Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
User Rank: Ninja
5/29/2015 | 8:49:57 AM
over the yars PGP has been depreciated by its detractors as "too complex"
Complex systems such as PGP can be made usable by everyone -- just like a "smart phone" -- by means of packaged technology: wrapping the technology in an easy to use human interface -- often called a "GUI" -- or GUI Dialog
Roots
On paper we sign our name with pen&ink. and that signature is characterized by the individual signer,-- pretty hard to duplicate except by a highly skilled forger. even so, with Notaries or witnesses -- the pen& ink signature has been reliable for years.
but in our online digital networks -- whe have -- nothing
except that PGP has been available since the '90s -- and not adopted for general use due to opposition from interests opposed to privacy and security and such
we may now have reached a tipping point where we will have to admit our error and mend our ways
the key factor needed to implement PGP authentications is explanded authentications. Your PGP Public Key needs to be authenticated by a reliable party in order for your signatures to be recognized as valid. Keep these words in mind: In order for your signature to be recognized as valid. This also requires an assurance that YOU made the signature -- not a some scamster. This is possible with PGP because PGP provides both a Public and Private key for each user. The private key is required to make a signature while the public key is required to recognize(authenticate) a signature.
Exactly what we need!
The only issue is in getting the Public Keys authenticated. This should become a service offered by local Credit Unions and Banks. After you generate your key you take it to the Credit Union. They check your ID and then counter-sign it and upload it to the keyserver.
Now you will be able to authenticate your 1040, online banking, shopping &c
SSL/TLS is not acceptable: it is a half-baked system: The server is able to identify itself -- but not the client. Even the server's ID is questionable as the client has only marginal trust for x.509 certificates: he or she has NOT verified and countersigned the x.509 certificates he/she needs to use. This is what enables MITM attacks.