When most people use the Internet, they use domain names to specify the website that they want to visit. However, computers use IP addresses to identify different systems connected to the Internet and route traffic through the Internet. The Domain Name System (DNS) is the protocol that makes the Internet usable by allowing the use of domain names.
DNS is widely trusted by organizations, and DNS traffic is typically allowed to pass freely through network firewalls. However, it is commonly attacked and abused by cybercriminals. As a result, the security of DNS is a critical component of network security.
DNS can be used in different ways. Some threats include attacks against the infrastructure:
DNS can also be abused and used in cyberattacks. Examples of the abuse of DNS include:
DNS is an old protocol, and it was built without any integrated security. Several solutions have been developed to help secure DNS, including:
Monitoring your DNS traffic can be a rich source of data to your Security Operations Center (SOC) teams as they monitor and analyze your company’s security posture. In addition to monitoring firewalls and IPS systems for DNS Indicators of Compromise (IoC), infected hosts or DNS tunneling attempts, SOC teams can also be on the lookout for lookalike domains.
Check Point solutions can help organizations protect DNS infrastructure and detect DNS-based attacks. Next-Gen Firewalls detect malicious traffic and DNS tunneling attacks via Reputation filtering and IPS DNS Tunneling protections. In addition we can empower SOC teams to research IoCs and find look alike domains to protect against cyber threats such as those exploiting DNS in phishing attacks. Check out this demo of Check Point Infinity SOC.