The U.S. National Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) this week published joint guidance on Protective DNS (PDNS).
Designed to translate domain names into IP addresses, the Domain Name System (DNS) is a key component of Internet and network communications.
Protective DNS was designed as a security service that leverages the DNS protocol and infrastructure for the analysis of DNS queries and mitigation of possible threats.
Attacks involving domain names may take various forms, including typosquatting, links in phishing emails, connecting compromised devices to remote command and control servers, and data exfiltration to remote hosts.
“The domain names associated with malicious content are often known or knowable, and preventing their resolution protects individual users and the enterprise,” the NSA and CISA note.
Both the NSA and CISA have previously issued documents related to the mitigation of DNS-related issues, and the new guidance is meant to provide further details on the benefits and risks of protective DNS services.
PDNS, the joint guidance says, relies on a policy-implementing DNS resolver – often called Response Policy Zone (RPZ) functionality – which checks both domain name queries and returned IP addresses to prevent connections to malicious sites.
“PDNS can also protect a user by redirecting the requesting application to a non-malicious site or returning a response that indicates no IP address was found for the domain queried,” the two agencies explain.
To set up PDNS, an organization can simply modify its recursive resolver to rely on the PDNS provider’s DNS server. However, software changes on hosts are required for more complex and secure PDNS deployments, the NSA and CISA say.
Some of the outlined best practices regarding PDNS involve the use of a PDNS system as part of a layered defense-in-depth strategy, blocking unauthorized DNS queries, and taking into consideration hybrid enterprise architectures.
The joint document also provides assessments of several commercial PDNS providers, so that organizations are better informed when making decisions. The assessment is based on publicly available information about enterprise PDNS services, not on formal testing, and is not meant as a purchase recommendation.
Related: NSA Publishes Cybersecurity Year in Review Report
Related: NSA and CISA Alert Highlights Urgency for OT Security
More from Ionut Arghire
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
- iOS Security Update Patches Exploited Vulnerability in Older iPhones
- Hackers Earn Over $1 Million at Pwn2Own Exploit Contest
- GoAnywhere Zero-Day Attack Hits Major Orgs
- Australia Dismantles BEC Group That Laundered $1.7 Million
- GitHub Rotates Publicly Exposed RSA SSH Private Key
Latest News
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Video: How to Build Resilience Against Emerging Cyber Threats
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
