DNS Security Check

DNS Security Check

204774

SOC Prime Community

App Support Tiers

OpenText SUPPORTED

Support via OpenText Software Support, with a ticket filed against the associated product.

PARTNER

OpenText offers a content partnership program for select partners. Support for Partner Content offerings is provided by the partner and not by OpenText of the OpenText community.

OpenText COMMUNITY

OpenText Community Content is provided by OpenText for the benefit of customers, support for it is not available via OpenText Software Support but through specific community content forums.

COMMUNITY

Community Contributed Content is provided by OpenText customers and supported by them.

EARLY ACCESS

Show less ...Show more

The downloads referenced under the "Cybersecurity Early Access" category are made available to subscribers to mitigate time-critical issues but have not undergone formal quality and performance testing associated with official OpenText/Cybersecurity product releases. OpenText has a multi-stage Quality Assurance process. During Stage 1 we conduct a resource analysis, field mapping, ensure content level 1 functionality and analysis in our sandbox environment. Stage 2 is a complete validation including production validation. This package has cleared Stage 1 validation and therefore should be deployed with the appropriate pre-production validation. OpenText strongly recommends that any downloaded content is first checked and tested thoroughly in a non-production environment before committing to production. We welcome feedback and, should any content be shown to be faulty, detrimental or carry an incorrect claim of authorship, we shall endeavor to remove or correct such content as promptly as reasonably possible once notified and validated.

SOC Prime | Community

DNS Security Check is a straightforward Use Case that easily finds DNS Misconfigurations and anomalies in network. Despite its maturity and long history, DNS protocol was not designed with security in mind and thus has many means of malicious exploitation.

1,015 downloads

Product compatibility

Description

DNS Security Check is a straightforward SIEM Use Case that easily finds DNS Misconfigurations and anomalies in corporate networks. Despite its maturity and long history, DNS protocol was not designed with security in mind and thus has many means of malicious exploitation. Methods to transfer non-DNS data over the protocol are called DNS tunneling and allow to obfuscate and transmit botnet C2 traffic or slowly exfiltrate data. DNS Security Check is the first and easy step towards DNS security in any organization. It detects, provides visual display and automatic alerts on the DNS packets addressed to non-corporate DNS servers, unusually large DNS packet sizes, and even potential Fast-Flux DNS botnet traffic. Many threats related to DNS protocol abuse can be mitigated by secure network design, which is reflected in the CISO brief for this Use Case.