Network Computing Dark Reading

Advertise

Cloud

4/11/2017
04:50 PM

Ericka Chickowski
Slideshows

Connect Directly

0 comments
Comment Now

50%

Forget the Tax Man: Time for a DNS Security Audit

Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.

1 of 8

Image Source: Adobe Stock

The DDoS attack against DNS provider Dyn that took out large swaths of the Internet put a million-candle spotlight on the issue of the availability, and proved that proper DNS management is not just an IT issue, but a security mandate as well. Maintaining website availability and preventing revenue loss from associated outages depends upon good DNS hygiene, maintenance, and control.

DNS tends to be a set-and-forget type of technology... and that can pose problems several years after everything has been forgotten, according to Chris Roosenraad, director of product management for DNS service at Neustar.

[Check out "Protect Your DNS Services Against Security Threats" during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about DNS security, other Interop security tracks, or to register, click on the live links.].

Roosenraad -- who has more than two decades of security, networking and public policy expertise, having previously developed the DNS architecture for Charter Communications and Time Warner Cable -- says that DNS audits sound more foreboding than they actually are. This is not necessarily some big, scary compliance activity. It is just a way of accounting for all of the DNS infrastructure configuration to ensure that things haven't gotten out of sync with changing business realities.

"It's just a process of taking some away from the 30 other multitasking things that we all have in front of us to sit down and say, 'Is this what I really want my Internet presence to be?'" he says.

How to begin the process? Here are five essential steps to conducting a successful DNS audit.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio

1 of 8

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Effective Cyber Risk Assessment

Purple Team Tactics & TI for Effectively Training Your Cybersecurity Team

More Webcasts

White Papers

Top 5 Log Sources You Should Be Ingesting but Probably Are Not

How to Navigate the Intersection of DevOps and Security

More White Papers

Reports

2018 Gartner Report: Market Guide for Managed Detection and Response Services (MDR)

2018 Open Source Security and Risk Analysis Report

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

6 Security Trends for 2018/2019

Curtis Franklin Jr., Senior Editor at Dark Reading, 10/15/2018

WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors

Curtis Franklin Jr., Senior Editor at Dark Reading, 10/19/2018

4 Ways to Fight the Email Security Threat

Asaf Cidon, Vice President, Content Security Services, at Barracuda Networks, 10/15/2018

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Communications & Collaboration 2022 at EC19 Orlando March 18-21

White Papers

Top 5 Log Sources You Should Be Ingesting but Probably Are Not

How to Build Security Into Your Software Development

Definitive Guide to Software-Defined Perimeters

6 Keys to Faster Phishing Mitigation

360 Degree Visibility and Why Nothing Less Will Do for Risk and Security Teams

More White Papers

Video

All Videos

Cartoon

Latest Comment: Too funny!

Cartoon Archive

Current Issue

10 Emerging Threats Every Enterprise Should Know About

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Risk Management Struggle

The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!

Download Now!

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-10839
PUBLISHED: 2018-10-16

Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.

CVE-2018-13399
PUBLISHED: 2018-10-16

The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.

CVE-2018-18381
PUBLISHED: 2018-10-16

Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.

CVE-2018-18382
PUBLISHED: 2018-10-16

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.

CVE-2018-18374
PUBLISHED: 2018-10-16

XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.

Terms of Service
Privacy Statement
Legal Entities