DNS Security Management

Book excerpt: An advanced Domain Name System (DNS) security resource that explores the operation of DNS, its vulnerabilities, basic security approaches, and mitigation strategies DNS Security Management offers an overall role-based security approach and discusses the various threats to the Domain Name Systems (DNS). This vital resource is filled with proven strategies for detecting and mitigating these all too frequent threats. The authors—noted experts on the topic—offer an introduction to the role of DNS and explore the operation of DNS. They cover a myriad of DNS vulnerabilities and include preventative strategies that can be implemented. Comprehensive in scope, the text shows how to secure DNS resolution with the Domain Name System Security Extensions (DNSSEC). In addition, the text includes discussions on security applications facility by DNS, such as anti-spam, SPF, DANE and related CERT/SSHFP records. This important resource: Presents security approaches for the various types of DNS deployments by role (e.g., recursive vs. authoritative) Discusses DNS resolvers including host access protections, DHCP configurations and DNS recursive server IPs Examines DNS data collection, data analytics, and detection strategies With cyber attacks ever on the rise worldwide, DNS Security Management offers network engineers a much-needed resource that provides a clear understanding of the threats to networks in order to mitigate the risks and assess the strategies to defend against threats.