Securing an Internet Name Server
by Allen Householder and Brian King CERT/CC in collaboration with Ken Silva from Verisign
Domain name system (DNS) servers translate names suitable for use by people (such as www.example.com) into network addresses (e.g., 192.168.4.22) suitable for use by computers. There are a number of different name server software packages available today. Berkeley Internet Name Domain (BIND), produced by the Internet Software Consortium (http://www.isc.org), is the most widely deployed name server package, and is available on a wide variety of platforms. Other popular DNS packages include Microsoft DNS and djbdns.

The goal of this document is to discuss general name server security. However, in order to provide useful examples we have chosen to focus on BIND since it is the most commonly used software for DNS servers.

Download the paper in PDF format here.

Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //