• No results found

Enhancing DNS Security using Dynamic Firewalling with Network Agents

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Enhancing DNS Security using Dynamic Firewalling with Network Agents"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Dynamic Firewalling with Network Agents

Joao Afonso

Foundation for National Scientific Computing Lisbon, Portugal e-mail: [email protected]

Pedro Veiga

Department of Informatics University of Lisbon Lisbon, Portugal e-mail: [email protected]

Abstract—In this paper we propose a solution to strengthen the

security of Domain Name System (DNS) servers associated with one or more Top Level Domains (TLD). In this way we tend to be able to reduce the security risk when using major in-ternet services, based on DNS. The proposed solution has been developed and tested at FCCN, the TLD manager for the .PT domain. Through the implementation of network sensors that monitor the network in real-time, we are capable to dynamical-ly prevent, detect or limit the scope of attempted intrusions or other types of occurrences to the DNS service. The platform re-lies heavily on cross-correlation allowing data from a particu-lar sensor to be shared with the others. Administration tasks such as setting up alarms or performing statistical analysis are made through a web-based interface.

Index Terms—DNS; risk; security; intrusion detection system;

real-time;monitoring.

I. INTRODUCTION

BSERVING internet usage and world population statis-tics [1] updated on March 2011, there are 30.2% inter-net users – of the estimated world population of 6.8 billion. If we take a closer look to Europe this value increase to 58.3 % (with a growth rate of 353.1% between 2000 and 2011) and in North America, there are 78.3 % of internet users (growth rate of 151.7% at same period), as shown in Fig. 1.

O

Figure1. Internet penetration (% population)

The DNS service is required to access e-mail, browse Web sites, and is needed for normal operation in all major services in the Internet (most of them use critical informa-tion, like e-banking).

Taking care of the huge number of internet users, and the risk associated with the fact that all major applications re-quires the DNS service, there is a security risk needed to be reduced.

DNS servers assume a pivotal role in the regular running of IP networks today and any disruption to their normal op-eration can have a dramatic impact on the service they pro-vide and on the global Internet.

Although based on a small set of basic rules, stored in files, and distributed hierarchically, the DNS service has evolved into a very complex system [2].

According to other recent studies [3], there are nearly 11.7 million public DNS servers available on the Internet.

It is estimated that 52% of them allow arbitrary queries (thus allowing the risks of denial of service attacks or “poi-soning” of the cache).

They are still nearly 33% of the cases where the authori-tative nameservers of an area are on the same network, which facilitates the attacks of Denial of Service (DOS).

Furthermore, the type of attacks targeting the DNS are becoming more sophisticated, making them more difficult to detect and control on time.

Examples are the attacks by Fast Flux (ability to quickly move the DNS information about the domain to delay or evade detection) and its recent evolution to Double Flux [4].

A central aspect of a security system is the ability to col-lect statistically useful information about network traffic. This information can be used to monitor the effectiveness of the protective actions, to detect trends in the collected data that might suggest a new type of attack or simply to record important parameters to help improve the performance of the service.

The fact that the DNS is based on an autonomous data-base, distributed by hierarchy, means that whatever solution we use to monitor, it must respect this topology. In this paper we propose a distributed system using a network of sensors, which operate in conjunction with the DNS servers of one or more TLDs, monitoring in real-time the data that passes through them.

(2)

'/ D DC& C E E E CD & D D EA D D C/ "F E D DC & E& C C D A

& 7D ECD A E B CD &D C/ C/ E E C/ ED D C/ E D % E C& CC 7 E BDE C B C C/ E "F C

'/ A DE * ACD */ CED ED EA E B& D & E C B & C/ C* E7 E D

A B C C C/ & C C D C E CC 7D & C B E CAE D C C/ D DCD DCA CD */ C/ E C D C E BD E C CE D CC E / B C ?D C A E C AC A A CD D C/ C E D E * C 7 C D D DC C/ B C CD CD% B DCD% '/ E D D C/ E D CEA CAE B * CD 0 E %DB 7 E A B D E CD E EBD E C B * E7 CD 2 D CE BA & C ( =ADE C # CD B * B ED C/ E B ACD CD 9 E C CAB& E % DB CD C/ E # CD 5 C/ E A C C/ E B D C/ CAB& E &C B D &

CD < E C A D B BDE CD E AEC/ E * E7 ## (8 '8">)(D ) C/ DE C CABD C/ C *DC B D C/D E / C/ AC/ E /D EA C E B D E *DC/ C CDC B = B B +9- '/ DE D CD A BD D B % E D C/ CE BDCD F#F" +5- * E7D C C/ E *DC/ CEA CAE B GA E& A : G ; % E D D DB ( CD B C

C & C :("F. ; E "F D C C/D ACD D CE E C B C/ E D BD E E D F#F"

HBE E C B & C E AEDC& . DC ED "F CE D +<- A D C* E7 E *DC/ AC D C E ED *DC/ C/ "F E% E C DC E B '/D D CE E C

ACD C/ C B C E D C/ /D / % D D DC& B B E C/ "F E%D

!D?D E B "F CE D CAE ACD DC& B "F +6- '/D C D C E BA D E& B C A D E C DC/ E C B EB AC AC E D A D% BA D '/ D CD D D D E C C BA +I- 4 B D C E DC ED C* E7 CE D B / D E E D B 7 C E DCD C D E B E "F CE CD B E C CD *D E D C C C/ A "F */ C BA & / * D A E& C/ E C % D D " "F C CD CD C E +,1- " D D CD E CD B &CD C CD CD E A & "F E% E . E CAE D AB C/ D DC& C E A EDC B E / D DB "F =A ED B C D B C D C E B D G B C '/D C * E7 D DB "F E% E E D C/ E E% E C/ C J CAE J D BDE CD CE D E "F B DED C E B AC C B D DB C E & C A D F#F" =A E& +,,- '/D ECD A E & C

DB C/ C CD CD & D E %DB D E CD E EBD C/ 7D B A C CD E C B D E CD D % D C/E A / C/ > B EC 8 / AEDC& D DB C E A C D EC B CD% CD ### .8'K)") )EL AA ' C E BA C/ D DB C ED 7 D "F E CD C/ E /DC CAE C/ & C C/ C * / % B % D C D E % C/ AEDC& E E B D D & C/ "F E C E %D A * C B CE D B E D E C/ E D D ' % " D > E E /DC CAE ED D D C E C B E C CD A CD "F E% E * E7D C C/ E *DC/ % E C* E7 E C/ C & D% EA C B BD C B DE * CD CE D / D C E E A & C B D C/ C* E7 DC E C/ CE D D C C/ "F D E CEA CAE DB CD & C CD & / E A CE D A D EDC/ C/ C * / % B % B B C C B B A C/D D E CD C D C CE D C/ C / DB CD D B / AEDC& C/E C

% E C* E7 E DC E BD E C EC C/ D E CEA CAE B ? / D E CD E C B C AEDC&

CC 7 # C/D * & / * D D 0 DC / A B D C ? / EDCD AEDC& D E CD C* C/ E # BBDCD C D E D E E C/D E CD / A B E % C CC 7 E% E E AE DB CD D B & C/ E E D D A '/D ED D E % C D 7D B CC 7 E BDE C B C % E C C/ "F D E CEA CAE D AE 0 "D E C/ B DE B ACD B C D AA ) C/ EA D EC AE * E7 D C/ EDC/ C DB CD & CE D / E A C C/ "F # EB E C D C C/ C C B /& C/ D D C/ E /DC CAE B 7 C/ "F E C D D C D DC D E& C & / AED CD */D / D E CD % A C C/ D E CD C B E BD E C AE B D % D C * D /C C / C B C EBD & '/ C C/ C * / % / C / % D C D C/ AEDC& D DB C "F E C/ A E

AEE & D C& =A ED B C/ A C CD C* AEE C/ A E E C B B D E CD E EC B E D CEA D B C CD & C )AE & C A C/ *D E A C % A C E C E C/ C AE C/ D7 D/ B C/ AEE AEDC& D DB C 01 1 09 1 ,9 1 0 1 0 1 ; : = ⋅ + ⋅ + ⋅ +F⋅ +E

(3)

E C E DB E B D &D C/D E A A • ) AEE :); ( E C C/ A E CD :D C ; C/ C / % D% D D A AE * 7 B C/ C C/ BD CED AC B C/ B D C B D ' # ' F 8 # 4 )F'(#F$'#)F ) 'K8F$.F8( ) ) $((8F 8 ) )$( 8 #F. # #)$ K8$(# '# DA A , 093 0 913 2 <93 B E E ,113 A • & D : ; ( CD % A CD C/ B %D CD C/ % A E EB B D E CD C C/ % E E% B C CD CD B C/ EDC ED B * D /C DB CD D B * D ' ## ' F 8 ## 4 )F'(#F$'#)F ) 8!8F' 'L # #8" )'8F'# L . # #)$ )$( 8E#!8F #FK8$(# '# A A 8 CDE C CE E CC C : M (; ,113 ECD CE E C CC C :#M (; 913 # EE C =A E& % A 91 C <93 % E E AE <93 # EE C =A E& % A ? BD <93 ,113 GA E& % A A 913 C/ % E A E & ED D 913 A F C C/ C C/ CD C & C/ %D % E E C/ B C E D CD E E % A D% C/ D B % C B C C B • 'D C* AEE :E; CD D C AEE D% AE BD CED AC B *DC/ C/ * D /C D C B C C/ CD * D D C ' F 8 ### 4 >8#EK' ) "# 8(8F''#.8F8'>88F 8 K) $((8F 8 A A C/ , .D AC ,113 C/ , K AE <93 C/ , " & 913 C/ , > 7 093 A • # DB :F; FA E E C/ C E EC 7 D C/ BBE AE E C/ A CD * E% B ? E D A D D D D !N O N O , − A # C/ % ? E D C/ C E " !# D D E E C C/ A E E EA D C C/ E D C/ D E CEA CAE B C ? / D E CD C/ % '/ C/ E C E O E N CC 7 B C B E C/ A E E C/ C E AEE C E ECD AEDC& D DB C • # CEA D " C CD & C :#; > DB E B C/ A C/ EC C E D E C A B C/ E E A E C EDC B D CAE AEDC& D DB C E CD C C/ "F E%D ' F 8 #! 4 #F'8( )FF8 '#)F >#'K'8. )( " ' E 'K8(8" (). #F'($ #)F"8'8 '#)F L '8. $ %AA A& ! ' ! (A A (D A) & *A A * % 2B3 .DBB % 5<3 KD / % ,113 E C/ CD% CD EA D DE * AE *D E =ADE , '/ E A / * % C 7 % A =A C E E C E C/ 1 09P 0 '/ D CD C* E E EDC ED C/ E A 8? CD */ E D%D D E CD E C/ C/ E E D */D / D EDC ED D A D D CP 2 #C E C B C/ ?D CD */DC D C D C/ E DC E& *D DB E B ED%D B AE C/ C E C 7 B # C/D * & * % DB E D D C/ # C E C E%D DB ED C/ 7 & E & B & "F C/ >/DC D C E C C 7 & BBE E D 7 B D DCD% % C '/D D C D E C B E E EB CEA C B AE *D BBE D C B / E C E C C B E D BB B C C/ DE * EA ) ? D C/ D C D C E BBE B C/ "F E% E # # C B E C/ E % EA D C/ DE * *D B C AE D A C A & C/ *D A CD , 8? B B C/ =A E CD ED B B C/ E C E D A P 0 '/ ? E D CD% CD :/ AED CD ; B C : CD ; / 7 C/ E E B AE

(4)

#! () ) 8" ) $'#)F + A / * D D 2 C/D ACD D B C* E7 E D C/ C &C CE D *D D C C/ "F E% E D C/ E % DB E D % DB =A ED E C/ D E CD E D% B E C/ E E B D A E CED CD E D D C* E7 BBE # E / %D E D B C C B E C/ E D A D D A / %D E E EC D C* E7 BBE DC *D 7 B D C/ DE * B C/ C/ E E CD D B C/ & C EBD & '/ & C

A C C/ E CD E / E CD C % A C C/ E E C/ E% E D AE 2 F 7 "D E E B ACD E / EA D EC B D C/ E DE * C/ E *D ED B =A E CD B C C/ B C/D CD C/ E *D % A C C/ / %D E C/ C AE C % A C C/ B B C E % C/ EA / * D D B D AE B GA E CD E BAE % E C/ DE * B F , A A ! ,A EBD C AE B D B C C/ C * C/E A / C/ E / BD E C/ "F E% E D CE C B EBD C C B EB C DE * EA * B & D D EA E EBD C C/ BBE C/ C E D 7 B D E CD '/ =A ED E C/ B D% E B C C/ E E C &C B B C E B D C/ ("F. C C/ C D C/ & C E B C/ > EC : D 9; D AE 9 F C* E7 B C * D E CD C B D C E B D B C D C B D .& G +,0- ' 7D D C DB E CD C/ B C CD DC C/ E E C/ =A ED B C E BA C/ % A D E CD C E B C/ B C D BD%DB B D C A E BD E C C '/ % E D C/ # BBE AE B B CD CD :"F E% E; D C D C E E C / * B E A / E D D C B C C E B D D D C D E % C D C/ % E E E C/ ACD

(5)

'/ D E CD E EBD =A ED B D C E B B D & D C B 7 C % D BAED C/ ?C 21 B &

'* C C D D C/ C EA C/ C E B& D & D B 4 BB E E % B B DCA CD C/ C / % CED E B CE C/ EE C E CD C/ DE * E ABDCD AE % E& CD D E D C E B '/ D E CD E =ADE B E ABDCD B C CD CD C 7 % E ? DE D !A !(D DA A- A ! A '/ C CD CD D E CD C B B C E B D C/ B C / D D D C A C B C D #C D D E ? C A C E / E C/ % ACD =A ED E A DC CD :/ AE B & C ; B & E CC B E =A C "F =A ED E E C& B B C E D C/ AE C/ C E BA C/ E E A E A C CD #C D D C C/ C B EB B %D CD D% AE * E C DC C C/ C D *DC/ C/ C/ E /DC +,9-'/ E E C/ "F E C E D E C & AE B E EBD C/ E CD E E =A C " C D C C & E D C E B B E D E D B D E E CD E ? B B ! 8 '$"L )AE E / % A B E B % C D C E 0115 C F 4 */ / C/ E D D DC& C E D C E B D C D C/ B D A B E C/ ' ' " C E C CD C/ E E C* E EA D CC / B C C/ "F E% E : C C/ ED E& "F B C/ E * E7D C C/ E *DC/ B E& "F E% E; '/ C* E7 &C E D C / E7 +,5- B C/ DE * A B D # D C E +,2- '/ E CD E E * E E B D % CD C/ D E CD E D% B E C/ C / E7 '/ > E% E D EA D / *DC/ K ( EBD C/ M E% E +,B- * / C/ D% E C E BA E D C E C B C C/ E '/ CDE E ACD B ED B % * C/ * C E * B % B * C D C/ , C A E& 011< B C/ B C E C/ % ED A C * C B E C/ ,1C/ . & 0116 CD * : D 5; D AE 5 > EC # BBDCD C C/ A A E CD DC ED B CD C CD CD E CD C C/ E CD "F E%D / * % C/ ACD E B / E D & B C C D D DCA CD D% C/ C C/ C DC D A & D AE ) C/ D CD * C/ % C F EC/ C CD 'E C& )E DC CD :F '); A C D 01,1 C C/ ED B ,9 C 0, F % E 01,1 ' E BA AEDC& ED 7 D C/ E C/ # C E C D % % B D % C A E E DB E B C %A E * E C B B B B D & DC ED % E C/ '/ & * E D D B D C AE C ED * E C 7D % E C B D BA CE& '/ B C C B & / E E C B CC E A C CD E / C/ C ED B B C C E DCA CD AEE B */ B %D CD / E CC E : D <; E D C CD D CD * E E E B A D F. CE D AE < . DC ED "F E%D C F ') % CQ D 01,1 !# (8 $ ' > E C / E C/ E A C C/ C ,0 C/ B C CD : C* , C . & 011I B 2, C . & 01,1; '/ % E A E E =A C C C/ ED E& "F E% E D A C ,I <5I IB5 E B & :006 E ; A D C E EB

C <C/ A A C 01,, '/ E E C/ B C & D E E D % ,0B1 E =A C E B E : D C E B % DB C B B D EC B D C/ B C ; $ D C/ B C C B & C/ E BAED C/D CD ED B * * E C C A A C CD CD D E CD

•" D & C CD CD & C& "F E C E D C E BP

• FA E # C E CD DC B B D :#"F; =A ED P

• FA E B D & =A ED C # !5 "F C& : D 6;

(6)

D AE 6 C CD CD & D & # !5 E EB B : ; • " C C ? E A :C/ C E C AEDC& D DB C ; E ? * * E C B C C C/ C D% # * A D C/ ED E& ' "F E% E CD E % E '/ A E =A ED B * ? D% */ E B *DC/ C/ % E % A E AE E /D % A C # C E C E%D E %DB E C/ C E C A B E C/ ' B D

• " C C DCA CD A D ABD B D E%D CC 7 *DC/ C/ ? ACD D% =A ED # C ,0 C/ & D C/ E E ,< ") CC 7 CED E B

'/ & * E D C C & 7 B B BBE B D =A E CD :' !; ' F 8 ! 8M . 8 >K8F 'K8 8F )("8'8 '8" #'$ '#)F 'K ' (8G$#(8" 'K8 #(8> ($ 8 ') K FE8 AA DDA + A.A A - A D A ?? ?? 011 B9 01,, 16 19 10 ,9 BB BB EA ?? ?? BB 52 ?? ?? ,< ,00 01,, 16 19 12 09 ,0 ( % EA ?? ?? BB 52 ?? ?? ,0I 9, 01,, 16 19 1B B< ,B BB EA ?? ?? BB 50 ?? ?? ,B 02I 01,, 16 19 19 0< 0I BB EA ?? ?? BB 50 ?? ?? ,B ,2, 01,, 16 19 16 29 26 ( % EA ?? ?? BB 52 !## )F $ #)F F" $'$(8>)(D '/D ECD / E C B % E / C E BA C/ AEDC& ED 7 C/ D C E C D CD C/ C A "F E%D )AE ACD AD B A C/ ?D CD ACD C/ C

C C CD CD D E CD E EBD "F E%D & BBD C/ D DC& C B C C B CE AEDC& D DB C D E CD #C BB C/ B% C E CD D BD CED AC B * & *D C/ ? / D E CD

C* E CD E B C/ E D E C DC * AEDC& % E DC D C/E C B

AEE C & C/ ACD E C B B C * C/ E D BBE D C/ # %5 E C '/ C / D C C/ C B C C/D DCA CD E D 7 B C C/ B C CD DC C/ E E C/ B C E EB E D CD 7D DC D C C E C/ B C E A C CD ) D CD E % C/D D A D C / C/ B C D C C/ E ACD E D C E D F % EC/ =A ED B C # %5 BBE E C D B D C/D ACD : C& ; > E * E7D ?C BD C/ B C EE CD D DCD C/ & C & BBD D E CD C B E C/ E AE :D CEA D B C CD & C E D C ; > CD D C C/ C C/D A B % A E / C E BA DB E & C/ A E DCD% B CD% +,<-(8 8(8F 8 +,- # C E C $ B > E B A CD C CD CD * DC + /CC QQ*** D C E C* E B C C Q C C /C - C B < A A C 01,, +0- !D?D @"F ?DC&A . GA A % 9 2 ED 011< +2- " > J ( C "F AE% &J "F ) ( F % E 011< +B- " % D DC @ D 7 E A E& B ( %D *A # FF . & 01,1 +9- G "F * DC +/CC QQ/ CD D C 6161QR C0,1990Q = B /C - C B < A A C 01,, +5- F#F" * DC +/CC QQ*** D E Q E BA C QF#F"- C B < A A C 01,,

+<- F HBE @ AEDC& . DC ED "F CE D A . & 0115

+6- A !D?D " > A"F 4 "F CE D CAE ACD DC&A #" > E7 / A & 011<

+I- "A > J>/ C F * *DC/ " J "F ) ( F % E 011< +,1- *E F E7 & F CD E C E& ' BA * DC /CC QQ*** C BA E +,,- / DED C J AC C B # DB C ( & C $ D F#F" GA E& J A 0115 +,0- .& G * DC 4 :) AE " C ; +/CC QQ*** & = - C B < A A C 01,, +,2- # # '8( 4 ' Q# DE * QF ' C* E +/CC QQ A BA AQR % - C B < A A C 01,, +,B- D C BE 8B 8?C D . D B E E C :M. ; E ( 2I01 011B +,9- S 8B A B . C DE J" % C # C E C B ACD E # CEA D " C CD . B F B " C EE CD J D E C/ #888 # F T15 # C E CD E F C* E7D B E%D # F T15 D D ! & $ A & 0115 +,5- ' / E7 * DC 4 '/ >DE / E7 F C* E7 &C E +/CC QQ*** *DE / E7 E - C B < A A C 01,, +,<- S BE ! D @ E C CD C/ "F # E CEA CAE ' % " D ( 'D DC ED *DC/ F C* E7 E A > F 0116 BC/#888 4 # C E CD > E7 / >DE B E F C* E7 AEDC& C C $ 0I C E 4 0 ) C E 0116

References

Download now ( PDF - 6 Page - 512.28 KB )

Related documents

Problems of Coordination in Local Administration in Bangladesh

Discussions on why inter-departmental coordination matters when multiple departments are involved in policy implementation and how and to what extent formal division

Answers to questions that many parents ask about how the CAH program works. Helpful advice from other parents who have children in the CAH programs

Plan of Care the report that shows all of the services needed by the child, how often the services are to be provided, the names of service agencies and/or providers, the costs

FHA Guidelines. TABLE OF CONTENTS Summary of Guidelines. 1. Table of Contents Product Age Of Documentation...

• Underwriter to verify and document liquid assets minus the total funds the borrower is required to pay at closing. • Reserves do not include: a)the amount of cash taken at

Minutes of the Regular Meeting of Community Unit District Number Five Sangamon County, Illinois November 28, 2011

President Neuses asked that the board approve the Closed Session Minutes from September 26; October 17 and 26; November 7, 9, 10, 14, and 16.. Upon said motion being seconded

Chicago Lakeside Development Redevelopment Project Area

***As of the last date of the reporting fiscal year, the construction of this Project was ongoing; the Private Investment Undertaken and Ratio figures for this Project will

A/C-D/C Battery Backup Sump Pump System

Positioning the float switch 9 Connecting the pump 10 Installing the battery fluid sensor 10 Connecting the battery 10 Connecting two batteries 10 Connecting to AC power 10

Trainer's Teaching Guide for Mentors

• Explain how to use Google search engine and address bar to get to their email provider • Explain the advantages of using an email program and accessibility to their email account •

Journal of Applied Pharmaceutical Science

Standardization of herbal raw drugs include passport data of raw plant drugs, botanical authentification, microscopic &amp; molecular examination, identification of