Network Computing Dark Reading

Advertise

Cloud

4/11/2017
04:50 PM

Ericka Chickowski
Slideshows

Connect Directly

0 comments
Comment Now

50%

Forget the Tax Man: Time for a DNS Security Audit

Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.

1 of 8

Image Source: Adobe Stock

The DDoS attack against DNS provider Dyn that took out large swaths of the Internet put a million-candle spotlight on the issue of the availability, and proved that proper DNS management is not just an IT issue, but a security mandate as well. Maintaining website availability and preventing revenue loss from associated outages depends upon good DNS hygiene, maintenance, and control.

DNS tends to be a set-and-forget type of technology... and that can pose problems several years after everything has been forgotten, according to Chris Roosenraad, director of product management for DNS service at Neustar.

[Check out "Protect Your DNS Services Against Security Threats" during Interop ITX, May 15-19, at the MGM Grand in Las Vegas. To learn more about DNS security, other Interop security tracks, or to register, click on the live links.].

Roosenraad -- who has more than two decades of security, networking and public policy expertise, having previously developed the DNS architecture for Charter Communications and Time Warner Cable -- says that DNS audits sound more foreboding than they actually are. This is not necessarily some big, scary compliance activity. It is just a way of accounting for all of the DNS infrastructure configuration to ensure that things haven't gotten out of sync with changing business realities.

"It's just a process of taking some away from the 30 other multitasking things that we all have in front of us to sit down and say, 'Is this what I really want my Internet presence to be?'" he says.

How to begin the process? Here are five essential steps to conducting a successful DNS audit.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio

1 of 8

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

End-User Security Awareness Programs That Work

Secure Email: Developing the Right Strategy

More Webcasts

White Papers

A New World of IT Management in 2019

The State of Mainframe Security

More White Papers

Reports

How Enterprises Are Attacking the Cybersecurity Problem

The State of Cyber Security Incident Response

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

Russia Hacked Clinton's Computers Five Hours After Trump's Call

Robert Lemos, Technology Journalist/Data Researcher, 4/19/2019

Why We Need a 'Cleaner Internet'

Darren Anstee, Chief Technology Officer at Arbor Networks, 4/19/2019

Tips for the Aftermath of a Cyberattack

Kelly Sheridan, Staff Editor, Dark Reading, 4/17/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

A New World of IT Management in 2019

The State of Mainframe Security

Security in the New World of Containers & Serverless

6 Keys to Faster Phishing Mitigation

[Gartner Report] Best Practices for Running Containers & Kubernetes in Production

More White Papers

Video

All Videos

Cartoon

Latest Comment: Bill just doesn't realize it's more than a 2 dimensional world.

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing Secure Applications

IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.

Download Now!

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-11469
PUBLISHED: 2019-04-23

Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Action(s)" feature.

CVE-2013-7470
PUBLISHED: 2019-04-23

cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.

CVE-2019-11463
PUBLISHED: 2019-04-23

A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive through 3.3.3 allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo.

CVE-2019-0218
PUBLISHED: 2019-04-22

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.

CVE-2019-11383
PUBLISHED: 2019-04-22

An issue was discovered in the Medha WiFi FTP Server application 1.8.3 for Android. An attacker can read the username/password of a valid user via /data/data/com.medhaapps.wififtpserver/shared_prefs/com.medhaapps.wififtpserver_preferences.xml

Terms of Service
Privacy Statement
Legal Entities