DNS Tunneling

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Revision as of 11:32, 3 November 2020 by Kalaivani (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
1. Domain Name System (DNS) tunneling is performed by establishing an unintended communication channel to a command-and-control (C2) server to exfiltrate data.

Related Term: Configuration Exploitation







Click to know more about expert level training

(Source: Business Continuity Management Institute - BCM Institute)

 

A Manager’s Guide to Business Continuity Management for Cybersecurity Incident Response

2. The Domain Name System (DNS) enables people and machines to communicate across the internet. DNS essentially translates human-friendly domain names into machine-friendly IP addresses, and vice-versa. DNS tunneling is characterized by establishing an unintended communication channel to a C2 server and/or to exfiltrate data. This type of tunneling is often conducted on networks with strict security controls, as the pervasiveness of DNS means it is often allowed on highly restrictive networks. The DNS protocol was never intended for data transfer (let alone for nefarious C2 activities), and as such, it is often forgotten about from a network security/monitoring standpoint. Manipulating DNS is nothing new, and is certainly something we have seen in various engagements over the years; nonetheless, it remains a lucrative means for miscreants to siphon o‹ sought-after data. Because of this, we consider DNS tunneling as a lethal data breach scenario.
Source: (Verizon, 2016)