What is the best solution or product to protect from all types of DNS Tunneling attacks?
Sort by:
Cisco Umbrella can protect DNS Tunnel attacks with simple configuration.
Fortigate firewall
Splunk can be utilized to mitigate these kind of attacks.
Best solution: do not let your internal systems query the Internet directly (i.e. do not forward external DNS queries to the Internet) and only allow internal systems to contact Internet systems via a proxy system (i.e. defining a explicit HTTP/SOCKS proxy). Endpoint systems that might be remove would then be always on VPN that use the internal resources.
If you do have to let internal systems that query external DNS on the Internet and/or if you have many remote users outside your network you cannot easily control, use a maybe an alternative use SASE (such as Zscaler) or if you want to tackle only the DNS problem, consider Infoblox products (e.g. BloxOne Threat Defense, or their DNS firewall). Inflobox will try to block malicious queries in different points based on DNS behaviour + Threat Intelligence information.
We can use different approaches that can be effective in protecting against DNS tunneling attacks. One option is to use a network firewall that has the capability to detect and block DNS tunneling traffic. This can be done by setting up rules that block or limit the amount of DNS traffic that is allowed to pass through the firewall. Additionally, you can use a DNS firewall or a DNS security solution, which is specifically designed to detect and block DNS tunneling traffic.
Network Firewalls:
-Palo Alto Networks Next-Generation Firewall
-Fortinet FortiGate Firewall
-Check Point Next-Generation Firewall
-Cisco Firepower Next-Generation Firewall
-Sophos XG Firewall
There are free ones we can try as well. like pfSense, Untangle, ClearOS, VyOS
DNS Security :
-Infoblox DDI
-EfficientIP SOLIDserver DDI
-Men&Mice DDI
-BlueCat DNS Integrity