Read more
Informationen zum Autor Michael Dooley is responsible for overall operations of the BT Diamond IP division. Mr. Dooley has more than 20 years of experience managing and developing large scale software products and has contributed significantly to the evolution of Internet technologies, particularly related to IP addressing, DHCP and DNS. In 2013 he co-authored the Wiley-IEEE Press title IPv6 Deployment and Management. Timothy Rooney manages BT Diamond IP product development and has led the market introduction of four next-generation IP management systems: NetControl, IPControl, Sapphire appliances and ImageControl. In 2010, he authored the Wiley-IEEE Press title Introduction to IP Address Management and in 2011, IP Address Management Principles and Practice. In 2013 Mr. Rooney co-authored the Wiley-IEEE Press title IPv6 Deployment and Management. Klappentext An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategiesDNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors--noted experts on the topic--offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented.Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC). In addition, the text includes discussions on security applications facility by DNS, such as anti-spam, SPF, DANE and related CERT/SSHFP records. This important resource:* Presents security approaches for the various types of DNS deployments by role (e.g., recursive vs. authoritative)* Discusses DNS resolvers including host access protections, DHCP configurations and DNS recursive server IPs* Examines DNS data collection, data analytics, and detection strategiesWith cyber attacks ever on the rise worldwide, DNS Security Management offers network engineers a much-needed resource that provides a clear understanding of the threats to networks in order to mitigate the risks and assess the strategies to defend against threats. Zusammenfassung An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). Inhaltsverzeichnis Preface xiii Acknowledgments xvii 1 INTRODUCTION 1 Why Attack DNS? 1 Network Disruption 2 DNS as a Backdoor 2 DNS Basic Operation 3 Basic DNS Data Sources and Flows 4 DNS Trust Model 5 DNS Administrator Scope 6 Security Context and Overview 7 Cybersecurity Framework Overview 7 Framework Implementation 9 What's Next 15 2 INTRODUCTION TO THE DOMAIN NAME SYSTEM (DNS) 17 DNS Overview - Domains and Resolution 17 Domain Hierarchy 18 Name Resolution 18 Zones and Domains 23 Dissemination of Zone Information 25 Additional Zones 26 Resolver Configuration 27 Summary 29 3 DNS PROTOCOL AND MESSAGES 31 DNS Message Format 31 Encoding of Domain Names 31 Name Compression 32 Internationalized Domain Names 34 DNS Message Format 35 DNS Update Messages 43 The DNS Resolution Process Revisited 48 DNS Resolution Privacy Extension 55 Summary 56 4 DNS VULNERABILITIES 57 Introduction 57 DNS Data Security 57 DNS Information Trust Model 59 DNS Information S...
