In addition, Network Address Translation (NAT), firewalls, load balancers, and other devices in the network (potentially) may de-randomize UDP source ports, thus rendering this protection less effective. For these reasons, it is essential that other defenses are available and enabled.
Additional Defenses with Routers, Firewalls and IPS
In the first step of the Kaminsky attack, fake questions are sent to a caching server. To succeed at sending fake questions, an attacker needs to spoof an address on the enterprise network. Firewalls and routers can be configured to provide excellent protection against external users spoofing an internal IP address. Keep the following in mind:
IPS is another important part of the security equation and provides an additional layer of defense. IPS looks at application data flows and detects threats based on algorithms that detect anomalous behaviors and send alerts.
Properly implementing a defense-in-depth approach that includes a combination of firewalls, IPS and intelligent DNS servers with layers of defense will provide total protection against DNS cache poisoning.
Sandy Wilbourn is the vice president of engineering at Nominum and also the co-founder and former security blogger at Determina.
Page: 1 2
More than 10,000 London black cab drivers sue Uber claiming company acted illegally to obtain…
Liverpool's Alder Hey children's hospital turns away electric car from car park due to 'fire…
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant