How might corporate IT professionals deal with DNS-based cyber threats?
- Use IPS/IDS devices to scan internal corporate traffic.
- Monitor DNS proxy server logs and look for unusual DNS queries.
- Limit the number of DNS queries permitted within the organization.
- Limit the number of simultaneously opened browsers or browser tabs.
Answers Explanation & Hints: DNS queries for randomly generated domain names or extremely long random-appearing DNS subdomains should be considered suspicious. Cyberanalysts could do the following for DNS-based attacks:Analyze DNS logs.
Use a passive DNS service to block requests to suspected CnC and exploit domains.