Home / Blogs

Reducing the Risks of BYOD with DNS-Based Security Intelligence; Part 2: Taking Control

Pat Barnes

In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. These domains are the domain names of the servers that are in the control of the bot master for purposes of botnet command and control. Bots will perform a DNS query for one or more of these domains in an attempt to connect to these servers in order to receive their instructions. By monitoring queries to these domains, all infected clients, including BYOD, can be identified on the network. Moreover, by subsequently blocking access to the domains, malware responsible for the bot infection is denied the critical instructions it needs to function.

As DNS is the first touch point in any Internet transaction, using it to identify infected customers is both lightweight and cost effective since it only has to deal with relatively small DNS packets. If you have a list of known botnet command and control domains, you can determine which clients (including BYOD clients) are infected on your network by comparing that list to your DNS logs. You can also use this list to configure your DNS server to block any queries to these domains, which denies the bots the instructions they need in order to conduct their malicious activity.

Using this DNS-based technique, Nominum recently reported on the top 5 mobile malware threats which has been published by Network World. These Android infections could be lurking on your network's wi-fi as BYOD. If you want to quickly try out this DNS-based technique for yourself to see what might be lurking on your network, you can try out one of the lists of known botnet C&C domains maintained by The Shadowserver Foundation.

BYOD is a great thing, but it can be scary for those folks responsible for the security of an enterprise. Using DNS-based techniques for security intelligence can stem the risk of BYOD, which is good since revoking BYOD would likely sow the seeds aof revolt.

By Pat Barnes, Product Manager of Security Solutions at Nominum

Related topics: Cyberattack, Cybercrime, Cybersecurity, DNS, Malware

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign
Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll