Download - The DNS Tunneling Blindspot
Stopping the bad guysand what you can do about itBrian A. McHenrySr. Security Solutions [email protected]@bamchenry
Enterprise Blindspots inthe Age of Malware & Insider ThreatsBrian A. McHenrySr. Security Solutions [email protected]@bamchenry
Who is this guy?• Brian A. McHenry, Sr. Security Solutions
Architect, F5 Networks• 9 years at F5, focused on application security
solutions• Regular contributor on DevCentral.f5.com &
InformationSecurityBuzz.com• Follow me on Twitter @bamchenry
Greatest threats to data loss?
External• Injection attacks
• SQL, cmd, etc.
• Open TCP ports• SSH, Telnet, FTP, etc.
• Phishing
Internal• Undetected malware
• Servers, desktops, laptops, etc.
• Employees, contractors• Disgruntled or Careless
• Unverified backup systems
Detecting Malware
Mitigate Malicious Communication - RPZOpen Service DNS Query Filtering by Reputation
Prevent malware and sites hosting malicious content from ever communicating with a client.
Live updates
BIG-IP
Inhibit the threat at the earliest opportunity. Internet activity starts with a DNS request.
Domain Reputation
Mitigate DNS threats by blocking access to malicious IPs. Reduce malware and virus infections.
Select Your Service
Response Policy Zone (RPZ) Live Feed
DNS Server/Proxy
Protecting the ClientThe internet isn’t an altogether safe place
MALICIOUS THREATS UNDESIRABLE CONTENT DUPING THE USER
BotNetsInadvertently downloaded and used to mount distributed attacks.
VirusesOnce installed, causes malicious activity on end-user device, sometimes for ransom.
OS VulnerabilitiesUnprotected, unpatched devices are extremely vulnerable.
Phishing scams and Man in the MiddleWebsites which impersonate real websites, often linked from email or a website.
Scammers aim to capture credentials.
Site redirectionDNS traffic is captured and sent to a malicious DNS server serving bad DNS results.
OffensiveContent may violate HR or local rules.Violation of decency standards.Be age inappropriate.
IrrelevantDistractive content incompatible with job function or policy.
Illegal contentFile sharing or sites identified as hosting banned material.
DNS IP and Name Reputation ChoicesRESPONSE POLICY
ZONES
URL FILTERING
IP REPUTATION
Screens a DNS request against domains with a bad reputation.
Intercept a DNS request in iRules. Categorize & make a decision.
Intercept a DNS response in iRules. Categorize & make a decision.
INHIBITS THREATS BY FQDN
INHIBITS THREATS BY IP
INHIBITS THREATS BY FQDN
POLICY CONTROL BY FQDN
Technical Use Cases
http://www.badsite.com
http://194.71.107.15
http://www.facebook.com
IP REPUTATION
URL FILTERINGTHREAT TYPE
Virus, malware etc.DNS lookup required.
Virus, malware etcNo DNS lookup issued
Social networkingAgainst corp policy.
RPZ
No DNS lookup to filter.
Cover malicious content only.
Limited to IP address reputation.
Limited to IP address reputation.
No URL or FQDN to examine.
Prevent malware and sites hosting malicious content from ever communicating with a client.
Internet activity starts with a DNS request. Inhibit the threat at the earliest opportunity.
Live updates
CACH
E
RESO
LVER
PROTOCOL
VALIDATION
SCRIPTING
IPV4/V6
LISTENER
REPUTATION
DATABASE
SPECIAL HANDLING
DNS Server or Proxy
Use Case – User ProtectionPrevent subscribers from reaching known bad domains
RPZ live feed
Use Case – ISP Layered Client Protection
QUERY: WWW.DOMAIN.COM
DNS Policy
CACHE
RESOLVER
iContol
Subscriber Policy
RPZ
IP Reputation
URL Filtering
EGRESS DNS PATH
INGRESS DNS PATH
• Response Policy Zones (RPZ) filters out and provides NXDOMAIN / Redirect for know bad domains.• URL Filtering further provides granular policy controls using categories.• IP Intelligence blocks based on the resolved IP.
• It can also be used in the data path for other protocols.RPZ Feed IP Rep Feed URL
Feed
Policy
Thank you!http://www.informationsecuritybuzz.com/articles/mutating-malware-and-data-center-blind-spots-in-2016/http://www.slideshare.net/bamchenryhttps://www.linkedin.com/in/bamchenryhttps://twitter.com/bamchenry
Title and Content Layout with List• Add your first bullet point here• Add your second bullet point here• Add your third bullet point here
Title and Content Layout with Chart
Category 1 Category 2 Category 3 Category 40
1
2
3
4
5
6
Series 1 Series 2 Series 3
Two Content Layout with Table• First bullet point here• Second bullet point here• Third bullet point here
Class Group 1 Group 2
Class 1 82 95
Class 2 76 88
Class 3 84 90
Title and Content Layout with SmartArt
Step 1 TitleTask
descriptionTask
descriptionTask
descriptionTask
description
Step 2 TitleTask
descriptionTask
descriptionTask
description
Step 3 TitleTask
descriptionTask
description
Step 4 TitleTask
descriptionTask
description
Add a Slide Title - 1
Add a Slide Title - 2
Add a Slide Title - 3
Add a Slide Title - 4
Add a Slide Title - 5
Drag picture to placeholder or click icon to add