Raise Your Standards for Application Security
If you work in IT you know you need to constantly refresh your cyber defense skills. If you are not already, it is time now to figure out how to apply the principles of Zero Trust Architecture to your BIND 9 systems.
BIND 9 was developed during a simpler time. During the past several decades, network administrators have created and defended a perimeter around applications, shielding them from most kinds of attacks. With the explosion of BYOD, laptops walking in and out of the building, and remote working, it has become impossible to vet every device on the inside of the perimeter, so we can no longer rely on the network to protect critical applications. There are, however, some operating system features and firewall capabilities that you can deploy on your application servers to protect your BIND 9 instances.
This series of webinars, presented by Carsten Strotmann, will share a few tips and tools for securing the systems your BIND 9 instances run on. All sessions are appropriate for both resolvers and authoritative servers, and many of the techniques are applicable to other applications as well.
Register once for the entire series: all sessions will be recorded and the recordings posted within a few days on our website and our YouTube channel, so you can easily review any sessions you miss. Each session will last approximately one hour, including Q&A as time permits. Most sessions will include an optional hands-on session after the presentation, in which you can use a pre-staged VM to practice some of the skills you have just learned.
Sessions are scheduled at 15:00 UTC, but the day of the week varies. Please check your invite from Zoom for the correct time in your timezone, particularly as your local region may implement Daylight Saving Time.
Session Topics:
- September 21 - Securing BIND 9 with SELinux (RHEL) - watch the recording
- October 20 - Securing BIND 9 with AppArmor/Firejail/SecompBPF - watch the recording
- November 16 - Instrumenting BIND 9 on Linux with BCC/eBPF - watch the recording
- December 15 - DNS Fragmentation: Real-World Measurements, Impact, and Mitigations
Session 1
SELinux is an important security technology. While it can be used in every Linux system, the SELinux security policy is in practice only useable in Red Hat-based systems (RedHat EL, CentOS, Fedora, AlmaLinux …).
This webinar will explain the SELinux technology:
- How SELinux secures a BIND 9 DNS server
- How the Red Hat-supplied SELinux policies for BIND 9 work
- How users can adapt the SELinux Policy for BIND 9
- How to troubleshoot BIND 9 installations with SELinux
At the end of this webinar there will be an optional Hands-On Session.
Session 2
This webinar will look at alternatives to SELinux.
- AppArmor on Ubuntu/Debian
- Securing a BIND 9 Server with “Firejail”
- Introduction to Secomp/BPF “syscall Firewall”
- Restricting Syscalls with Secomp and systemd
- Hardening a BIND 9 installation with Systemd
At the end of this webinar there will be an optional Hands-On Session.
Session 3
Instrumenting BIND 9 on Linux with BCC/eBPF.
eBPF, the “extended Berkeley Packet Filter”, is a powerful technology to instrument the Linux Kernel and applications. It will probably replace the traditional Linux Firewall (netfilter/iptables/nftables) in the coming years, so if you are not using it yet, you should learn now.
eBPF tools and scripts can be used to gain insight into running processes, such as named. eBPF also provides valuable information for performance tuning on Linux. eBPF sees not only the network packets (like a traditional firewall), but also the syscalls and other kernel information. So it is possible to create richer firewall rules based on application data.
This webinar gives an introduction into the eBPF/BCC toolset and shows how to use the tools to inspect a running BIND 9 process. We will also discuss some security applications for eBPF, such as finding the source of suspicious queries or traffic on the network.
At the end of this webinar there will be an optional Hands-On Session.
Session 4
DNS Fragmentation: Real-World Measurements, Impact, and Mitigations
In this webinar, Carsten Strotmann will present the results of a study he is conducting (together with Roland van Rijswijk and Patrick Koetter) on DNS
fragmentation. Packet fragmentation is emerging as an area of concern because of the potential for attacks leveraging this functionality.
- How much DNS fragmentation is there in the Internet?
- DNS Fragmentation Attacks
- The issue with the older Linux Kernel versions in LTS Linux Distributions
- Mitigations against DNS fragmentation
Carsten Strotmann has 20 years of professional experience working in open source networking. He has delivered many webinars and training classes on open source solutions and DNS/DHCP/IPv6/Linux/Unix security. He also is the author of various articles on IT security topics in computer magazines.