DNSSEC, DANE, DPRIVE...Oh My! A Primer on the Critical State of DNS Security
Dan York, CISSP | DNS Security Program Manager Internet Society
About this talk
When was the last time you thought about your Domain Name System (DNS) server? Do you realize DNS is insecure by default? Are you prepared for attacks against your DNS infrastructure? Often a DNS server is set up and then forgotten. You will learn about why you need to be paying attention to this critical core network service. How can DNS Security Extensions (DNSSEC) ensure the integrity of DNS info? How can the DANE protocol add a layer of trust to applications and services using TLS? What is happening with the DPRIVE work to use DNS over TLS? And why should enterprises be concerned?
This session will explore why you need to pay attention to DNS security for a more trusted and secure internet.
• Describe the threats to the security and privacy of DNS servers.
• Understand and describe the mechanisms to protect DNS, such as DNSSEC, DANE and DPRIVE.
• List actions to protect attendees' home networks.