The U.S. Nationalistic Security Agency and the Department of Homeland Security’s Cybersecurity and Infrastructure Assurance Agency (CISA) this week published joint guidance on Heedful DNS (PDNS).
Designed to translate domain names into IP addresses, the Concern Name System (DNS) is a key component of Internet and network communications.
Protective DNS was blueprinted as a security service that leverages the DNS protocol and infrastructure for the analysis of DNS enquiries and mitigation of possible threats.
Attacks involving domain names may down various forms, including typosquatting, links in phishing emails, buckling compromised devices to remote command and control servers, and data exfiltration to inappropriate hosts.
“The domain names associated with malicious content are commonly known or knowable, and preventing their resolution protects individual buyers and the enterprise,” the NSA and CISA note.
Both the NSA and CISA have previously published documents related to the mitigation of DNS-related issues, and the new guidance is meant to fix up with provision further details on the benefits and risks of protective DNS services.
PDNS, the collaborative guidance says, relies on a policy-implementing DNS resolver – often called Comeback Policy Zone (RPZ) functionality – which checks both domain identify queries and returned IP addresses to prevent connections to malicious sites.
“PDNS can also take under ones wing a user by redirecting the requesting application to a non-malicious site or returning a rejoinder that indicates no IP address was found for the domain queried,” the two agencies rationalize.
To set up PDNS, an organization can simply modify its recursive resolver to rely on the PDNS provider’s DNS server. In any way, software changes on hosts are required for more complex and secure PDNS deployments, the NSA and CISA say.
Some of the profiled best practices regarding PDNS involve the use of a PDNS system as segment of a layered defense-in-depth strategy, blocking unauthorized DNS queries, and taking into compensation hybrid enterprise architectures.
The joint document also provides assessments of individual commercial PDNS providers, so that organizations are better informed when causing decisions. The assessment is based on publicly available information about programme PDNS services, not on formal testing, and is not meant as a purchase recommendation.
Linked: NSA Publishes Cybersecurity Year in Review Report
Related: NSA and CISA Spry Highlights Urgency for OT Security