Další formáty:
BibTeX
LaTeX
RIS
@inproceedings{38619,
author = {Špaček, Stanislav and Laštovička, Martin and Horák, Martin and Plesník, Tomáš},
address = {Washington DC},
booktitle = {2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)},
keywords = {Malware; Firewall; DNS Response Policy Zones},
howpublished = {elektronická verze "online"},
language = {eng},
location = {Washington DC},
isbn = {978-1-7281-0618-2},
pages = {551-556},
publisher = {IEEE},
title = {Current Issues of Malicious Domains Blocking},
url = {https://ieeexplore.ieee.org/abstract/document/8717891},
year = {2019}
}
TY - JOUR
ID - 38619
AU - Špaček, Stanislav - Laštovička, Martin - Horák, Martin - Plesník, Tomáš
PY - 2019
TI - Current Issues of Malicious Domains Blocking
PB - IEEE
CY - Washington DC
SN - 9781728106182
KW - Malware
KW - Firewall
KW - DNS Response Policy Zones
UR - https://ieeexplore.ieee.org/abstract/document/8717891
N2 - amp;C servers and phishing websites both use DNS to facilitate connection to or from its victims, while the protocol does not contain any security countermeasures to thwart such behavior. In this paper, we examine capabilities of a DNS firewall that would be able to filter access from the protected network to known malicious domains on the outside network. Considering the needs of Computer Security Incident Response Teams (CSIRTs), we formulated functional requirements that a DNS firewall should fulfill to fit the role of a cybersecurity tool. Starting from these requirements, we developed a DNS firewall based on the DNS Response Policy Zones technology, the only suitable open source technology available yet. However, we encountered several essential limitations in the DNS RPZ technology during the testing period. Still, our testing results show that simple DNS firewall can prevent attacks not detected by other cybersecurity tools. We discuss the limitations and propose possible solutions so that the DNS firewall might be used as a more complex cybersecurity tool in the future. Lessons learned from the deployment show that while the DNS firewall can indeed be used to block access to malicious domains, it cannot yet satisfy all the requirements of cybersecurity teams.
ER -
ŠPAČEK, Stanislav, Martin LAŠTOVIČKA, Martin HORÁK a Tomáš PLESNÍK. Current Issues of Malicious Domains Blocking. Online. In \textit{2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM)}. Washington DC: IEEE, 2019, s.~551-556. ISBN~978-1-7281-0618-2.
|
