 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- > bounces+blu=nedharvey.com at blu.org] On Behalf Of Chris O'Connell > > Hide is perhaps not the right word. Obscure may be better. I want to make sure we all got this straight - Including me. DNSENUM.pl is a script that you run when you're "an outsider." You can't login to the DNS servers because you're not authorized; you're not the IT person in charge of DNS for the company. You don't know anything about the company, you are an outsider, you want to find the company's stuff. I therefore conclude, the only thing the script can possibly be doing is (a) guessing commonly used names, such as "www" and "vpn" and "_ldap" and stuff. and (b) perform reverse lookups on the IP's, and neighboring IP's, to try and discover more names. Perform port scans and web searches and TCP probes and similar stuff to try and discover more names. So if you want to obscure your stuff from outsiders performing that kind of scan, you need to do precisely three things: Use weird names, like "securesrv7.company.com" instead of "vpn.company.com" and Eliminate reverse pointers and Deploy intelligent firewalls and IPS at the perimeter that will detect such port scans, block them, and modify data in transit for successful connections to obscure the names and stuff like that. Deep packet inspection, IPS, antivirus, etc. If you do this, then the silly perl script on the outside won't be able to find jack. But there are certain things you *can't* change. You're not going to eliminate "www.company.com" and you're not going to remove the MX record from "company.com" and so on. But I think you're wasting time. Cuz if you have a VPN server (for example) outside and you think changing the DNS name improves security at all, it means you don't know much about security. If you take it for granted that some of your most important stuff (www and MX) cannot be obscured in DNS without breaking your whole company, it means you have to harden your externally facing systems. Which you need to do anyway. If you want to improve security, put your efforts into hardening and isolating the machines, applying updates and bugfixes, and layering on IPS/IDS and multi-factor authentication and stuff like that. Read the security benchmarks on http://www.cisecurity.org/ A several-hundred page long checklist of vulnerabilities you need to close before you call your system "hardened" and worthy of facing the internet.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
