Chilichonse chomwe kampaniyo ichita, chitetezo iyenera kukhala gawo lofunikira lachitetezo chake. Ntchito zamatchulidwe, zomwe zimathetsa mayina ochezera ku ma adilesi a IP, zimagwiritsidwa ntchito ndi pafupifupi pulogalamu iliyonse ndi ntchito zapaintaneti.
Ngati wowukirayo atenga ulamuliro wa DNS ya bungwe, atha:
- dzipatseni mphamvu pa zinthu zomwe munagawana
- tumizaninso maimelo obwera komanso zopempha zapaintaneti ndi kuyesa kutsimikizira
- pangani ndi kutsimikizira satifiketi za SSL/TLS
Bukuli limayang'ana chitetezo cha DNS kuchokera kumakona awiri:
- Kuchita kuwunika kosalekeza ndikuwongolera pa DNS
- Momwe ma protocol atsopano a DNS monga DNSSEC, DOH ndi DoT angathandizire kuteteza kukhulupirika ndi chinsinsi cha zopempha za DNS
Kodi chitetezo cha DNS ndi chiyani?
Lingaliro la chitetezo cha DNS limaphatikizapo zigawo ziwiri zofunika:
- Kuwonetsetsa kukhulupirika kwathunthu ndi kupezeka kwa mautumiki a DNS omwe amathetsa mayina a alendo ku ma adilesi a IP
- Yang'anirani zochitika za DNS kuti muwone zovuta zachitetezo paliponse pa intaneti yanu
Chifukwa chiyani DNS ili pachiwopsezo chowukiridwa?
Tekinoloje ya DNS idapangidwa m'masiku oyambilira a intaneti, nthawi yayitali munthu asanayambe kuganiza za chitetezo cha pa intaneti. DNS imagwira ntchito popanda kutsimikizika kapena kubisa, ndikukonza mwakhungu zopempha kuchokera kwa wogwiritsa ntchito aliyense.
Chifukwa cha izi, pali njira zambiri zonyenga wogwiritsa ntchito ndikunamizira zambiri za komwe kusankhidwa kwa mayina ku ma adilesi a IP kumachitika.
DNS Security: Nkhani ndi Zigawo
Chitetezo cha DNS chimakhala ndi zingapo zofunika zigawo, chilichonse chomwe chiyenera kuganiziridwa kuti chitetezedwe kwathunthu:
- Kulimbikitsa chitetezo cha seva ndi njira zowongolera: onjezani mulingo wachitetezo cha seva ndikupanga template yokhazikika yotumizira
- Kusintha kwa Protocol: khazikitsani DNSSEC, DoT kapena DoH
- Analytics ndi malipoti: onjezani chipika cha zochitika za DNS ku makina anu a SIEM kuti mumve zambiri pofufuza zomwe zachitika
- Kuzindikira kwa Cyber ββββIntelligence ndi Zowopsa: lembetsani ku chakudya chanzeru chowopsa
- Zodzichitira: pangani zolemba zambiri momwe mungathere kuti musinthe machitidwe
Zomwe tazitchula pamwambazi ndi nsonga chabe ya chitetezo cha DNS. M'gawo lotsatira, tikhala tikulowa m'malo ogwiritsira ntchito komanso njira zabwino zomwe muyenera kudziwa.
Kuukira kwa DNS
- : kugwiritsa ntchito chiwopsezo chadongosolo kuti awononge cache ya DNS kuti atumize ogwiritsa ntchito kumalo ena.
- : Amagwiritsidwa ntchito kwambiri polambalala chitetezo chakutali
- Kubedwa kwa DNS: kuwongolera kuchuluka kwa magalimoto a DNS ku seva ina ya DNS posintha registrar domain
- NXDOMAIN kuwukira: kuchititsa DDoS kuwukira pa seva yovomerezeka ya DNS potumiza mafunso osavomerezeka a domain kuti ayankhe mokakamizidwa.
- phantom domain: zimapangitsa kuti DNS solver idikire kuyankha kuchokera kumadera omwe palibe, zomwe zimapangitsa kuti asagwire bwino ntchito
- kuwukira pa subdomain mwachisawawa: makamu osokonekera ndi ma botnets amayambitsa kuwukira kwa DDoS pamalo ovomerezeka, koma amayang'ana moto wawo pazigawo zabodza kuti akakamize seva ya DNS kuyang'ana zolemba ndikuwongolera ntchitoyo.
- kuletsa domain: ikutumiza mayankho angapo a sipamu kuti aletse zida za seva ya DNS
- Kuukira kwa Botnet kuchokera ku zida zolembetsa: gulu la makompyuta, ma modemu, ma routers ndi zida zina zomwe zimagwiritsa ntchito mphamvu zamakompyuta patsamba linalake kuti lizidzaza ndi zopempha zamagalimoto.
Kuukira kwa DNS
Zowukira zomwe zimagwiritsa ntchito DNS kuukira machitidwe ena (mwachitsanzo, kusintha ma DNS sicholinga chomaliza):
- Fast-Flux
- Single Flux Networks
- Double Flux Networks
Kuukira kwa DNS
Zowukira zomwe zimapangitsa kuti adilesi ya IP ifunike ndi wowukirayo kubwezedwa kuchokera ku seva ya DNS:
- DNS spoofing kapena cache poisoning
- Kubedwa kwa DNS
Kodi DNSSEC ndi chiyani?
DNSSEC - Domain Name Service Security Engines - amagwiritsidwa ntchito kutsimikizira zolemba za DNS popanda kufunikira kudziwa zambiri pazambiri zilizonse za DNS.
DNSSEC imagwiritsa ntchito Digital Signature Keys (PKIs) kutsimikizira ngati zotsatira zafunso la dzina ladomeni zidachokera kovomerezeka.
Kukhazikitsa DNSSEC sikuti ndi njira yabwino kwambiri yamakampani, komanso kumathandizira kupewa kuukira kwa DNS.
Momwe DNSSEC imagwirira ntchito
DNSSEC imagwira ntchito mofanana ndi TLS/HTTPS, pogwiritsa ntchito makiyi apagulu ndi achinsinsi kusaina ma DNS rekodi. Chidule cha ndondomekoyi:
- Zolemba za DNS zimasainidwa ndi makiyi achinsinsi-achinsinsi
- Mayankho ku mafunso a DNSSEC ali ndi mbiri yomwe mwafunsidwa komanso siginecha ndi kiyi yapagulu
- ndiye amagwiritsidwa ntchito kufananiza zowona za mbiri ndi siginecha
DNS ndi DNSSEC Security
DNSSEC ndi chida chowunikira kukhulupirika kwa mafunso a DNS. Izi sizikhudza chinsinsi cha DNS. Mwanjira ina, DNSSEC ikhoza kukupatsani chidaliro kuti yankho lafunso lanu la DNS silinasokonezedwe, koma wowukira aliyense akhoza kuwona zotsatirazo monga zatumizidwa kwa inu.
DoT - DNS pa TLS
Transport Layer Security (TLS) ndi ndondomeko yachinsinsi yotetezera mauthenga omwe amafalitsidwa kudzera pa intaneti. Kulumikizana kotetezeka kwa TLS kukakhazikitsidwa pakati pa kasitomala ndi seva, zomwe zimatumizidwa zimasungidwa ndipo palibe mkhalapakati angawone.
omwe amagwiritsidwa ntchito kwambiri ngati gawo la HTTPS (SSL) pa msakatuli wanu chifukwa zopempha zimatumizidwa kuti muteteze ma seva a HTTP.
DNS-over-TLS (DNS over TLS, DoT) imagwiritsa ntchito protocol ya TLS kubisa kuchuluka kwa magalimoto a UDP pamafunso a DNS nthawi zonse.
Kulemba mwachinsinsi zopempha izi m'mawu osavuta kumathandiza kuteteza ogwiritsa ntchito kapena mapulogalamu omwe akupempha kuzinthu zingapo.
- MitM, kapena "munthu pakati": Popanda kubisa, makina apakatikati pakati pa kasitomala ndi seva yovomerezeka ya DNS amatha kutumiza zidziwitso zabodza kapena zowopsa kwa kasitomala poyankha pempho.
- Espionage ndi kutsatira: Popanda kubisa zopempha, ndizosavuta kwa makina apakati kuti awone masamba omwe wogwiritsa ntchito kapena pulogalamuyo akupeza. Ngakhale DNS yokha siiwulula tsamba lenileni lomwe likuyendera patsamba, kungodziwa madera omwe afunsidwa ndikokwanira kupanga mbiri yadongosolo kapena munthu.
Source:
DoH - DNS pa HTTPS
DNS-over-HTTPS (DNS over HTTPS, DoH) ndi protocol yoyeserera yolimbikitsidwa ndi Mozilla ndi Google. Zolinga zake ndi zofanana ndi ndondomeko ya DoT-kupititsa patsogolo zinsinsi za anthu pa intaneti mwa kubisa zopempha ndi mayankho a DNS.
Mafunso okhazikika a DNS amatumizidwa kudzera pa UDP. Zopempha ndi mayankho zitha kutsatiridwa pogwiritsa ntchito zida monga . DoT imasunga zopempha izi, koma zimadziwika kuti ndizosiyana kwambiri ndi magalimoto a UDP pamaneti.
DoH imatenga njira ina ndikutumiza zopempha zosinthidwa mwachinsinsi za dzina la omvera pamalumikizidwe a HTTPS, omwe amawoneka ngati pempho lina lililonse pa intaneti.
Kusiyanaku kuli ndi tanthauzo lofunika kwambiri kwa oyang'anira dongosolo komanso tsogolo la kusamvana kwa mayina.
- Kusefa kwa DNS ndi njira yodziwika bwino yosefera kuchuluka kwa anthu pa intaneti kuti muteteze ogwiritsa ntchito ku chinyengo, masamba omwe amafalitsa pulogalamu yaumbanda, kapena zochitika zina zapaintaneti zomwe zitha kukhala zovulaza pamakampani. Protocol ya DoH imalambalala zosefera izi, zomwe zitha kuwonetsa ogwiritsa ntchito ndi netiweki pachiwopsezo chachikulu.
- Muchitsanzo chamakono chosinthira mayina, chipangizo chilichonse chapa netiweki chimalandira mafunso a DNS kuchokera kumalo omwewo (seva ya DNS). DoH, makamaka kukhazikitsidwa kwa Firefox, zikuwonetsa kuti izi zitha kusintha mtsogolo. Pulogalamu iliyonse pakompyuta imatha kulandira zambiri kuchokera kumagwero osiyanasiyana a DNS, zomwe zimapangitsa kuthetsa mavuto, chitetezo, ndi kutengera zoopsa kukhala zovuta kwambiri.
Source:
Kodi pali kusiyana kotani pakati pa DNS pa TLS ndi DNS pa HTTPS?
Tiyeni tiyambe ndi DNS pa TLS (DoT). Mfundo yayikulu apa ndikuti protocol yoyambirira ya DNS sinasinthidwe, koma imangoperekedwa motetezeka panjira yotetezeka. DoH, kumbali ina, imayika DNS mumtundu wa HTTP musanapemphe.
DNS Monitoring Alerts
Kutha kuyang'anira bwino kuchuluka kwa magalimoto a DNS pa netiweki yanu pazolakwika zokayikitsa ndikofunikira kuti muzindikire msanga kuphwanya. Kugwiritsa ntchito chida ngati Varonis Edge kumakupatsani mwayi wokhala pamwamba pazitsulo zonse zofunika ndikupanga mbiri pa akaunti iliyonse pa intaneti yanu. Mutha kukonza zidziwitso kuti zipangidwe chifukwa cha kuphatikiza kwazinthu zomwe zimachitika pakanthawi kochepa.
Kuyang'anira zosintha za DNS, malo aakaunti, kugwiritsa ntchito koyamba komanso kupeza zidziwitso zodziwika bwino, komanso zochitika zapambuyo pa ola ndi njira zochepa zomwe zitha kulumikizidwa kuti mupange chithunzi chodziwika bwino.
Source: www.habr.com