Reducing the Risks of BYOD with DNS-based Security Intelligence; Part 2: Taking Control

By Thomas Orthbandt

Posted on January 29, 2013 in: Security

Tags: ,

In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise’s caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. These domains are the domain names of the servers that are in the control of the bot master for purposes of botnet command and control. Bots will perform a DNS query for one or more of these domains in an attempt to connect to these servers in order to receive their instructions. By monitoring queries to these domains, all infected clients, including BYOD, can be identified on the network. Moreover, by subsequently blocking access to the domains, malware responsible for the bot infection is denied the critical instructions it needs to function.

Read more

Benefits of DNS based architecture for M2M communications

By Thomas Orthbandt

Nominum Logo

Posted on January 16, 2013 in: Network

Tags: ,

The number of ‘things’ connected to the internet is already bypassing the number of people on the planet. This Internet of ‘things’ is changing the way we live and work: from the way food is grown and produced on farms through automated temperature and feeding controls, to the way we check prices and buy through connected terminals, to the vehicles we drive, the security cameras at work, and automated gates at the entrance.  Connected ‘things’ are everywhere.  All these ‘things’ are helping us to be more productive and efficient while also offering more and more convenience.

Read more

A Win Win in the Malware Battle

By Thomas Orthbandt

Nominum Logo

Posted on October 11, 2012 in: Security

Tags:

Last month Microsoft led an effort to take control of a domain – 3322.org – in order to disrupt more than 500 different strains of malware affecting millions of innocent people around the world. Using a surgical approach implemented with software from Nominum, Microsoft was able to sinkhole traffic to malware subdomains hosted on 3322.org without impacting queries to legitimate subdomains. Numerous articles covered the effort; some of the better ones are below:

Read more

The Future is Now

By Thomas Orthbandt

Nominum Logo

Posted on October 3, 2012 in: Security

One of the challenges network operators face is responding quickly to market requirements.  Agility is the new normal, competitive leadership is based on moving quickly.  But progress can be slowed by the disparate interests of marketing or business teams, and technical or operational teams.  Marketing can spot trends and identify new services, but it can be difficult to get them implemented quickly in the network when stability is rightfully paramount.

Read more

How to Evaluate Performance of a DNS Resolver

By Thomas Orthbandt

Nominum Logo

Posted on August 1, 2012 in: Network

Tags:

Ten years ago everyone evaluating DNS solutions was always concerned about performance. Broadband networks were getting faster, providers were serving more users, and web pages and applications increasingly stressed the DNS.  Viruses were a factor too as they could rapidly become the straw that broke the camel’s back of a large ISP’s DNS servers.  The last thing a provider needed was a bottleneck, so DNS resolution speed became more and more visible, and performance was everything.

High Performance DNS Needs High Performance Security

By Thomas Orthbandt

Nominum Logo

Posted on June 28, 2012 in: Network, Security

Tags:

 There’s been a lot of emphasis on DNS performance lately because faster DNS contributes directly to a better user experience.  There’s an interesting flipside to DNS performance though, higher performance DNS servers may be better targets for cache poisoning attacks.  Faster servers give attackers more opportunities to insert fake entries into the DNS – speed can kill (or at least inflict a nasty wound!) so it’s important to understand the security implications if you’re looking to upgrade DNS performance.

The Business Parallels between IPv6 and DNSSEC

By Thomas Orthbandt

Nominum Logo

Posted on June 13, 2012 in: Network, Security

Tags: ,

 For two things that would seem to be completely unrelated there is an interesting parallel between IPv6 and DNSSEC.  In both cases there is a misalignment of interests between content providers and service?providers.   Content providers aren’t highly motivated to deploy IPv6 because only a small proportion of users have v6 connectivity and even fewer only have v6.  Service providers aren’t anxious to deploy IPv6? because there isn’t a lot of content on v6, and virtually none exclusively on v6 – so they don’t expand the universe of interesting stuff on the web by deploying IPv6.  Basically the same things could be said about DNSSEC.  Content providers don’t sign their domains so there is little reason to validate; and no one is validating so there is little reason to sign, at least until recently.  Fortunately this is starting to change on both fronts.

A logical place to start the IPv6 transition

By Thomas Orthbandt

Nominum Logo

Posted on May 22, 2012 in: Network

Tags:

The transition to IPv6 is top of mind for most service providers. Even in places where there are still IPv4 addresses to be had surveys we’ve run suggest v6 is solidly on the priority list.  That’s not to say everyone has the same strategy.  Depending where you are in the world transition options are different – in places such as APAC where exhaustion is at hand one of the many NAT alternatives will likely be deployed since getting a significant allocation of addresses is not going to happen and other alternatives for obtaining addresses will prove expensive.  Ditto the European region, who is next on the list to find the IPv4 shelves bare.

Read more

Cel-e-brate v6, Come On!

By Thomas Orthbandt

Nominum Logo

Posted on May 14, 2012 in: Network

Tags:

With IPv6 World Launch coming up it’s worth pausing to consider the collective efforts of the Internet industry in enabling and deploying an essential evolutionary technology at what will become truly massive scale. It’s easy to be a detractor and believe there has been little progress – but the Internet hasn’t melted down and there is no evidence it is about to.  Perhaps the issue is that progress occurred in a different way than was predicted or preferred by the experts.  The reality is providers everywhere have developed coping mechanisms for IPv4 exhaustion.  Innovation, operational sweat, and perhaps some tough negotiating make it happen.  But isn’t that the essence of the Internet?

Read more

1 7 8 9 10 11 12