Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 7172 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS Security with Sophos

Deepak Verma

Domain Name System is wide open for attackers. Attacks using DNS often succeed because security teams lack basic visibility into how threats use DNS to maintain control of infected devices or steal data. Current approaches drown you in uncoordinated data from independent tools or require changes to DNS infrastructure. I hope you heard about DNS sinkhole, DNS tunneling, C&C, and DGA, etc.  Are you ready to protect your internal DNS server from all of those? If yes, how to configure Sophos XG firewall to protect DNS server?

 

Read Full Blog Post: http://www.routexp.com/2019/04/dns-security-with-sophos.html



This thread was automatically locked due to age.
  • 0

    Thank you for the article, but it would not be needed if the XG had a DNS proxy similar to the UTM. Yes, the XG has a DNS proxy.

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    In the mid-size network, you must have your own internal DNS server and You can't wait for twice DNS resolution as first your internal server will send a query to firewall and firewall will forward to the Google or other DNS server. It is really time-consume, slow browsing, and heavy load on the Sophos firewall. 

  • 0 in reply to Deepak Verma

    Hi Deepak,

    that would make the XG a poor design. The UTM DNS is a proxy which provides protection for the local servers.

    If you rely on google DNS then you will more than likely have errors, I have found them very slow to respond to requests. As well you need to make sure the XG is in the site lookup data flow otherwise your classification process does not work. Which is immediately followed by user complaints and errors in the reports.

    Ian

  • 0 in reply to rfcat_vk

    Hi,

    This will not true all the time. The Network Design may affect DNS traffic flow and you may right. I am not arguing on this point. But think about the "Pharming Protection" and remote clients. This is the only example but I can show you many reasons where it is not recommended.   

    How is Sophos XG proxy working? I hope we need to understand this basic question. I will get all the details.