Defense in Depth — Protect Your Organization at the DNS Layer with DNS Firewall
Security professionals agree that a strong security posture is one that is implemented in a layered approach. This layered approach is also referred to as “defense-in-depth.” A defense-in-depth strategy consists of applying security mechanisms across your organization to ensure sufficient coverage against the wide variety of cyber threats.
A comprehensive defense-in-depth strategy requires security mechanisms to be applied through the implementation of hardware, software and security policies. Hardware protection includes, but is not limited to, the implementation of next generation firewalls (NGFW), intrusion prevention systems/intrusion detection systems (IPS/IDS) and secure Web gateways (SWG). Software-based protection is done through anti-virus software deployments, automated patch management or tools for Internet monitoring. Finally, no defense-in-depth strategy would be complete without the implementation of strong security policies that prescribe processes for incident reporting, service and system audits, and security awareness training.
4 Steps to Build Your Personal Brand Online
If you are a recent grad or someone looking to make a career move, make sure to think about your presence on the internet. Last year, 92 percent of recruiters used social media in the recruiting process. If a hiring manager looked you up online, what would he or she find? You can give yourself that extra edge and stand out from the crowd by taking control of your digital footprint. And, the easiest way to do that? Register a domain name and secure your professional space online to show who you are and what you can offer. In fact, 56 percent of all hiring managers are more impressed by a candidate’s personal website than any other personal branding tool.
Verisign Champions Cybersecurity Awareness in October
Cybersecurity is no longer a concern for just IT and security professionals. Recent breaches at organizations like Sony, Target, JP Morgan Chase, and numerous U.S. government entities have brought the issue of cyber-attacks very close to home. If you bank online, use your debit card at a local store or engage in any activity that relies on an Internet-connected system, you are at risk.
As part of National Cyber Security Awareness Month (NCSAM), Verisign is joining with organizations and companies around the country to promote online safety and champion a safer, more secure and trusted Internet. Every week in October, we’ll share research and online safety tips from our resident cybersecurity experts via our blog and LinkedIn, Facebook and Twitter posts.
Verisign iDefense Analysis of XcodeGhost
At Verisign we take our Internet stewardship mission very seriously, so when details emerged over the past week concerning the XcodeGhost infection, researchers at Verisign iDefense wanted to help advance community research efforts related to the XcodeGhost issue, and leveraging our unique capabilities, offer a level of public service to help readers determine their current and historical level of exposure to the infection.
Background
First identified in recent days on the Chinese microblog site Sina Weibo, XcodeGhost is an infection of Xcode, the framework developers use to create apps for Apple’s iOS and OS X operating systems. Most developers download secure Xcode from Apple. However, some acquire unofficial versions from sites with faster download speeds.
Apps created with XcodeGhost contain instructions, unknown to both the app developers and the end users, that collect potentially sensitive information from the user’s device and send it to command-and-control (C2) servers managed by the XcodeGhost operator. This way, the XcodeGhost operators circumvented the security of Apple’s official Xcode distribution, and the security of Apple’s App Store.
The infection had widespread impact. As of September 25th, Palo Alto Networks and Fox-IT had identified more than 87 infected apps by name, and FireEye claimed to have identified more than 4,000 infected apps. This activity impacts millions of users both in China and elsewhere in the world. To understand key aspects of the infection, iDefense researchers leveraged authoritative DNS traffic patterns to the C2 domains.
Verisign 2015 Online Survey: 97 Percent of SMBs Would Recommend Having a Website to Other SMBs
Almost three-quarters of Americans go online at least once a day. If you are a small business looking to grow, you need to go where your customers are. That means getting your business online with a domain name – whether it’s with branded email, a web address for your social media page, or a business website.
In September 2015, Verisign conducted a survey of 787 U.S. internet consumers aged 18 to 59 and 456 U.S. small businesses to learn more about their online behaviors and preferences – focusing on how consumers use the internet and the benefits of an online presence for a business.
Thinking Ahead on Privacy in the Domain Name System
Earlier this year, I wrote about a recent enhancement to privacy in the Domain Name System (DNS) called qname-minimization. Following the principle of minimum disclosure, this enhancement reduces the information content of a DNS query to the minimum necessary to get either an authoritative response from a name server, or a referral to another name server. This is some additional text.
In typical DNS deployments, queries sent to an authoritative name server originate at a recursive name server that acts on behalf of a community of users, for instance, employees at a company or subscribers at an Internet Service Provider (ISP). A recursive name server maintains a cache of previous responses, and only sends queries to an authoritative name server when it doesn’t have a recent response in its cache. As a result, DNS query traffic from a recursive name server to an authoritative name server corresponds to samples of a community’s browsing patterns. Therefore, qname-minimization may be an adequate starting point to address privacy concerns for these exchanges, both in terms of information available to outside parties and to the authoritative name server.
Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy
There are two types of information that can be found online about you: the information you intentionally post and the information that is automatically collected.
The information that you intentionally post is what you want everyone to know about you. Your professional life is documented on LinkedIn. Your social activities with friends and family are chronicled on Facebook. You alert the world of your immediate thoughts on Twitter. You even choose to provide your address and credit card information when buying things online. All of this personal information about you is deliberately posted and collected with your consent.
Highlights From vBSDcon: Plenary Talk Videos Now Available
vBSDcon, hosted by Verisign, brought more than 100 attendees from the Berkeley Software Distribution (BSD) community together for a series of plenary talks, educational sessions and networking opportunities earlier this month.
“This biennial conference has been particularly special to us because of the grassroots effort within Verisign to be sure we do our part to help advance BSD,” said Verisign CTO Burt Kaliski.
Internet Grows to 296 Million Domain Names in Second Quarter of 2015
Today, we released the latest issue of the Domain Name Industry Brief, which showed that the Internet grew by two million domain names in the second quarter of 2015, and closed with a base of 296 million domain names across all top-level domains (TLDs). This is a 0.8 percent increase over the first quarter of 2015.[1]
