Скачать или смотреть #HITB2021SIN

Many cloud DNS providers including opendns, heimdal, dnsfilter, cloudflare, and quad9 offer dns filtering whereby questions or answers deemed dangerous are answered dishonestly. this constructive dishonesty is a valuable security feature, and one which the US government recommended universally in an announcement in March 2021.

However, managed private networks who use DNS as a control and monitoring point for cybersecurity can’t or won’t push their DNS service into the cloud. For them, a dns firewall called RPZ can be used to publish or subscribe to protective DNS filtering policy, which can be deployed locally using any open source DNS server, or any DNS appliance. in this talk, Dr. Vixie will cover the motives, methods, and context of on-premise protective DNS.

===

Dr. Paul Vixie is an internet pioneer. Currently, he is the Chairman, CEO and cofounder of award-winning Farsight Security, Inc. Dr. Vixie was inducted into the internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source internet software including BIND 8, and of many internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit internet infrastructure company (ISC, 1994), and the first neutral and commercial internet exchange (PAIX, 1991). In 2018, he cofounded SIE Europe UG, a European data sharing collective to fight cybercrime. Dr. Vixie earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.

Dr. Vixie is frequently invited to deliver keynotes at technology and business events around the world. He has presented at such events as Copenhagen Cybercrime Conference, FIRST, Palo Alto Networks IGNITE, RSA, Black Hat, DNS-OARC, SANS, Swiss Cyber Storm, and VirusBulletin.