In addition, Network Address Translation (NAT), firewalls, load balancers, and other devices in the network (potentially) may de-randomize UDP source ports, thus rendering this protection less effective. For these reasons, it is essential that other defenses are available and enabled.
Additional Defenses with Routers, Firewalls and IPS
In the first step of the Kaminsky attack, fake questions are sent to a caching server. To succeed at sending fake questions, an attacker needs to spoof an address on the enterprise network. Firewalls and routers can be configured to provide excellent protection against external users spoofing an internal IP address. Keep the following in mind:
IPS is another important part of the security equation and provides an additional layer of defense. IPS looks at application data flows and detects threats based on algorithms that detect anomalous behaviors and send alerts.
Properly implementing a defense-in-depth approach that includes a combination of firewalls, IPS and intelligent DNS servers with layers of defense will provide total protection against DNS cache poisoning.
Sandy Wilbourn is the vice president of engineering at Nominum and also the co-founder and former security blogger at Determina.
Page: 1 2
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…