What is the best solution or product to protect from all types of DNS Tunneling attacks?

2.6k viewscircle icon5 Upvotescircle icon5 Comments
Sort by:
Cyber security analyst in Energy and Utilities3 years ago

We can use different approaches that can be effective in protecting against DNS tunneling attacks. One option is to use a network firewall that has the capability to detect and block DNS tunneling traffic. This can be done by setting up rules that block or limit the amount of DNS traffic that is allowed to pass through the firewall. Additionally, you can use a DNS firewall or a DNS security solution, which is specifically designed to detect and block DNS tunneling traffic.

Network Firewalls:

-Palo Alto Networks Next-Generation Firewall
-Fortinet FortiGate Firewall
-Check Point Next-Generation Firewall
-Cisco Firepower Next-Generation Firewall
-Sophos XG Firewall

There are free ones we can try as well. like pfSense, Untangle, ClearOS, VyOS

DNS Security :

-Infoblox DDI
-EfficientIP SOLIDserver DDI
-Men&Mice DDI
-BlueCat DNS Integrity

Network and Security Architect team lead in Finance (non-banking)3 years ago

Cisco Umbrella can protect DNS Tunnel attacks with simple configuration.

Lightbulb on1
Sr Network Administrator in Education3 years ago

Fortigate firewall

Lightbulb on2 circle icon1 Reply
no title3 years ago

Splunk can be utilized to mitigate these kind of attacks.

Lightbulb on2
Information Security Manager in Finance (non-banking)3 years ago

Best solution: do not let your internal systems query the Internet directly (i.e. do not forward external DNS queries  to the Internet) and only allow internal systems to contact Internet systems via a proxy system (i.e. defining a explicit HTTP/SOCKS proxy). Endpoint systems that might be remove would then be always on VPN that use the internal resources.

If you do have to let internal systems that query external DNS on the Internet and/or if you have many remote users outside your network you cannot easily control, use a maybe an alternative  use  SASE (such as Zscaler) or if you want to tackle only the DNS problem, consider Infoblox products (e.g. BloxOne Threat Defense, or their DNS firewall). Inflobox will try to block malicious queries in different points based on DNS behaviour + Threat Intelligence information.

Content you might like

Fortinet22%

Palo Alto Networks57%

Check Point16%

Sonic Wall4%

View Results

Yes, I can work just as effectively without AI.27%

Yes, but it would take significantly more time and effort.60%

No, AI has become essential to my productivity.13%

Not sure, I haven't considered it.

View Results