20 | Why securing the DNS layer is crucial to fight cyber crime (簡訳:DNS層を保護することがサイバー犯罪と戦うために重要である理由) | ----------- | |
ComputerWeekly.com | 2020-10-21 18:50 | ????0? | |
“At RiskIQ, we find most organisations are unaware of about 30% of their external-facing assets. That can be websites, mail servers, remote gateways, and so on. If any of these systems are left unpatched, unmonitored or unmanaged, it presents an opportunity for compromise and further potential exploit, whether that is towards company assets, or other more valuable infrastructure such as DNS servers are dependent on the motives of the attacker and the specifics of the breached environment.”Curran says there is debate about the best method, however. “Some argue that DoT is better from a network security standpoint as network admins can monitor and block DNS queries, such as malicious traffic,” he says. “DoH queries, however, are concealed in regular HTTPS traffic, so they cannot be blocked as easily without blocking other HTTPS traffic too. DoH does provide more privacy. However, as DNS queries are hidden within the HTTPS traffic, this is crucial to many.”When it comes to identifying and mitigating cyber attacks, the DNS layer offers a great deal of insight. Mark Fieldhouse, Europe, Middle East and Africa (EMEA) general manager at NS1, says: “Integrating DNS with monitoring and reporting systems gives visibility into application and network traffic, so that companies can more easily observe DNS configuration changes and shifting traffic patterns, which will reveal key indicators of compromise. DNS can also provide net fencing to prevent sites from receiving traffic from suspicious countries, regions or domains. “This means that if an attacker does gain access, communication between the malware and the command and control centre, for example, is highly likely to be in that DNS traffic,” says Forbes. “With the advancements in AI [artificial intelligence] and machine learning – which can detect patterns in the source, destination and characteristic of network traffic – it has become easier to detect this potentially malicious traffic at a much earlier point than before.John Graham-Cumming, CTO at Cloudflare, says there are a number of things that businesses can do when it comes to DNS-based security. “Firstly, you need to protect DNS infrastructure from the basic attacks, like DDoS, that can be used against anything on the internet,” he says. “Then you should ensure that, like any other piece of software, the DNS servers are up to date and patched. With these in place, companies can use information from their DNS servers to detect new attacks. -- ???????? | |||
????????????????????????????? ??????????????????????? |
????????????