More Mysterious DNS Root Query Traffic from a Large Cloud/DNS Operator

June 2, 2022 • By Duane Wessels • Security

This blog was also published by APNIC.

With so much traffic on the global internet day after day, it’s not always easy to spot the occasional irregularity. After all, there are numerous layers of complexity that go into the serving of webpages, with multiple companies, agencies and organizations each playing a role.

That’s why when something does catch our attention, it’s important that the various entities work together to explore the cause and, more importantly, try to identify whether it’s a malicious actor at work, a glitch in the process or maybe even something entirely intentional.

(more…)

Routing Without Rumor: Securing the Internet’s Routing System

March 9, 2022 • By Danny McPherson • Security

This article is based on a paper originally published as part of the Global Commission on the Stability of Cyberspace’s Cyberstability Paper Series, “New Conditions and Constellations in Cyber,” on Dec. 9, 2021.

The Domain Name System has provided the fundamental service of mapping internet names to addresses from almost the earliest days of the internet’s history. Billions of internet-connected devices use DNS continuously to look up Internet Protocol addresses of the named resources they want to connect to — for instance, a website such as blog.verisign.com. Once a device has the resource’s address, it can then communicate with the resource using the internet’s routing system.

Just as ensuring that DNS is secure, stable and resilient is a priority for Verisign, so is making sure that the routing system has these characteristics. Indeed, DNS itself depends on the internet’s routing system for its communications, so routing security is vital to DNS security too.

(more…)

Ongoing Community Work to Mitigate Domain Name System Security Threats

December 6, 2021 • By Keith Drazek • Domain Names, Security

For over a decade, the Internet Corporation for Assigned Names and Numbers (ICANN) and its multi-stakeholder community have engaged in an extended dialogue on the topic of DNS abuse, and the need to define, measure and mitigate DNS-related security threats. With increasing global reliance on the internet and DNS for communication, connectivity and commerce, the members of this community have important parts to play in identifying, reporting and mitigating illegal or harmful behavior, within their respective roles and capabilities.

(more…)

Cybersecurity Considerations in the Work-From-Home Era

December 3, 2020 • By Yong Kim • Security

Note: This article originally appeared in Verisign’s Q3 2020 Domain Name Industry Brief.

Verisign is deeply committed to protecting our critical internet infrastructure from potential cybersecurity threats, and to keeping up to date on the changing cyber landscape.

(more…)

Harnessing the Momentum of Women in Cybersecurity

October 27, 2020 • By Verisign • Security

This week, some of the brightest subject matter experts from across the U.S. and beyond gathered virtually to talk about women in cybersecurity, recognizing that the internet is filled with both opportunities and risks, and that it’s up to all of us to defend, protect and secure critical internet infrastructure.

(more…)

Verisign Expands MANRS Relationship to Strengthen Global Routing Security

June 24, 2020 • By Yong Kim • Security

Verisign has been involved with an initiative known as Mutually Agreed Norms for Routing Security, or MANRS, since its inception. MANRS, which is coordinated by the Internet Society, focuses on strengthening the security and resiliency of IP networks throughout the world by identifying and providing best practices for mitigating common routing security threats.

MANRS began as a collaboration among network operators and internet exchange providers, with Verisign formally becoming a participant in its Network Operator Program in 2017. Since then, with the help of Verisign and other MANRS participants, the initiative has grown to also include content delivery networks (CDN) and cloud providers.

(more…)

Revisiting How Registrants Can Reduce the Threat of Domain Hijacking

February 11, 2019 • By Matt Thomas • Domain Names, Security

Recent events^1,2 have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted³, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports.

(more…)

DNS-Based Threats: Cache Poisoning

April 17, 2018 • By Kevin Piper • 3 comments • Recursive DNS, Security

The Domain Name System (DNS) is the cornerstone of communication for the internet. Navigating to the sites you access every day often starts with a DNS request. Cybercriminals recognize the value of DNS and may look for ways to abuse improperly secured DNS to compromise its uptime, integrity or overall response efficacy—which makes DNS an important area for enforcing security and protecting against threats.

One such threat: cache poisoning. (more…)

DNS-Based Threats: DNS Reflection and Amplification Attacks

December 13, 2017 • By Frank Scalzo • 1 comment • DDoS Protection, Security

The Domain Name System (DNS), if not properly secured, may be susceptible to abuse by malicious actors. Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain^®1 for many cyber-attacks.

This blog discusses one such threat, DNS reflection and amplification attacks.

(more…)

A Framework for Resilient DNS Security: DNS Availability Drives Business

November 30, 2017 • By Michael Kaczmarek • 1 comment • Managed DNS, Security

To establish connectivity with other users and devices, almost anything that interfaces with the internet depends on the accuracy, integrity and availability of the Domain Name System (DNS). Most online transactions and data movement are critically dependent on DNS services.

As such, DNS is an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. Organizations are beginning to recognize this and are using DNS security mechanisms as a first line of defense for preventing or mitigating online threats.

(more…)

Browsing Tag

Cybersecurity