Další formáty:
BibTeX
LaTeX
RIS
@inproceedings{38619, author = {Špaček, Stanislav and Laštovička, Martin and Horák, Martin and Plesník, Tomáš}, address = {Washington DC}, booktitle = {2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)}, keywords = {Malware; Firewall; DNS Response Policy Zones}, howpublished = {elektronická verze "online"}, language = {eng}, location = {Washington DC}, isbn = {978-1-7281-0618-2}, pages = {551-556}, publisher = {IEEE}, title = {Current Issues of Malicious Domains Blocking}, url = {https://ieeexplore.ieee.org/abstract/document/8717891}, year = {2019} }
TY - JOUR ID - 38619 AU - Špaček, Stanislav - Laštovička, Martin - Horák, Martin - Plesník, Tomáš PY - 2019 TI - Current Issues of Malicious Domains Blocking PB - IEEE CY - Washington DC SN - 9781728106182 KW - Malware KW - Firewall KW - DNS Response Policy Zones UR - https://ieeexplore.ieee.org/abstract/document/8717891 N2 - amp;C servers and phishing websites both use DNS to facilitate connection to or from its victims, while the protocol does not contain any security countermeasures to thwart such behavior. In this paper, we examine capabilities of a DNS firewall that would be able to filter access from the protected network to known malicious domains on the outside network. Considering the needs of Computer Security Incident Response Teams (CSIRTs), we formulated functional requirements that a DNS firewall should fulfill to fit the role of a cybersecurity tool. Starting from these requirements, we developed a DNS firewall based on the DNS Response Policy Zones technology, the only suitable open source technology available yet. However, we encountered several essential limitations in the DNS RPZ technology during the testing period. Still, our testing results show that simple DNS firewall can prevent attacks not detected by other cybersecurity tools. We discuss the limitations and propose possible solutions so that the DNS firewall might be used as a more complex cybersecurity tool in the future. Lessons learned from the deployment show that while the DNS firewall can indeed be used to block access to malicious domains, it cannot yet satisfy all the requirements of cybersecurity teams. ER -
ŠPAČEK, Stanislav, Martin LAŠTOVIČKA, Martin HORÁK a Tomáš PLESNÍK. Current Issues of Malicious Domains Blocking. Online. In \textit{2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)}. Washington DC: IEEE, 2019, s.~551-556. ISBN~978-1-7281-0618-2.
|