What is the best solution or product to protect from all types of DNS Tunneling attacks?

Security & GRCSecurity
2.1k views10 Upvotes5 Comments
Information Security Manager in Finance (non-banking), 1,001 - 5,000 employees
Best solution: do not let your internal systems query the Internet directly (i.e. do not forward external DNS queries  to the Internet) and only allow internal systems to contact Internet systems via a proxy system (i.e. defining a explicit HTTP/SOCKS proxy). Endpoint systems that might be remove would then be always on VPN that use the internal resources.

If you do have to let internal systems that query external DNS on the Internet and/or if you have many remote users outside your network you cannot easily control, use a maybe an alternative  use  SASE (such as Zscaler) or if you want to tackle only the DNS problem, consider Infoblox products (e.g. BloxOne Threat Defense, or their DNS firewall). Inflobox will try to block malicious queries in different points based on DNS behaviour + Threat Intelligence information.
Sr Network Administrator in Education, 5,001 - 10,000 employees
Fortigate firewall
4 1 Reply
Jr Systems Engineer in Education, 5,001 - 10,000 employees

Splunk can be utilized to mitigate these kind of attacks.

3
Network and Security Architect team lead in Finance (non-banking), 10,001+ employees
Cisco Umbrella can protect DNS Tunnel attacks with simple configuration.
1
Cyber security analyst in Energy and Utilities, 5,001 - 10,000 employees
We can use different approaches that can be effective in protecting against DNS tunneling attacks. One option is to use a network firewall that has the capability to detect and block DNS tunneling traffic. This can be done by setting up rules that block or limit the amount of DNS traffic that is allowed to pass through the firewall. Additionally, you can use a DNS firewall or a DNS security solution, which is specifically designed to detect and block DNS tunneling traffic.

Network Firewalls:

-Palo Alto Networks Next-Generation Firewall
-Fortinet FortiGate Firewall
-Check Point Next-Generation Firewall
-Cisco Firepower Next-Generation Firewall
-Sophos XG Firewall

There are free ones we can try as well. like pfSense, Untangle, ClearOS, VyOS

DNS Security :

-Infoblox DDI
-EfficientIP SOLIDserver DDI
-Men&Mice DDI
-BlueCat DNS Integrity

Content you might like

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Applications & PlatformsEnd-User Services & CollaborationPeople & Leadership+4 more

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.53%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.12%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


361 PARTICIPANTS
9.7k views9 Upvotes1 Comment

What are the best practices for delivering application load balanced hosting services with effective backup plan at multiple locations?

Applications & PlatformsCloudContact Center & Telecom+13 more
Read More Comments
1.8k views8 Upvotes2 Comments

Generally speaking, are you feeling optimistic about the state of DEI in cyber? Interested in hearing your reasons in the comments.

Security & GRCTalent Sourcing & HiringCulture & Values

Yes – very optimistic!31%

Yes – mildly optimistic.56%

No7%

I’m not sure5%


273 PARTICIPANTS
3.5k views1 Upvote

What information security policy hierarchy has your organization adopted i.e., policy, standards, controls, procedures / secure baseline configuration?

Security & GRC
569 views

What are the possible risks (if any) to business when using AI as an IT assistant?

Artificial Intelligence & Machine Learning (AI/ML)Security & GRCStrategy & Architecture+2 more
IT Manager in Manufacturing, 10,001+ employees
Wide administrative rights can cause remote hacking of IT tools by reaching the IAM or business processes.
1
Read More Comments
3.7k views34 Upvotes4 Comments