DNS tunneling is the process of creating a covert communications channel between a computer within a penetrated network and an outlaw server outside the network. Hackers can use this vector for command and control, data exfiltration or tunneling of any internet protocol traffic. Because DNS is not intended for data transfer, security professionals can easily overlook it as a threat for malicious communications or for data exfiltration.
Threatcare offers powerful cybersecurity risk mitigation through proactive cyber defense. This enables companies to know if they’re systems are at risk. This is one of the many threats we assess, providing visibility and insight into your company’s vulnerability to DNS tunneling. To ensure good security hygiene, hacking simulations should be a regular practice for every company.
Detect DNS Tunneling
Organizations should make sure they are monitoring their DNS requests properly. If there is evidence that data exfiltration or DNS tunneling has already occurred, a good step would be to review DNS monitoring logs or access the DNS server directly to review the query history. DNS tunneling can be detected either through payload analysis and/or traffic analysis. Payload analysis involves dissecting a query for abnormal features such as the lengthy character makeup of DNS or uncommon record types not typically used by a client. Traffic Analysis involves looking at multiple requests/response pairs over time. The amount and frequency of requests can be used for an indication of tunneling.
Threatcare believes in defense in depth. By implementing controls that use both payload analysis and traffic analysis an organization moves closer to a stronger security posture in preventing DNS tunneling and other hacking techniques. At the end of the day you have the right to know you are secure. Consider demoing Threatcare today.