SlideShare a Scribd company logo

The DNS Tunneling Blindspot

Download as PPTX, PDF
Brian A. McHenry
Brian A. McHenry

Primer on DNS tunneling used as a vector for data theft via malware and insider threats with mitigation techniques and pointers on improving outbound DNS security architecture.

Technology
1 of 23
Stopping the bad guys and what you can do about itBrian A. McHenry Sr. Security Solutions Architect bam@f5.com @bamchenry
Enterprise Blindspots in the Age of Malware & Insider ThreatsBrian A. McHenry Sr. Security Solutions Architect bam@f5.com @bamchenry
Who is this guy? • Brian A. McHenry, Sr. Security Solutions Architect, F5 Networks • 9 years at F5, focused on application security solutions • Regular contributor on DevCentral.f5.com & InformationSecurityBuzz.com • Follow me on Twitter @bamchenry
Greatest threats to data loss? External • Injection attacks • SQL, cmd, etc. • Open TCP ports • SSH, Telnet, FTP, etc. • Phishing Internal • Undetected malware • Servers, desktops, laptops, etc. • Employees, contractors • Disgruntled or Careless • Unverified backup systems
Detecting Malware
Mitigate Malicious Communication - RPZ Open Service DNS Query Filtering by Reputation Prevent malware and sites hosting malicious content from ever communicating with a client. Live updates BIG-IP Inhibit the threat at the earliest opportunity. Internet activity starts with a DNS request. Domain Reputation Mitigate DNS threats by blocking access to malicious IPs. Reduce malware and virus infections. Select Your Service Response Policy Zone (RPZ) Live Feed DNS Server/Proxy
Protecting the Client The internet isn’t an altogether safe place MALICIOUS THREATS UNDESIRABLE CONTENT DUPING THE USER BotNets Inadvertently downloaded and used to mount distributed attacks. Viruses Once installed, causes malicious activity on end-user device, sometimes for ransom. OS Vulnerabilities Unprotected, unpatched devices are extremely vulnerable. Phishing scams and Man in the Middle Websites which impersonate real websites, often linked from email or a website. Scammers aim to capture credentials. Site redirection DNS traffic is captured and sent to a malicious DNS server serving bad DNS results. Offensive Content may violate HR or local rules. Violation of decency standards. Be age inappropriate. Irrelevant Distractive content incompatible with job function or policy. Illegal content File sharing or sites identified as hosting banned material.
DNS IP and Name Reputation Choices RESPONSE POLICY ZONES URL FILTERING IP REPUTATION Screens a DNS request against domains with a bad reputation. Intercept a DNS request in iRules. Categorize & make a decision. Intercept a DNS response in iRules. Categorize & make a decision. INHIBITS THREATS BY FQDN INHIBITS THREATS BY IP INHIBITS THREATS BY FQDN POLICY CONTROL BY FQDN
Technical Use Cases http://www.badsite.com http://194.71.107.15 http://www.facebook.com IP REPUTATION URL FILTERINGTHREAT TYPE Virus, malware etc. DNS lookup required. Virus, malware etc No DNS lookup issued Social networking Against corp policy. RPZ No DNS lookup to filter. Cover malicious content only. Limited to IP address reputation. Limited to IP address reputation. No URL or FQDN to examine.
Prevent malware and sites hosting malicious content from ever communicating with a client. Internet activity starts with a DNS request. Inhibit the threat at the earliest opportunity. Live updates CACHE RESOLVER PROTOCOL VALIDATION SCRIPTING IPV4/V6 LISTENER REPUTATION DATABASE SPECIAL HANDLING DNS Server or Proxy Use Case – User Protection Prevent subscribers from reaching known bad domains RPZ live feed
Use Case – ISP Layered Client Protection QUERY: WWW.DOMAIN.COM DNS Policy CACHE RESOLVER iConto l Subscriber Policy RPZ IP Reputation URL Filtering EGRESS DNS PATH INGRESS DNS PATH • Response Policy Zones (RPZ) filters out and provides NXDOMAIN / Redirect for know bad domains. • URL Filtering further provides granular policy controls using categories. • IP Intelligence blocks based on the resolved IP. • It can also be used in the data path for other protocols. RPZ Feed IP Rep Feed URL Feed Policy
Thank you! http://www.informationsecuritybuzz.com/articles/mutating-malware-and-data- center-blind-spots-in-2016/ http://www.slideshare.net/bamchenry https://www.linkedin.com/in/bamchenry https://twitter.com/bamchenry
Title and Content Layout with List • Add your first bullet point here • Add your second bullet point here • Add your third bullet point here
Title and Content Layout with Chart 0 1 2 3 4 5 6 Category 1 Category 2 Category 3 Category 4 Series 1 Series 2 Series 3
Two Content Layout with Table • First bullet point here • Second bullet point here • Third bullet point here Class Group 1 Group 2 Class 1 82 95 Class 2 76 88 Class 3 84 90
Title and Content Layout with SmartArt Step 1 Title Task description Task description Task description Task description Step 2 Title Task description Task description Task description Step 3 Title Task description Task description Step 4 Title Task description Task description
Add a Slide Title - 1
Add a Slide Title - 2
Add a Slide Title - 3
Add a Slide Title - 4
Add a Slide Title - 5

Recommended

Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
Brian A. McHenry
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training Program
OpenDNS
 
F5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionF5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transition
Dmitry Tikhovich
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower Costs
OpenDNS
 
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentUmbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
OpenDNS
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Puppet
 

Recommended

Taking the Fear out of WAF
Taking the Fear out of WAFTaking the Fear out of WAF
Taking the Fear out of WAF
Brian A. McHenry
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
Brian A. McHenry
 
Security Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training ProgramSecurity Ninjas: An Open Source Application Security Training Program
Security Ninjas: An Open Source Application Security Training Program
OpenDNS
 
F5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transitionF5 EMEA Webinar Oct'15: http2 how to ease the transition
F5 EMEA Webinar Oct'15: http2 how to ease the transition
Dmitry Tikhovich
 
DNS Security, is it enough?
DNS Security, is it enough? DNS Security, is it enough?
DNS Security, is it enough?
Zscaler
 
Standardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower CostsStandardizing and Strengthening Security to Lower Costs
Standardizing and Strengthening Security to Lower Costs
OpenDNS
 
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & ContainmentUmbrella for MSPs: Enterprise Grade Malware Protection & Containment
Umbrella for MSPs: Enterprise Grade Malware Protection & Containment
OpenDNS
 
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Fully Automate Application Delivery with Puppet and F5 - PuppetConf 2014
Puppet
 
Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for DevicesJorgen Thelin
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
Stephan Borosh
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
 
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
Lior Rotkovitch
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
MarketingArrowECS_CZ
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE - ATT&CKcon
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
ThousandEyes
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
EC-Council
 
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PROIDEA
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
Cloudflare
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
 
Tech t18
Tech t18Tech t18
Tech t18SelectedPresentations
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
Radware
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
Radware
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
Andrew McNicol
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
ConnectSafely
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)
Andreas Taudte
 
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring Project
APNIC
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Florian Roth
 
Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 

More Related Content

What's hot

Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for DevicesJorgen Thelin
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
Stephan Borosh
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
APNIC
 
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
Lior Rotkovitch
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
MarketingArrowECS_CZ
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE - ATT&CKcon
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
ThousandEyes
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
EC-Council
 
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PROIDEA
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
Cloudflare
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
EC-Council
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
Radware
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
Radware
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructurewebhostingguy
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
Andrew McNicol
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
ConnectSafely
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)
Andreas Taudte
 
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring Project
APNIC
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Florian Roth
 

What's hot (20)

Web Services Discovery for Devices
Web Services Discovery for DevicesWeb Services Discovery for Devices
Web Services Discovery for Devices
 
External to DA, the OS X Way
External to DA, the OS X WayExternal to DA, the OS X Way
External to DA, the OS X Way
 
KHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack PreventionKHNOG 3: DDoS Attack Prevention
KHNOG 3: DDoS Attack Prevention
 
ASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitchASM 11.6 DDoS profile- lior rotkovitch
ASM 11.6 DDoS profile- lior rotkovitch
 
Denial of Service - Service Provider Overview
Denial of Service - Service Provider OverviewDenial of Service - Service Provider Overview
Denial of Service - Service Provider Overview
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, TripwireMITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
 
Monitoring for DNS Security
Monitoring for DNS SecurityMonitoring for DNS Security
Monitoring for DNS Security
 
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian HilemanAre your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
Are your cloud servers under attack?– Hacker Halted 2019 – Brian Hileman
 
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS ServicesPLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
PLNOG15 :Scale and Secure the Internet of Things with Intelligent DNS Services
 
DDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and MitigationDDoS 101: Attack Types and Mitigation
DDoS 101: Attack Types and Mitigation
 
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
DNS – Strategies for Reducing Data Leakage & Protecting Online Privacy – Hack...
 
Tech t18
Tech t18Tech t18
Tech t18
 
The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]The Art of Cyber War [From Black Hat Brazil 2014]
The Art of Cyber War [From Black Hat Brazil 2014]
 
DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16DDoS Threat Landscape - Ron Winward CHINOG16
DDoS Threat Landscape - Ron Winward CHINOG16
 
Secure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet InfrastructureSecure Communication with an Insecure Internet Infrastructure
Secure Communication with an Insecure Internet Infrastructure
 
BSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPointBSides Philly Finding a Company's BreakPoint
BSides Philly Finding a Company's BreakPoint
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
 
Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)Network Intelligence for a secured Network (2014-03-12)
Network Intelligence for a secured Network (2014-03-12)
 
DDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring ProjectDDosMon A Global DDoS Monitoring Project
DDosMon A Global DDoS Monitoring Project
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
 

Viewers also liked

Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
Security BSides London
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
inbroker
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
FindWhitePapers
 
Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches
Pseudo Random DNS Query Attacks and Resolver Mitigation ApproachesPseudo Random DNS Query Attacks and Resolver Mitigation Approaches
Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches
APNIC
 
Fast flux
Fast fluxFast flux
Fast flux
Swapnil Patil
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
SensePost
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNSamiable_indian
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
APNIC
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
Courtland Smith
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Paladion Networks
 
About D2D
About D2D About D2D
About D2D
Ofer Moshe
 
Budget Presentation FS 2013/2014 economic overview
Budget Presentation FS 2013/2014 economic overviewBudget Presentation FS 2013/2014 economic overview
Budget Presentation FS 2013/2014 economic overview
fortuneofafrica
 
2016 cheap long prom dresses uk under 100 chicdresses.co.uk
2016 cheap long prom dresses uk under 100 chicdresses.co.uk2016 cheap long prom dresses uk under 100 chicdresses.co.uk
2016 cheap long prom dresses uk under 100 chicdresses.co.uk
Chicdresses.co.uk
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
Maarten Balliauw
 

Viewers also liked (16)

Dns tunnelling its all in the name
Dns tunnelling its all in the nameDns tunnelling its all in the name
Dns tunnelling its all in the name
 
Network tunneling techniques
Network tunneling techniquesNetwork tunneling techniques
Network tunneling techniques
 
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS AttacksDNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
DNSSEC: The Antidote to DNS Cache Poisoning and Other DNS Attacks
 
Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches
Pseudo Random DNS Query Attacks and Resolver Mitigation ApproachesPseudo Random DNS Query Attacks and Resolver Mitigation Approaches
Pseudo Random DNS Query Attacks and Resolver Mitigation Approaches
 
Fast flux
Fast fluxFast flux
Fast flux
 
Botconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server DetectionBotconf 2013 - DNS-based Botnet C2 Server Detection
Botconf 2013 - DNS-based Botnet C2 Server Detection
 
Fast flux hosting and DNS
Fast flux hosting and DNSFast flux hosting and DNS
Fast flux hosting and DNS
 
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
Water Torture: A Slow Drip DNS DDoS Attack on QTNet by Kei Nishida [APRICOT 2...
 
OpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&COpenDNS Whitepaper: DNS's Role in Botnet C&C
OpenDNS Whitepaper: DNS's Role in Botnet C&C
 
DNS Security
DNS SecurityDNS Security
DNS Security
 
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
Early Detection of Malicious Flux Networks via Large Scale Passive DNS Traffi...
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
About D2D
About D2D About D2D
About D2D
 
Budget Presentation FS 2013/2014 economic overview
Budget Presentation FS 2013/2014 economic overviewBudget Presentation FS 2013/2014 economic overview
Budget Presentation FS 2013/2014 economic overview
 
2016 cheap long prom dresses uk under 100 chicdresses.co.uk
2016 cheap long prom dresses uk under 100 chicdresses.co.uk2016 cheap long prom dresses uk under 100 chicdresses.co.uk
2016 cheap long prom dresses uk under 100 chicdresses.co.uk
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 

Similar to The DNS Tunneling Blindspot

Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022
lior mazor
 
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoringdeftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
Deft Association
 
Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy? Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy?
Digital Transformation EXPO Event Series
 
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat IntelligenceR-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
Jason Trost
 
ICANN 51: Name Collision
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name Collision
ICANN
 
Monitoring Network Performance in China
Monitoring Network Performance in ChinaMonitoring Network Performance in China
Monitoring Network Performance in China
ThousandEyes
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemJennifer Nichols
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Amazon Web Services
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
NormShield, Inc.
 
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PROIDEA
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Splunk
 
Black hat usa_2015-bypass_surgery-6_aug2015
Black hat usa_2015-bypass_surgery-6_aug2015Black hat usa_2015-bypass_surgery-6_aug2015
Black hat usa_2015-bypass_surgery-6_aug2015
a4202655
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Valtiokonttori / Statskontoret / State Treasury of Finland
 
Ferris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain PermutationsFerris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain Permutations
Bishop Fox
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
NetWatcher
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Amazon Web Services
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Amazon Web Services
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP Atlanta
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
Jisc
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
Jason Trost
 

Similar to The DNS Tunneling Blindspot (20)

Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022
 
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoringdeftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
deftcon 2015 - Dave Piscitello - DNS Traffic Monitoring
 
Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy? Is DNS a Part of Your Cyber Security Strategy?
Is DNS a Part of Your Cyber Security Strategy?
 
R-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat IntelligenceR-CISC Summit 2016 Borderless Threat Intelligence
R-CISC Summit 2016 Borderless Threat Intelligence
 
ICANN 51: Name Collision
ICANN 51: Name CollisionICANN 51: Name Collision
ICANN 51: Name Collision
 
Monitoring Network Performance in China
Monitoring Network Performance in ChinaMonitoring Network Performance in China
Monitoring Network Performance in China
 
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid ThemInfoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
Infoblox White Paper - Top Five DNS Security Attack Risks and How to Avoid Them
 
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
Top five security errors and how to avoid them - DEM09 - Santa Clara AWS Summ...
 
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
2017 Cyber Risk Grades by Industry: Normshield Executive Presentation
 
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
PLNOG15-DNS is the root of all evil in the network. How to become a superhero...
 
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
Using Splunk to Defend Against Advanced Threats - Webinar Slides: November 2017
 
Black hat usa_2015-bypass_surgery-6_aug2015
Black hat usa_2015-bypass_surgery-6_aug2015Black hat usa_2015-bypass_surgery-6_aug2015
Black hat usa_2015-bypass_surgery-6_aug2015
 
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_NiemelaTietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
Tietoturvallisuuden_kevatseminaari_2013_Jarno_Niemela
 
Ferris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain PermutationsFerris Bueller’s Guide to Abuse Domain Permutations
Ferris Bueller’s Guide to Abuse Domain Permutations
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...Top five configuration security errors and how to avoid them - DEM09-S - Chic...
Top five configuration security errors and how to avoid them - DEM09-S - Chic...
 
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS SummitTop 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
Top 5 security errors and how to avoid them - DEM06-S - Mexico City AWS Summit
 
OWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls PresentationOWASP ATL - Social Engineering Technical Controls Presentation
OWASP ATL - Social Engineering Technical Controls Presentation
 
Infoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security toolInfoblox - turning DNS from security target to security tool
Infoblox - turning DNS from security target to security tool
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
 

Recently uploaded

Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 

Recently uploaded (20)

Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 

The DNS Tunneling Blindspot

  • 1. Stopping the bad guys and what you can do about itBrian A. McHenry Sr. Security Solutions Architect bam@f5.com @bamchenry
  • 2. Enterprise Blindspots in the Age of Malware & Insider ThreatsBrian A. McHenry Sr. Security Solutions Architect bam@f5.com @bamchenry
  • 3. Who is this guy? • Brian A. McHenry, Sr. Security Solutions Architect, F5 Networks • 9 years at F5, focused on application security solutions • Regular contributor on DevCentral.f5.com & InformationSecurityBuzz.com • Follow me on Twitter @bamchenry
  • 4. Greatest threats to data loss? External • Injection attacks • SQL, cmd, etc. • Open TCP ports • SSH, Telnet, FTP, etc. • Phishing Internal • Undetected malware • Servers, desktops, laptops, etc. • Employees, contractors • Disgruntled or Careless • Unverified backup systems
  • 6. Mitigate Malicious Communication - RPZ Open Service DNS Query Filtering by Reputation Prevent malware and sites hosting malicious content from ever communicating with a client. Live updates BIG-IP Inhibit the threat at the earliest opportunity. Internet activity starts with a DNS request. Domain Reputation Mitigate DNS threats by blocking access to malicious IPs. Reduce malware and virus infections. Select Your Service Response Policy Zone (RPZ) Live Feed DNS Server/Proxy
  • 7. Protecting the Client The internet isn’t an altogether safe place MALICIOUS THREATS UNDESIRABLE CONTENT DUPING THE USER BotNets Inadvertently downloaded and used to mount distributed attacks. Viruses Once installed, causes malicious activity on end-user device, sometimes for ransom. OS Vulnerabilities Unprotected, unpatched devices are extremely vulnerable. Phishing scams and Man in the Middle Websites which impersonate real websites, often linked from email or a website. Scammers aim to capture credentials. Site redirection DNS traffic is captured and sent to a malicious DNS server serving bad DNS results. Offensive Content may violate HR or local rules. Violation of decency standards. Be age inappropriate. Irrelevant Distractive content incompatible with job function or policy. Illegal content File sharing or sites identified as hosting banned material.
  • 8. DNS IP and Name Reputation Choices RESPONSE POLICY ZONES URL FILTERING IP REPUTATION Screens a DNS request against domains with a bad reputation. Intercept a DNS request in iRules. Categorize & make a decision. Intercept a DNS response in iRules. Categorize & make a decision. INHIBITS THREATS BY FQDN INHIBITS THREATS BY IP INHIBITS THREATS BY FQDN POLICY CONTROL BY FQDN
  • 9. Technical Use Cases http://www.badsite.com http://194.71.107.15 http://www.facebook.com IP REPUTATION URL FILTERINGTHREAT TYPE Virus, malware etc. DNS lookup required. Virus, malware etc No DNS lookup issued Social networking Against corp policy. RPZ No DNS lookup to filter. Cover malicious content only. Limited to IP address reputation. Limited to IP address reputation. No URL or FQDN to examine.
  • 10. Prevent malware and sites hosting malicious content from ever communicating with a client. Internet activity starts with a DNS request. Inhibit the threat at the earliest opportunity. Live updates CACHE RESOLVER PROTOCOL VALIDATION SCRIPTING IPV4/V6 LISTENER REPUTATION DATABASE SPECIAL HANDLING DNS Server or Proxy Use Case – User Protection Prevent subscribers from reaching known bad domains RPZ live feed
  • 11. Use Case – ISP Layered Client Protection QUERY: WWW.DOMAIN.COM DNS Policy CACHE RESOLVER iConto l Subscriber Policy RPZ IP Reputation URL Filtering EGRESS DNS PATH INGRESS DNS PATH • Response Policy Zones (RPZ) filters out and provides NXDOMAIN / Redirect for know bad domains. • URL Filtering further provides granular policy controls using categories. • IP Intelligence blocks based on the resolved IP. • It can also be used in the data path for other protocols. RPZ Feed IP Rep Feed URL Feed Policy
  • 12.
  • 14. Title and Content Layout with List • Add your first bullet point here • Add your second bullet point here • Add your third bullet point here
  • 15. Title and Content Layout with Chart 0 1 2 3 4 5 6 Category 1 Category 2 Category 3 Category 4 Series 1 Series 2 Series 3
  • 16. Two Content Layout with Table • First bullet point here • Second bullet point here • Third bullet point here Class Group 1 Group 2 Class 1 82 95 Class 2 76 88 Class 3 84 90
  • 17. Title and Content Layout with SmartArt Step 1 Title Task description Task description Task description Task description Step 2 Title Task description Task description Task description Step 3 Title Task description Task description Step 4 Title Task description Task description
  • 18. Add a Slide Title - 1
  • 19. Add a Slide Title - 2
  • 20. Add a Slide Title - 3
  • 21.