It’s been a hectic few weeks in the DNS world, with DNS being brought into the mainstream media for all the wrong reasons. We’ve dealt with the enormous DDoS attacks that leverage open DNS resolvers elsewhere on this blog, so in our roundup of the month’s most interesting content, we’ll highlight other news that may have passed you by.
DNS
- “We Need a Plan B for the Internet,” Warns Internet Pioneer Danny Hillis – Danny Hillis has been an Internet user since the earliest of days. He registered the third domain name ever. He still has a book, a couple of inches thick, with the names and info for every person in the world with an email address in 1982. Today such a thing probably would be 25 miles thick.
- The Centrality Menace – The Internet thrives on decentralisation and distribution, so in principle The Cloud, as implemented through CDNs, should be an ideal tool that diminishes centralisation and enhances distribution.
- DNS and eCommerce Sales – eCommerce retailers constantly tweak their sites to ensure that the design and user experience are optimized to produce the maximum conversion rate. Often, though, amid the changes to layout, navigation, and caching strategies, basic infrastructure is neglected.
- INFOGRAPHIC: How-To Troubleshoot DNS Errors – What’s worse than getting a call after hours from a customer/employee saying their shared folder is missing or the website is down. Or even worse…”Is the internet down?
- ICANN New gTLD Program SWOT Analysis: STRENGTHS (Part 1) – The SWOT analysis (alternatively SWOT Matrix) is a structured planning method used to evaluate the Strengths, Weaknesses, Opportunities, and Threats involved in a project or in a business venture.
- Watching Domains That Change DNS Servers Frequently – In the DNS, a domain only exists once it has been registered with the TLD (top-level domain) registry and the name servers to which it is assigned are operational. Logically, the entity that registers the pairing of domain to name server and the entity that operates a name server are distinct, although they are often the same.
- Returning From Domain Hell – The past few days our website has been offline. Thankfully it’s finally back and believe me when I say, having an extended unscheduled outage pains me to no end. So what went wrong? The outage essentially boils down to our domain name expiring.
- U.S. CERT Issues Alert on DNS Amplification Attacks – From the Alert: “While the attacks are difficult to prevent, network operators can implement several possible mitigation strategies. The primary element in the attack that is the focus of an effective long-term solution is the detection and elimination of open recursive DNS resolvers.”
- Flaw in BIND Servers – There is a critical vulnerability in BIND 9.7, 9.8, and 9.9 for Unix systems that could allow an attacker to knock vulnerable DNS servers offline or compromise other applications running on those machines.
- Did A 300Gb/S Ddos Really Slow The Net? Only If You Believe In Smurfs – Router Smurfing was supposed to have been snuffed years ago but a newer form that targets DNS servers has been a growing if unacknowledged issue in recent times.
Security
- Understanding Targeted Attacks: How Do We Defend Ourselves? – Part of identifying the network is also having a deep understanding of it, specifically the operations, processes, events, and behavior we consider normal. Knowledge of what is truly normal and what is not will help identify anomalies better and faster.
- Security and Reliability: A Closer Look at Vulnerability Assessments – A vulnerability assessment can be viewed as a methodology for identifying, verifying and ranking vulnerabilities (a “fault” that may be exploited by attackers) in a given system. That system could be a single application or an entire infrastructure, including routers, switches, firewalls, servers/applications, wireless, VoIP (voice over Internet protocol), DNS (domain name system), electronic mail systems, physical security systems, etc.
- Email-based Threat Intelligence: Analyzing the Phish Food Chain – Email-based threat intelligence entails analyzing scads of spam emails using Big Data Analytics. You didn’t think we’d be able to resist that buzzword, did you? Of course not! But whether you call it big data or just “a lot of data,” the first step in implementing an email-based threat intelligence program is to aggregate as much email as you can.
- Amazon S3 Breach Underscores Cloud Data Security Needs – Cloud data security concerns has become less of a reason for not adopting public cloud than it was in 2012, with 32% of respondents citing it as their reason to hold off on adoption versus 36% in 2012, according to TechTarget’s 2013 Cloud Pulse survey.
Enterprise IT
- Google’s 10 rules for designing data centers – Google has long pushed the envelope of data center infrastructure design, particularly when it comes to renewable energy, efficient cooling, new power electronics and innovative building layouts.
- 5 In-Demand Skills for Landing a Dream IT Job – There is no denying it
the technology sector is on the rise and jobs are ripe for the taking. Demand has shifted from the mainframes of 30 years ago to virtualization, opening up ample opportunity in the field. Today, it’s all about optimization and collaboration, and IT decision makers are investing heavily in these new infrastructures. - Can Colleges Tame The Bandwidth Monster? – Each year, I’m faced with the continual challenge of feeding the Internet bandwidth monster. It’s a strange industry when higher ed CIOs are elated about the next big thing in technology while also terrified by the effect it may have on our already congested networks and Internet connections.
- It’s Twilight for Small In-House Data Centers – Larger firms have been consolidating data centers for years, and even the federal government is shutting down hundreds of data centers in its consolidation push. But these big firms and institutions are optimizing their operations and holding on to them, even as they increase their use of SaaS and cloud services at the margins.
