• Products
    LOG COLLECTOR
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Community Edition
    Open-source free log collector
    ADD-ONS FOR NXLOG ENTERPRISE EDITION
    NXLog Add-Ons
    Integration with various software
    AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Minder
    Hyper-scalable, API-first agent management
    DATABASE FOR NXLOG ENTERPRISE EDITION
    Raijin Database Engine
    The schemaless SQL database for storing events
    more from nxlog
    Professional Services
    Compare NXLog EE and CE
  • Downloads
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Manager
    Manage and monitor NXLog instances
    NXLog Community Edition
    Open-source free log collector
  • Solutions
    Integrations
    With SIEM, Devices, SaaS...
    Specfic OS support
    AIX, Linux, FreeBSD
    SCADA/ICS
    Energy, Oil & Gas, Transport...
    Windows Event log
    Collect locally or remotely, ..
    DNS Logging
    Enterprise-grade DNS log...
    Log Collection Modes
    Agent-based, Agentless or Cloud
    Agent Management
    Agents management and monitoring
    FIM
    File Integrity Monitoring
    macOS Logging
    ULS events, Apple System Logs ...

    By Industry

    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Partners
    Find a Reseller
    Look for our resellers worldwide
    Technology Ecosystem
    See all our partners and integrations
    Partner Program
    Join our community of partners
    Partner Portal →
  • Resources
    Documentation
    Products guides and integrations
    Blog
    Tutorials, updates and releases
    White papers
    Datasheets, infographics and more
    Videos
    Trainings and tutorial on specific topics
    Webinars
    Community events and webinars
    Community Forum →
  • Support
  • Why Nxlog
    About Us
    Our journey, team and mission
    Customers
    Testimonials and case studies
    Careers
    We are hiring!
    Contact Us →
Log In Sign Up
Request Trial
LOG COLLECTOR
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Community Edition
Open-source free log collector
ADD-ONS FOR NXLOG ENTERPRISE EDITION
NXLog Add-Ons
Integration with various software
AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
NXLog Manager
Manage and monitor NXLog instances
NXLog Minder
Hyper-scalable, API-first agent management
DATABASE FOR NXLOG ENTERPRISE EDITION
Raijin Database Engine
The schemaless SQL database for storing events
more from nxlog
Professional Services
Compare NXLog EE and CE
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Manager
Manage and monitor NXLog instances
NXLog Community Edition
Open-source free log collector
Integrations
With SIEM, Devices, SaaS...
Specfic OS support
AIX, Linux, FreeBSD
SCADA/ICS
Energy, Oil & Gas, Transport...
Windows Event log
Collect locally or remotely, ..
DNS Logging
Enterprise-grade DNS log...
Log Collection Modes
Agent-based, Agentless or Cloud
Agent Management
Agents management and monitoring
FIM
File Integrity Monitoring
macOS Logging
ULS events, Apple System Logs ...

By Industry

Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing
Find a Reseller
Look for our resellers worldwide
Technology Ecosystem
See all our partners and integrations
Partner Program
Join our community of partners
Partner Portal →
Documentation
Products guides and integrations
Blog
Tutorials, updates and releases
White papers
Datasheets, infographics and more
Videos
Trainings and tutorial on specific topics
Webinars
Community events and webinars
Community Forum →
Support
About Us
Our journey, team and mission
Customers
Testimonials and case studies
Careers
We are hiring!
Contact Us →
  • Loading...
Request Trial
July 1, 2021 security

Top 5 security concerns revealed with DNS logging

By Tamás Burtics

Share
ALL SIEM STRATEGY SECURITY ANNOUNCEMENT DEPLOYMENT COMPLIANCE COMPARISON RSS

The Domain Name System (DNS) facilitates communication between all devices connected to the Internet. It consists of hierarchical servers that can translate any given hostname, along with its corresponding domain name, to its internet protocol (IP) address(es). One of the most common is the windows DNS server that ensures that data requests are sent to their correct endpoints while providing human-readable addresses for websites connected to the Internet. With the ever-growing number of cloud-based devices and technologies, for instance, the Internet of things (IoT), portals, web applications, as well as online transaction processing, it is more important than ever to identify the actual physical addresses of remote devices when relying on DNS-dependent connectivity.

One way to safeguard communication over a network is by adopting a philosophy of perpetual DNS logging in order to look at the types of addresses that users query. Analytical events such as those related to hostname and domain name lookups, as well as audit events that show changes to your domain’s hostnames and their corresponding IP address, can provide insight into how your organization’s DNS server(s) are being used.

dns

These log events track all DNS server activity and contain valuable information such as timestamps, user ID, category, and any security changes made to configuration settings.

Given the heightened network security awareness of today’s business operations, DNS logging can be an important tool in helping your organization to not only respond quickly to threats, but to also proactively protect your sensitive data assets.

Without further ado, here are the top 5 security concerns that DNS logging can reveal:

Denial-of-service attacks

Denial-of-service attacks occur when a server is overwhelmed by a continuous flood of bogus requests, with the goal of rendering it incapable of providing its usual services for legitimate requests. However, standardizing DNS log formats can reveal these threats swiftly and efficiently by pinpointing similar requests within a specific timeframe.

DNS tunneling

DNS tunneling uses a client-server model. The attacker infects workstations behind the targeted company’s firewall with malware to exploit the unmonitored DNS server in order to redirect requests to the attacker’s command-and-control server that runs a tunneling malware program. This enables the attacker to exfiltrate sensitive company files and information. Because DNS traffic is often not monitored, this is one of the most prevalent DNS attacks today. With DNS log collection, you can detect this type of threat by passively monitoring network traffic and by monitoring payload sizes along with the frequency of requests from individual clients.

Cache poisoning

Cache poisoning is a DNS server attack that can be extremely detrimental. This attack inserts malicious IP addresses into the DNS cache, causing users to be redirected to phishing websites where their login credentials can be exposed and used for illicit purposes. By implementing a practical DNS logging plan and solution, you can determine which websites' IP addresses can be safely stored in cache and which should be flagged and isolated.

DNS spoofing

DNS spoofing can be used to describe cache poisoning, DNS hijacking, or any type of man-in-the-middle attack that results in a DNS lookup request returning a malicious IP address instead of the correct one. No matter which of these techniques is used, the attacker impersonates a trusted DNS server for the sole purpose of hijacking traffic to steal sensitive data. A DNS log can reveal changes to files as well as modification of access control rules.

Blocking

Blocking websites helps with avoiding malicious IP addresses. However, if sudden changes to firewall policies have cut off access to important business-related networks or company pages, this may be due to ransomware which has infiltrated the network. Typically, ransomware will encrypt sensitive company data to block its owner from accessing it, and threaten to publish the data if a ransom is not paid. DNS logs can show which sites have been blocked, when they were blocked, and who blocked them.

The importance of DNS logging and monitoring

In light of the frequent and devastating cyberattacks we are now witnessing, setting up DNS security practices by DNS logging, and by extension, monitoring as fail-safe countermeasures makes good business sense when you consider the consequences of allowing your sensitive data to remain unprotected against such threats. By constantly monitoring your network traffic, you will be able to determine the source, destination, transport protocols, and payload discrepancies. With this approach, you can get a head start on any security vulnerabilities that might be putting your business infrastructure in peril.

GET STARTED TODAY:

| Learn more about NXLog Enterprise Edition | Learn more about NXLog Manager | Free Trial | Get Pricing |

NXLog Ltd. develops multi-platform log collection tools that support many different log sources, formats, transports, and integrations. The tools help administrators collect, parse, and forward logs so they can more easily respond to security issues, investigate operational problems, and analyze event data. NXLog distributes the free and open source NXLog Community Edition and offers additional features and support with the NXLog Enterprise Edition.

This document is provided for informational purposes only and is subject to change without notice. Trademarks are the properties of their respective owners.

  • it security
  • cybersecurity
  • dns
  • dns logs
Share

Facebook Twitter LinkedIn Reddit Mail
Related Posts

DNS Log Collection - Part 2
9 minutes | May 28, 2020
DNS Log Collection - Part 1
5 minutes | May 31, 2020
DNS Log Collection - Part 3
8 minutes | May 14, 2020

Stay connected:

Sign up

Keep up to date with our weekly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • SIEM
  • STRATEGY
  • SECURITY
  • ANNOUNCEMENT
  • DEPLOYMENT
  • COMPLIANCE
  • COMPARISON

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2023 NXLog Ltd.

PRIVACY POLICY TERMS OF USE

  • PRODUCTS

  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG ADD-ONS
  • NXLOG MANAGER
  • NXLOG MINDER
  • RAIJIN DATABASE
  • MORE NXLOG

  • COMPARE SOLUTIONS
  • INDUSTRIES
  • INTERGRATIONS
  • FIND A RESELLER
  • PARTNER PROGRAM
  • RESOURCES

  • DOCUMENTATION
  • WHITE PAPERS
  • WEBINARS
  • TUTORIALS
  • BLOG
  • COMMUNITY FORUM
  • ABOUT US

  • WHY NXLOG
  • CUSTOMERS
  • CAREERS
  • CONTACT US
  • DOWNLOADS

  • NXLOG ENTERPRISE EDITION
  • NXLOG COMMUNITY EDITION
  • NXLOG MINDER
  • NXLOG MANAGER
  • NXLOG ADD-ONS
  • RAIJIN DATABASE