Software Defined Perimeter

  • 1.  ENISA - Security and Privacy for public DNS Resolvers

    Posted Feb 10, 2022 02:11:00 AM
      |   view attached
    Hi All,

    ENISA just published Security and Privacy for public DNS Resolvers

    Domain Name System (DNS) resolution is a hierarchical distributed system of protocols and systems, whose main purpose is to map the human-friendly domain names, such as www.example.com, to machine-readable IP addresses, such as 123.123.123.123. DNS resolution is both highly critical and highly sensitive, and traditionally this service is provided locally by Internet Access Providers for their customers. Recently there has been a shift from these private DNS resolvers, to publicly accessible DNS resolvers. These resolvers tend to offer advanced security and protection features out-of-the-box, such as encryption of user requests and blocking of malicious domains, that aim to attract users to their services. In this paper, we analyze this shift in the market and some of the major drivers for these changes, such as Encryption, Service outages, DNS blocking. In this paper, we also analyze the different security and resilience advantages (such as geographic spread) and drawbacks (such as loss of enterprise network traffic visibility) of public DNS resolvers.

    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------


  • 2.  RE: ENISA - Security and Privacy for public DNS Resolvers

    Posted Feb 10, 2022 02:42:00 AM
    Thanks for sharing.

    There is a focus on resilience and privacy in the recommendations but the risk mitigation benefits of Protective DNS appear more of a footnote in the content of the document and this feels like a lost opportunity.

    ------------------------------
    Alistair Cockeram CISM, CISSP, CCSP, SCCP, MCIIS
    Information Security Architect
    Financial Services
    ------------------------------



  • 3.  RE: ENISA - Security and Privacy for public DNS Resolvers

    Posted Feb 10, 2022 05:33:00 AM

    Hi,

    For a bit more on DNS and its alignment with SDP, there will be forthcoming in the next month "SDP and DNS Network Policy Enforcement 2022" (Working Title). 

    Best regards,