The following cybersecurity terms are important to either understanding DNS or play a role in DNS filtering, protective DNS, etc.
Anycast - Anycast is a way to route a network when there are multiple routing paths available. The network has its pick of servers to send to, and will pick the closest one for the end user. This also enables the ability to route to a new server if another one goes down for any reason. Learn more about Anycast here.
Brute force attacks - A brute-force attack is a recursive trial-and-error method used to determine information such as a user password or personal identification number (PIN). The attacker systematically checks all possible passwords and passphrases until the correct one is found. The attack is carried out using an automated software that generates a large number of consecutive guesses as to the value of the desired data.
CNAME - Canonical Name. This is a DNS record that maps an alias name to the actual name or another canonical domain name. They are typically used to map a subdomain (e.g. www, en, mail etc) to the domain name hosting content for that subdomain.
C2 Server - Also referred to as a CNC server or Command and Control server. A C2 server is a component of a malware attack that establishes a remote channel between a compromised host and the attacker’s server. Continue reading about C2 servers here.
Cache Poisoning - Also known as DNS poisoning. This is a form of DNS poisoning done by corrupting DNS cache entries with false data for malicious intent. Continue reading about Cache poisoning
CASB - Cloud Access Security Broker. It is a middleman that sits between a user and access to cloud-based apps. It monitors all activities and enforces security policies. It can either operate on-premise or in the cloud. Continue reading about CASB
Command and Control Attack - See C2 server.
Cross-site Scripting (XSS) - These attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates, without validating or encoding it.
DGA - Domain generation algorithm. These are used in malware attacks by the attacker to generate a random string of domains that are randomly switched as destination points for infected systems to contact their command and control servers (See C2 server). Constantly generating these domains and switching them for use in the attack makes it more difficult to trace the source of the attack.
DHCP - Domain Host Configuration Protocol. This is the network protocol responsible for automating the configuration of devices on a network. This includes assigning IP addresses to nodes, providing information like the default gateway IP, and DNS information to use the DNS service.
DNS - Domain Name System. Application layer protocol used by networked clients to resolve a domain name to its IP address. DNS is considered as the phonebook of the internet and follows a tree-like path of servers from root domains servers through Top-Level domain servers to host domain servers to resolve the name of a queried domain to its I.P address. Continue reading on DNS
DNS Filtering - DNS filtering leverages DNS (the Domain Name System) to filter out bad content on the internet. It is edge-layer protection critical for businesses as it mitigates the risk of a cyber attack. Continue reading about DNS filtering.
DNS Poisoning - Also referred to as DNS cache poisoning based on the strategy with which the attack is carried out. This is when an attacker takes advantage of vulnerabilities within the Domain Name System to send a fabricated (spoofed) response to a client’s DNS query.
DNSSEC - Domain Name System Security Extensions. This is a security system that helps verify the origin and integrity of data moving back and forth in a DNS resolution process. It is the best solution for preventing DNS poisoning and Cache poisoning.
DNS Tunneling - This is a malware technique that allows an attacker to establish a command-and-control (C2) channel to a victim’s computer. The channel created provides a means of encapsulating a malicious payload within DNS queries to take advantage of the relatively unrestricted flow of DNS traffic, especially in scenarios where almost all other traffic is restricted.
DoH - DNS-over-HTTPS. This is a DNS encryption strategy that uses the secure port 443 used for encrypted HTTPS communications to send a DNS query to a DNS server that supports DoH. This method is popular among Google, Apple, and other big tech companies. Continue reading about DoH
DoT - DNS-over-TLS. This is a DNS encryption strategy that channels a client’s DNS query through the secure TLS port 853 instead of the common port 53 used for unencrypted DNS communication. This is an alternative method to DoH, though both methods have RFCs. Continue reading about DoT.
DoS - Denial of Service. A denial-of-service (DoS) is any type of attack where the attackers attempt to prevent legitimate users from accessing the service. In a DoS attack, the attacker generates excessive illegitimate traffic towards the network or server clogging up the connection thus keeping the network busy and unable to attend to legitimate requests.
DDoS - Distributed Denial of Service Attack. Distributed denial of service (DDoS) attacks are a subclass of denial of service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic. Continue reading about DDoS attacks.
DLP - Data Loss Prevention. This refers to the identification and monitoring of sensitive data to ensure that it’s only accessed by authorized users and that there are safeguards against data leaks. A Data loss prevention software detects potential data breaches/data exfiltration transmissions and prevents them by monitoring, detecting and blocking sensitive data while in use, in motion, and at rest.
EDR - Endpoint Detection & Response. Also known as endpoint threat detection and response (ETDR), is an integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.
Endpoint Protection - This refers to a system for network security management that focuses on network endpoints, or individual devices such as workstations and mobile devices from which a network is accessed. The word is also used to refer to the software that performs the protection function.
Fileless Malware - Fileless malware is a variant of computer related malicious software that exists exclusively in a computer’s memory (RAM). The malware infects a computer via legitimate programs without relying on traditional executable files.
Geoblocking - This is the process of limiting access outbound to the internet or inbound to a network based on a user’s physical location. The IP address of the device used provides the country of use and these details are used for the authorisation or denial of access.
IDS - Intrusion Detection System. This is a device or software that monitors a network or systems for malicious activities and if any is detected, reports the incident to the parties (individuals or incident management systems) who will take action.
IPS - Intrusion Prevention System. This is a network security tool (hardware or software) that monitors a network for malicious activity, reports it when it happens, and takes action to prevent it.
Keylogger - A keylogger is a technology that tracks and records consecutive keystrokes on a keyboard. Because sensitive information such as usernames and passwords are often entered on a keyboard, a keylogger can be a very dangerous technology. Keyloggers are often part of malware, spyware or an external virus.
Least Privilege - The principle of least privilege (POLP) is an information security term that refers to a design objective in computing that a given user should only be able to access the information and resources he or she requires for legitimate reasons. POLP states that every module of a system, such as a process, user or program should have the least authority possible to perform its job.
Malware - Malware is a short form for the term “Malicious Software”. This is software that is designed to cause damage to, steal information from, or take control of a victim computer and/or network.
NAT - Network Address Translation. This enables translation of a public routable IP to several private IPs used by computers on a network. This is mostly used to enable hosts with private IP addresses to send and receive packets from the internet.
PDNS - Protective DNS. This is a security service that analyzes DNS queries in order to prevent access to malware, phishing attacks, viruses, and other malicious elements that can take advantage of the DNS protocol. PDNS leverages existing DNS protocol and architecture to perform its threat protection activities. Continue reading on PDNS
Phishing - This is a social engineering attack used in tricking users into taking actions that allows the attacker to steal data such as login credentials and credit card numbers. This attack can be done through well-crafted emails that masquerade as though they are sent by well-known services and take advantage of their perceived legitimacy.
Roaming Clients - This is an endpoint software that provides a service that is typically available within an organization’s network to devices that are off-site. For example, DNSFilter Roaming Clients provide network protection for off-site devices. Continue reading about DNSFilter Roaming Clients
SASE - Secure access service edge, is a cloud-based IT model that bundles software-defined networking with network security functions and delivers them from a single service provider. Continue reading about SASE.
Spear Phishing - This is a type of phishing attack that is targeted at a specific individual or individuals or group of persons within an organization.
SWG - Gartner defines Secure Web Gateway (SWG) as solutions that “protect Web-surfing PCs from infection and enforce company policies. A secure Web gateway is a solution that filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance.”
TCP - Transport Layer Protocol. This is the transport layer protocol used to transport a packet (also referred to as segment) with guarantee that it will reach its destination and arrive in the correct order. It also has capabilities for handling errors.
UDP - User Datagram Protocol. This is a connectionless type of protocol that transports network packets (also referred to as datagram) without guarantee that it arrives at its destination or it’s in the correct order. It is used in situations where high-speed and low-latency is favored over delivery assurance.
ZTNA - Zero Trust Network Access. This is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. Trust needs to be earned, repeatedly, to ensure that everything inside your network (and of course outside) is a verified, trusted resource. Continue reading about Zero Trust Network Access.