Nowadays, the traditional on-site computing architecture is moved to remote facilities that are normally under the management of a third party as enterprises convert, entirely or in part, to cloud-based services. Too frequently after an attack, the targeted organization discovers that it cannot dependably solve the information required to access that remote infrastructure, preventing it from carrying out its business. Companies suffer if you can’t access your DNS servers or believe the data they offer.
As we previously discussed, DNS also gives IP addresses for Internet domain names, which is crucial security data for a network within a company. Computer security initiatives too frequently concentrate on the edge and endpoint-based security procedures that are based on log analysis. It’s critical to keep in mind that DNS requests and responses can provide a wealth of security-related data about network activity. Both authorized users and potential cybercriminals can learn a great deal about a company’s infrastructure from the DNS records alone.
Although some could contend that one reason for the efficiency of DNS is that it is invisible to the typical user, others may counter that this makes it easier for criminals to go undetected. One intriguing pattern we’ve noticed is that certain admins disable query logging on nameservers, usually for efficiency reasons. This approach is regrettable as DNS logging is a key tool an organization can employ to identify a rogue entity causing damage to its DNS infrastructure or other areas of the ecosystem.
Cybersecurity experts can benefit from tracking DNS requests and responses from network activity itself in addition to logs. For instance, keeping an eye on the normal flow of traffic to and from a company’s DNS servers ..
Support the originator by clicking the read the rest link below.
