Fr. 150.00

M Dooley, Michae Dooley, Michael Dooley, Michael Rooney Dooley, Dooley Michael, Timothy Rooney...

Dns Security Management

English · Hardback

Shipping usually within 1 to 3 weeks (not available at short notice)

Description

Informationen zum Autor Michael Dooley is responsible for overall operations of the BT Diamond IP division. Mr. Dooley has more than 20 years of experience managing and developing large scale software products and has contributed significantly to the evolution of Internet technologies, particularly related to IP addressing, DHCP and DNS. In 2013 he co-authored the Wiley-IEEE Press title IPv6 Deployment and Management. Timothy Rooney manages BT Diamond IP product development and has led the market introduction of four next-generation IP management systems: NetControl, IPControl, Sapphire appliances and ImageControl. In 2010, he authored the Wiley-IEEE Press title Introduction to IP Address Management and in 2011, IP Address Management Principles and Practice. In 2013 Mr. Rooney co-authored the Wiley-IEEE Press title IPv6 Deployment and Management. Klappentext An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategiesDNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors--noted experts on the topic--offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented.Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC). In addition, the text includes discussions on security applications facility by DNS, such as anti-spam, SPF, DANE and related CERT/SSHFP records. This important resource:* Presents security approaches for the various types of DNS deployments by role (e.g., recursive vs. authoritative)* Discusses DNS resolvers including host access protections, DHCP configurations and DNS recursive server IPs* Examines DNS data collection, data analytics, and detection strategiesWith cyber attacks ever on the rise worldwide, DNS Security Management offers network engineers a much-needed resource that provides a clear understanding of the threats to networks in order to mitigate the risks and assess the strategies to defend against threats. Zusammenfassung An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). Inhaltsverzeichnis Preface xiii Acknowledgments xvii 1 INTRODUCTION 1 Why Attack DNS? 1 Network Disruption 2 DNS as a Backdoor 2 DNS Basic Operation 3 Basic DNS Data Sources and Flows 4 DNS Trust Model 5 DNS Administrator Scope 6 Security Context and Overview 7 Cybersecurity Framework Overview 7 Framework Implementation 9 What's Next 15 2 INTRODUCTION TO THE DOMAIN NAME SYSTEM (DNS) 17 DNS Overview - Domains and Resolution 17 Domain Hierarchy 18 Name Resolution 18 Zones and Domains 23 Dissemination of Zone Information 25 Additional Zones 26 Resolver Configuration 27 Summary 29 3 DNS PROTOCOL AND MESSAGES 31 DNS Message Format 31 Encoding of Domain Names 31 Name Compression 32 Internationalized Domain Names 34 DNS Message Format 35 DNS Update Messages 43 The DNS Resolution Process Revisited 48 DNS Resolution Privacy Extension 55 Summary 56 4 DNS VULNERABILITIES 57 Introduction 57 DNS Data Security 57 DNS Information Trust Model 59 DNS Information S...

List of contents

Preface xiii

Acknowledgments xvii

1 INTRODUCTION 1

Why Attack DNS? 1

Network Disruption 2

DNS as a Backdoor 2

DNS Basic Operation 3

Basic DNS Data Sources and Flows 4

DNS Trust Model 5

DNS Administrator Scope 6

Security Context and Overview 7

Cybersecurity Framework Overview 7

Framework Implementation 9

What's Next 15

2 INTRODUCTION TO THE DOMAIN NAME SYSTEM (DNS) 17

DNS Overview - Domains and Resolution 17

Domain Hierarchy 18

Name Resolution 18

Zones and Domains 23

Dissemination of Zone Information 25

Additional Zones 26

Resolver Configuration 27

Summary 29

3 DNS PROTOCOL AND MESSAGES 31

DNS Message Format 31

Encoding of Domain Names 31

Name Compression 32

Internationalized Domain Names 34

DNS Message Format 35

DNS Update Messages 43

The DNS Resolution Process Revisited 48

DNS Resolution Privacy Extension 55

Summary 56

4 DNS VULNERABILITIES 57

Introduction 57

DNS Data Security 57

DNS Information Trust Model 59

DNS Information Sources 60

DNS Risks 61

DNS Infrastructure Risks and Attacks 62

DNS Service Availability 62

Hardware/OS Attacks 63

DNS Service Denial 63

Pseudorandom Subdomain Attacks 67

Cache Poisoning Style Attacks 67

Authoritative Poisoning 71

Resolver Redirection Attacks 73

Broader Attacks that Leverage DNS 74

Network Reconnaissance 75

DNS Rebinding Attack 77

Reflector Style Attacks 78

Data Exfiltration 79

Advanced Persistent Threats 81

Summary 83

5 DNS TRUST SECTORS 85

Introduction 85

Cybersecurity Framework Items 87

Identify 87

Protect 87

Detect 88

DNS Trust Sectors 88

External DNS Trust Sector 91

Basic Server Configuration 93

DNS Hosting of External Zones 97

External DNS Diversity 97

Extranet DNS Trust Sector 98

Recursive DNS Trust Sector 99

Tiered Caching Servers 100

Basic Server Configuration 101

Internal Authoritative DNS Servers 103

Basic Server Configuration 105

Additional DNS Deployment Variants 108

Internal Delegation DNS Master/Slave Servers 109

Multi-Tiered Authoritative Configurations 109

Hybrid Authoritative/Caching DNS Servers 111

Stealth Slave DNS Servers 111

Internal Root Servers 111

Deploying DNS Servers with Anycast Addresses 113

Other Deployment Considerations 118

High Availability 118

Multiple Vendors 118

Sizing and Scalability 118

Load Balancers 119

Lab Deployment 119

Putting It All Together 119

6 SECURITY FOUNDATION 121

Introduction 121

Hardware/Asset Related Framework Items 122

Identify: Asset Management 122

Identify: Business Environment 123

Identify: Risk Assessment 124

Protect: Access Control 126

Protect: Data Security 127

Protect: Information Protection 129

Protect: Maintenance 130

Detect: Anomalies and Events 131

Detect: Security Continuous Monitoring 131

Respond: Analysis 132

Respond: Mitigation 132

Recover: Recovery Plannin

Product details

Authors	M Dooley, Michae Dooley, Michael Dooley, Michael Rooney Dooley, Dooley Michael, Timothy Rooney, Timothy Dooley Rooney, Rooney Timothy
Publisher	Wiley, John and Sons Ltd

Languages	English
Product format	Hardback
Released	31.08.2017

EAN	9781119328278
ISBN	978-1-119-32827-8
No. of pages	324
Series	IEEE Press Series on Network Management IEEE Press Series on Networks IEEE Press Series on Network Management IEEE Press Series on Networks and Service Management IEEE Press Series on Network and Service Management
Subjects	Natural sciences, medicine, IT, technology > IT, data processing > Data communication, networks Informatik, Netzwerk, computer science, Kommunikationsnetze, Electrical & Electronics Engineering, Elektrotechnik u. Elektronik, Communication Technology - Networks, Kommunikationsnetz, Networking / Security, Netzwerke / Sicherheit, Domain Name System (DNS)

Customer reviews

No reviews have been written for this item yet. Write the first review and be helpful to other users when they decide on a purchase.