This talk examines how DNS works and looks at a few ways in which DNS can be exploited. We will review the state of DNS security from an end user perspective and will examine ways in which you can effectively limit the disclosure of your online habits through securing the way your local DNS resolvers work. \nWe will also discuss common ways in which DNS data is being tracked and monitored, often without our knowledge. We will then lay out a foundational approach for building a DNS solution that can be used to both insure the accuracy and authenticity of DNS request results while protecting DNS data leaving our devices & networks from prying eyes. We will examine ways to baseline existing DNS traffic using a variety of simple tools including Wireshark, Packetbeat and Graylog.\nWe will then review some of the newer strategies available for securing DNS traffic and use some of those solutions to implement and monitor an easy to use DNS privacy solution that would completely hide all DNS data by TLS encrypting all DNS traffic and tightly controlling where and how that data becomes unencrypted on the Internet using VPN tunneling and Tor routed requests.\nThe ultimate goal would be the of a DNS system that completely controls all DNS traffic entering or exiting a network and provides assurance that you can be in complete control of who can see that data.\n
Currently a Senior Security Specialist at AppRiver, LLC., his team is responsible for global network deployments and manages the SecureSurf DNS infrastructure and the SecureTide spam & virus filtering platform, internal applications and security operations. He holds a CISSP certification and is well-versed in ethical hacking with more than 20 years experience.\n\nJim has presented at NolaCon, ITEN WIRED, BSides Las Vegas, BSides Atlanta, CircleCityCon, DEF CON, DerbyCon, BSides San Francisco and several smaller conferences. \n\nJim is a BSides Las Vegas senior staff member, on the ITEN WIRED Planning Committee and the president of the Florida Panhandle (ISC)2 Chapter.