Home / Blogs

Reducing the Risks of BYOD with DNS-Based Security Intelligence; Part 2: Taking Control

  • Jan 29, 2013 12:32 PM PDT
  • Comments: 0
  • Views: 2,512
Print Comment
By Pat Barnes
Pat Barnes

In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. These domains are the domain names of the servers that are in the control of the bot master for purposes of botnet command and control. Bots will perform a DNS query for one or more of these domains in an attempt to connect to these servers in order to receive their instructions. By monitoring queries to these domains, all infected clients, including BYOD, can be identified on the network. Moreover, by subsequently blocking access to the domains, malware responsible for the bot infection is denied the critical instructions it needs to function.

As DNS is the first touch point in any Internet transaction, using it to identify infected customers is both lightweight and cost effective since it only has to deal with relatively small DNS packets. If you have a list of known botnet command and control domains, you can determine which clients (including BYOD clients) are infected on your network by comparing that list to your DNS logs. You can also use this list to configure your DNS server to block any queries to these domains, which denies the bots the instructions they need in order to conduct their malicious activity.

Using this DNS-based technique, Nominum recently reported on the top 5 mobile malware threats which has been published by Network World. These Android infections could be lurking on your network's wi-fi as BYOD. If you want to quickly try out this DNS-based technique for yourself to see what might be lurking on your network, you can try out one of the lists of known botnet C&C domains maintained by The Shadowserver Foundation.

BYOD is a great thing, but it can be scary for those folks responsible for the security of an enterprise. Using DNS-based techniques for security intelligence can stem the risk of BYOD, which is good since revoking BYOD would likely sow the seeds aof revolt.

By Pat Barnes, Product Manager of Security Solutions at Nominum

Related topics: Cyberattack, Cybercrime, DNS, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

Provoking National Boundaries on the Internet? A chilling thought…

  • Jun 18, 2013
  • Comments: 1

Intelligence Exchange in a Free Market Economy

  • Jun 11, 2013
  • Comments: 4

BIND 9 Users Should Upgrade to Most Recent Version to Avoid Remote Exploit

  • Jun 06, 2013
  • Comments: 0

The Rise of Cyrillic Domain Names

  • Jun 03, 2013
  • Comments: 0

Multi-Layer Security Architecture - Importance of DNS Firewalls

  • May 30, 2013
  • Comments: 0
View More

Related News

UNESCO Director-General on Linguistic Diversity on the Internet: Main Challenges Are Technical

  • Jun 07, 2013
  • Comments: 0

US Should Take More Aggressive Counter-Measures On IP Theft, Including Use of Malware

  • May 28, 2013
  • Comments: 0

Arrest Made in Connection to Spamhaus DDoS Case

  • Apr 29, 2013
  • Comments: 0

Massive Spam and Malware Campaign Following Boston Tragedy

  • Apr 17, 2013
  • Comments: 0

China and the United States Agree on Forming Joint Cybersecurity Working Group

  • Apr 15, 2013
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNS SecurityRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

Neustar Launches Global Partner Program

MarkMonitor Named a Top Trusted Website in OTA's 2013 Online Trust Honor Roll

Neustar Chief Technology Officer Appointed to FCC's Technological Advisory Council

Dyn to Host Geek Summer Camp for Internet Infrastructure, Web Performance Industry

  • By Dyn
  • Views: 684

A Look at Traffic Management for External "Cloud" Load Balancing

  • By Dyn
  • Views: 1,590

Dyn Acquires Mobile Dashboard App Trendslide

  • By Dyn
  • Views: 2,501

Dyn Research: Where Do Companies Host Their Websites?

  • By Dyn
  • Views: 1,393

Hope is Not a Strategy: Neustar Releases 2012 Annual DDoS Attack and Impact Survey

Dyn Adds Tech Company Leader Michael Boustridge To Board of Directors

  • By Dyn
  • Views: 1,574

How Neustar Technology Can Help Mitigate DDoS Attacks

CentralNic Powers First New Top-Level Domains Announced by ICANN

DCA Registry Services Participates in ICANN Africa Strategy Meeting, Addis Ababa

Reducing the Risks of BYOD with Nominum's Security Solution

Neustar Launches Enterprise Professional Services Offerings

Dyn Adds Claudia Santoro, Dave Connors and Andrew Sullivan to Technical Team

  • By Dyn
  • Views: 2,462

Dyn Acquires Website Monitoring Startup Verelo

  • By Dyn
  • Views: 2,337

Why Website Downtime Is Amateur Hour

  • By Dyn
  • Views: 2,597

Nominum Releases New Security Intelligence Application

Mitigating DDoS Attacks: A Global Challenge

  • By PIR
  • Views: 3,641

Our New Initiatives To Combat Botnets

  • By PIR
  • Views: 4,273
View More

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Neustar

DNS

Sponsored by
Neustar
View All Topics