DNS Security - 1st Edition - ISBN: 9780128033067, 9780128033395

DNS Security

1st Edition

Defending the Domain Name System

Authors: Allan Liska Geoffrey Stowe
eBook ISBN: 9780128033395
Paperback ISBN: 9780128033067
Imprint: Syngress
Published Date: 14th June 2016
Page Count: 226
Tax/VAT will be calculated at check-out Price includes VAT (GST)
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
30% off
30% off
30% off
30% off
30% off
20% off
20% off
35.95
25.16
25.16
25.16
25.16
25.16
28.76
28.76
49.95
34.97
34.97
34.97
34.97
34.97
39.96
39.96
30.99
21.69
21.69
21.69
21.69
21.69
24.79
24.79
Unavailable
Price includes VAT (GST)
× DRM-Free

Easy - Download and start reading immediately. There’s no activation process to access eBooks; all eBooks are fully searchable, and enabled for copying, pasting, and printing.

Flexible - Read on multiple operating systems and devices. Easily read eBooks on smart phones, computers, or any eBook readers, including Kindle.

Open - Buy once, receive and download all available eBook formats, including PDF, EPUB, and Mobi (for Kindle).

Institutional Access

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.

Description

DNS Security: Defending the Domain Name System provides tactics on how to protect a Domain Name System (DNS) framework by exploring common DNS vulnerabilities, studying different attack vectors, and providing necessary information for securing DNS infrastructure. The book is a timely reference as DNS is an integral part of the Internet that is involved in almost every attack against a network. The book focuses entirely on the security aspects of DNS, covering common attacks against DNS servers and the protocol itself, as well as ways to use DNS to turn the tables on the attackers and stop an incident before it even starts.

Key Features

  • Presents a multi-platform approach, covering Linux and Windows DNS security tips
  • Demonstrates how to implement DNS Security tools, including numerous screen shots and configuration examples
  • Provides a timely reference on DNS security, an integral part of the Internet
  • Includes information of interest to those working in DNS: Securing Microsoft DNS and BIND servers, understanding buffer overflows and cache poisoning, DDoS Attacks, pen-testing DNS infrastructure, DNS firewalls, Response Policy Zones, and DNS Outsourcing, amongst other topics

Readership

Information security professionals and consultants, network administrators, and other information systems managers, specialists, and analysts

Table of Contents

  • Dedication
  • About the Authors
  • Acknowledgments
  • Chapter 1. Understanding DNS
    • Abstract
    • Introduction
    • DNS History
    • The Root
    • Recursive and Authoritative Servers
    • Zone Files
    • Resource Records
    • Conclusions
    • Notes
  • Chapter 2. Issues in DNS security
    • Abstract
    • Introduction
    • A Brief History of DNS Security Breaches
    • Why is DNS Security Important?
    • Common DNS Security Problems
    • Developing a DNS Security Plan
    • Notes
  • Chapter 3. DNS configuration errors
    • Abstract
    • Introduction
    • DNS Server Vulnerabilities
    • Fingerprinting DNS Servers
    • Buffer Overflows, Race Conditions, and Execution with Unnecessary Privileges
    • Human Errors
    • Conclusions
  • Chapter 4. External DNS exploits
    • Abstract
    • Introduction
    • Cache Poisoning
    • DNS Spoofing
    • DDoS Attacks Using DNS
    • Using DNS as a Command and Control or Exfil Channel
    • Conclusions
    • Notes
  • Chapter 5. DNS reconnaissance
    • Abstract
    • Introduction
    • WHOIS
    • Mapping DNS Infrastructure
    • DNS Fingerprinting
    • Reverse DNS
    • DNS Cache Snooping
    • Passive DNS
    • Collection of Query Data
    • Conclusions
    • Notes
  • Chapter 6. DNS network security
    • Abstract
    • Introduction
    • Locating DNS Servers
    • Public and Private DNS Infrastructure
    • Logging and Monitoring DNS Traffic
    • Flagging Bad Domains
    • Passive DNS
    • DNS Firewalls and RPZ
    • Blacklists, Whitelists, and Other DNS Threat Intelligence
    • Conclusions
    • Notes
  • Chapter 7. BIND security
    • Abstract
    • Introduction
    • Running BIND in a Chroot Jail
    • Fingerprint Evasion Techniques
    • Response Rate Limiting
    • Queries and Transfers
    • Response Policy Zones
    • Logging
    • Conclusions
    • Notes
  • Chapter 8. Windows DNS security
    • Abstract
    • Introduction
    • Securing Windows DNS Files
    • Dynamic DNS Control
    • Queries and Transfers
    • Windows and DDoS
    • Windows Caching Servers
    • Windows DNS and High Availability
    • Logging
    • Conclusions
    • Notes
  • Chapter 9. DNS outsourcing
    • Abstract
    • Introduction
    • DNS Outsourcing
    • Deciding How Much to Outsource
    • Working Securely with a DNS Provider
    • Monitoring DNS Infrastructure
    • DNS Outsourcing and DDoS
    • Conclusions
    • Notes
  • Chapter 10. DNSSEC
    • Abstract
    • Introduction
    • Background
    • Cryptography Overview and TLS
    • DNSSEC Protocol
    • NXDOMAIN Responses
    • Implementing DNSSEC on Linux
    • Implementing DNSSEC on Windows
    • Operating a DNSSEC Zone
    • DNSSEC Criticisms
    • Conclusions
    • Notes
  • Chapter 11. Anycast and other DNS protocols
    • Abstract
    • Introduction
    • Anycast Motivation
    • Anycast
    • Implementing Anycast
    • Anycast and DDoS
    • Multicast DNS
    • DNS Service Discovery
    • Tor Hidden Services
    • Conclusions
    • Notes
  • Index

Details

No. of pages:
226
Language:
English
Copyright:
© Syngress 2016
Published:
Imprint:
Syngress
eBook ISBN:
9780128033395
Paperback ISBN:
9780128033067

About the Author

Allan Liska

Allan Liska is a Consulting Systems Engineer at FireEye Inc. and an "accidental" security expert. While Allan has always been good at breaking things, he got his start professionally working as a customer service representative at GEnie Online Services (a long defunct early competitor to AOL), where he would spend his off hours figuring out how users had gain unauthorized access to the system, booting them off, and letting the developers know what needed to be patched. Unknowingly, this was leading him down the path of becoming a security professional. Since then he has work at companies like UUNET, Symantec, and iSIGHT Partners helping companies better secure their networks. He has also worked at Boeing trying to break into those company networks.

In addition to his time spent on both sides of the security divide Allan has written extensively on security including The Practice of Network Security and Building an Intelligence-Led Security Program. He was also a contributing author to Apache Administrator's Handbook.

Affiliations and Expertise

Consulting Systems Engineer, FireEye Inc.

Geoffrey Stowe

Geoffrey Stowe lives in San Francisco and is an Engineering Lead at Palantir Technologies. His network security work has included vulnerability research, reverse engineering, incident response, and anomaly detection. There was a time when he could translate byte code to assembly without looking at a manual. Geoff started Palantir’s commercial business in 2010 and built its first platforms for distributed, large scale data analysis. He graduated from Dartmouth College with a degree in computer science.

Affiliations and Expertise

Engineer, Palantir Technologies