminsky, the security researcher who first sounded the alarm that the entire Internet was in grave danger due to a widespread vulnerability, has revealed in front of a packed audience at the Black Hat security conference the details behind the initial subterfuge — and potential problems that could still pick apart the Web world as we know it. At the heart of the matter is the Domain Name System, which handles Internet addresses and routes traffic accordingly.
Can you guys tell me your personal experiences or do you think their services are necessary for me. I run a chain of restaurants in Toronto.
To challenge this quote, I would say that traditionally you can get visibility to who and when a client has made a query to the DNS server. Knowingly, you have to put your DNS server into Debugging mode for an AD DNS server or Query logging mode for a linux DNS server; both these options have a expensive resource cost that would impact the response times from the server. I think it is worth mentioning that enterprise DNS products like Infoblox have solved this issues and provide the visibility that is critical for remediation or forensics by developing a DNS server based on BIND without the resource overhead of turning on query logging. Something to consider if your organization is looking for solutions against DNS Exploits. I have many safe and satisfied customers where I have recommend Infoblox as a DNS solution.