| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
DNS is the engine that drive the Internet, converting recognizable names into IP addresses behind the scenes. Only recently has the InfoSec community recognized the importance and value of logging DNS traffic and analyzing these logs to detect malicious activity. The development of a variety of open source tools has given network and security admins amazing resources for investigating DNS traffic for signs of improper configuration as well as tell-tale signs of compromise.
This discussion will examine examples of the common ways we see DNS being used to compromise networks including DNS Amplification, data exfiltration, Botnet C&C communication, DDoS via DNS and other less well known DNS exploits. We will then review some of the available open source tools including Graylog, Elasticsearch, Kibana, Packetbeat and NXLog that can be used to proactively log and monitor DNS and other traffic. The discussion will conclude by covering some practical solutions that can easily be implemented to enhance the security of any network. We will demonstrate simple and effective ways to discover compromised devices through DNS log analysis. Currently a Senior Security Specialist at AppRiver, LLC., his team is responsible for global network deployments and manages the SecureSurf global DNS infrastructure and SecureTide global spam & virus filtering infrastructure as well as all internal applications. They also manage security operations for the entire company. He holds a CISSP certification. He is also well-versed in ethical hacking and penetration testing techniques and has been involved in technology for more than 20 years.
Jim has presented at Nolacon, ITEN WIRED, BSides Las Vegas, BSides Atlanta and several smaller conferences. He regularly attends national security conferences and is passionate about conveying the importance of developing, implementing and maintaining security policies for organizations. His talks convey unique and practical techniques that help attendees harden their security in practical and easy-to-deploy ways.
Jim is a senior staff member with BSides Las Vegas, a member of the ITEN WIRED Planning Committee and the president of the Florida Panhandle (ISC)2 Chapter.
When not at the computer, Jim can be found working out, playing guitar, traveling or just relaxing with an adult beverage.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast