
	Home > Windows Tips > > Protecting DNS servers - Part 2

Win IT Tips:

EMAIL THIS

TIPS & NEWSLETTERS TOPICS

Protecting DNS servers - Part 2

James Michael Stewart
07.20.2004
Rating: -4.22- (out of 5)

Digg This!

StumbleUpon

Del.icio.us

In my last tip I discussed providing additional protection to your DNS system for the ultimate purpose of improving security for Active Directory. The first consideration was to require all communications with DNS servers to be encrypted. The next two considerations are to monitor all network traffic and re-evaluate the open ports on your firewall.

By monitoring network traffic you should be able to determine when illegitimate or abnormal traffic patterns or content begin to enter your network. You must make the choice whether to perform real-time detection or rely upon historical reviews to detect attack attempts. Real-time detection will require an automated IDS system or audit scanning system actively looking for attacks. Historical reviews will re-examine log files of audited events or collections of DNS traffic packets. The former solution is preferred but it is often expensive. The latter solution will only provide post-incident detection not preventative or immediate response capabilities.

No matter what monitoring method you

Digg This!

StumbleUpon

Del.icio.us

RELATED RESOURCES

	2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
	Search Bitpipe.com for the latest white papers and business webcasts
	Whatis.com, the online computer dictionary

choose, look for specific DNS focused denial of service attacks, DNS system flooding, DNS poisoning attempts, unusually high amounts of traffic, abnormal amounts of traffic from a single host or to a single host, and abnormal levels of traffic of a single type (i.e. TCP sub-protocol, such as service or application protocols).

If you don't already have firewalls protecting the borders of your network. You have bigger issues to deal with right now than improving DNS security. When dealing with DNS traffic across firewalls, keep in mind that both DNS queries to resolve FQDN into IP addresses and DNS server to DNS server communications (such as zone transfers) both occur over UDP port 53. This port should be blocked, disabled, or turned off unless one of the following are true:

Once you provided protection for DNS traffic, you can then begin securing the DNS data itself. That is the topic of the next tip.

James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

Rate this Tip
To rate tips, you must be a member of SearchWinIT.com. Register now to start rating these tips. Log in if you are already a member.

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Windows Technology Updates, Reviews and Solutions

Laptop Discounts with free coupon codes, huge savings at Notebook Review

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 1999 - 2009, TechTarget \| Read our Privacy Policy