Today’s hackers are all about money, they constantly change the face of their exploits to maximize their returns. These agile attacks require agile defenses. Moving security protections into the network is essential to enabling more reliable updates of threat information; aggregation also provides significant scaling and manageability benefits. DNS-based security protections improve agility because DNS queries are a leading indicator of security exposure; from a strategic vantage point the DNS participates in web transactions that provide visibility into the presence of security threats.
Network operators and IT departments constantly reassess their security exposure and evaluate the best methods for protecting their networks and end users. New security solutions are always emerging to help them and one that’s starting to receive a lot of attention is the DNS. That’s raising an obvious question: “how in the world does the DNS become a security platform?”.
Everyone agrees protecting Internet users from malware and social engineering exploits like phishing is a valuable thing to do. At minimum these attacks are a nuisance because they degrade the Internet experience, worst case they can be costly and dangerous. But protecting networks and end users is becoming more difficult because attackers are making their exploits more dynamic and thus harder to detect. This is stressing some solutions, like client software, that have been a primary means of protecting end systems.
Just as it’s important for service providers and enterprises to maximize the performance and availability of their caching DNS servers, it’s important for brand owners and IT departments to ensure the robustness of their Authoritative DNS. Some of the issues are similar, but ensuring security of Authoritative data also has to be considered.
An earlier post talked about how important it is to maximize the responsiveness and availability of caching DNS in order to maintain a good user experience. It focused on the benefits of using Anycast. There are several other things worth considering for caching DNS as covered below:
For network operators, recursive (caching) DNS is a critical service. Without good, fast DNS service, the Internet service appears slow and unresponsive. Caching DNS systems must also be capable of absorbing “spikes” in traffic which can occur for a multitude of reasons – peak loads, Internet events, DoS etc.
Service providers everywhere are executing on IPv6 transition strategies, some with more urgency than others. Numerous approaches to enable the transition are being implemented, with a goal of maximizing the utility of IPv4 addresses while ensuring 100% connectivity to the small but rapidly growing base of IPv6 addressed hosts. Regardless of technologies being deployed it’s important not to overlook the DNS since new stresses will be placed on it during the transition. Since every service provider has allocated budget for IPv6 readiness, now’s a great time to ensure the DNS is really “ready”. A couple of simple steps will ensure customers continue to enjoy fast response times and high service levels.
Countries around the world are seeking to spur broadband development, recognizing direct benefits in the form of economic growth, national competitiveness and improvements in social and cultural development. Several studies highlight the potential economic impact of broadband. The World Bank found every 10 percentage point increase in broadband penetration accelerates economic growth by 1.38 percentage points in low- and middle-income countries. A McKinsey & Company study yielded similar results, showing a 10 percent increase in broadband household penetration delivers a GDP boost ranging from 0.1 percent to 1.4 percent. Booz & Company found 10 percent higher broadband penetration in a specific year is correlated to 1.5 percent greater labor productivity growth over the following five years.