Dark Reading is part of the Informa Tech Division of Informa PLC
This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Everything You Need to Know About DNS AttacksIt's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask.
Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted.
Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Incident Readiness and Building Response Playbook
In this special report, learn the Xs and Os of any good security incident readiness and response playbook.
Tweet This
1 Comments
User Rank: Ninja
8/24/2018 | 5:17:33 PM
"The second most common was SQL injection, which was leveraged to access sensitive data or run OS commands to gain further access into a target system. " - Maybe I missed something, I thought the first rule of thumb would be to install the database on a separate system other than the DB/Application sitting together, I think from that standpoint, isn't the person asking for trouble, just a rule of thumb.
"those are injection flaws, broken authentication, sensitive data exposure, XML external entities, and broken access control." - And isn't this just plain human error and no oversight on the part of the manager or director.
RASP - Run-Time Application Self Protection. This is interesting, they are developing this for the various phones but I don't see the development for servers or desktops. I do think machine learning is taking over in this space where the algorithms and teaching sequences are getting more complicated and the systems are learning. There was an incident where Facebook allowed two machines to learn from each other, they allowed the machine to communicate with each other and the systems started communicating with each other in a totally different language, the researchers were so frightened of the incident that they stopped the research project all together - https://goo.gl/2VcyRw. The last time I looked at Transformers, this occurred as well. All I can say is wow, we should have allowed them to communicate in a controlled environment to see what they would have come up with, they probably would have gone out of the electrical circuits to learn all the human behavior flaws, that would have been interesting.
"If you have an app on the Internet, it'll get attacked eventually," he says – and to use the right tools and data to minimize them." - I especially agree with this point, but at the end of the day, isn't security a facade, at the end of the day if we look into the imperceivable deep areas of the mind, where if put in the right circumstances, we would all break down and do the things that we said we would not (whether it would be money, fame, prestige or family concerns). I hope I never run down that path but who knows, only the future holds that truth.
Please keep the wonderful articles coming.
Todd