When most people use the Internet, they use domain names to specify the website that they want to visit, for instance checkpoint.com. These domain names are user-friendly addresses which are mapped by the Domain Name System (DNS) to Internet Protocol (IP) addresses that computers and other network infrastructure components use to identify different devices connected to the Internet. In sum, the Domain Name System is the protocol that makes the Internet usable by allowing the use of domain names.
DNS is widely trusted by organizations, and DNS traffic is typically allowed to pass freely through network firewalls. However, it is commonly attacked and abused by cybercriminals. As a result, the security of DNS is a critical component of network security.
Some threats include attacks against the DNS infrastructure:
DNS can also be abused and used in cyberattacks. Examples of the abuse of DNS include:
DNS is an old protocol, and it was built without any integrated security. Several solutions have been developed to help secure DNS, including:
Monitoring your DNS traffic can be a rich source of data to your Security Operations Center (SOC) teams as they monitor and analyze your company’s security posture. In addition to monitoring firewalls for DNS Indicators of Compromise (IoC), SOC teams can also be on the lookout for lookalike domains.
Check Point Quantum Next Generation Firewalls detect malicious traffic and DNS tunneling attacks via ThreatCloud, its global threat intelligence system. ThreatCloud analyzes DNS requests and sends a verdict back to firewalls – to drop or allow the DNS request in real time. This prevents data theft via DNS tunneling and Command and Control communications between an internal infected host and an external C2 server.
We encourage you to ask for a demo of new DNS Security capabilities in Quantum release R81.20 and learn more about the threat analytics and threat hunting capabilities of Check Point Horizon SOC.