by Megan Daudelin
January 29, 2016
The Domain Name System (DNS) is an integral component in most modern networks. DNS facilitates the identification and access of services and devices across a network. Every domain relies on one or more DNS servers to assign and map domain names to hosts and services. A healthy DNS is essential to secure networks. SecurityCenter integrates with Nessus, the Passive Vulnerability Scanner (PVS), and the Log Correlation Engine (LCE) to monitor DNS for errors, vulnerabilities, and indications of compromise.
The DNS Summary dashboard monitors events and vulnerabilities related to DNS in the network. Specific plugins and events used to indicate whether vulnerabilities or errors are present. Details about specific vulnerabilities and events are included for review. Plugin IDs are used to filter for specific vulnerabilities and DNS detections. Events are listed by type with associated trend data. By monitoring DNS activity within the environment, security teams can more easily identify and remediate errors and vulnerabilities.
The components in the DNS Summary dashboard present vulnerabilities and events related to DNS issues. Tables list specific information about DNS servers, vulnerabilities, failed queries, and event types. Matrices present information about specific event counts and indicators of concern. Each component can be modified to focus on areas or hosts of particular concern. Organizations can use the information provided to better monitor the health and integrity of the DNS in their network.
This dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. This dashboard can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The dashboard requirements are:
- SecurityCenter 4.8.2
- Nessus 6.5.4
- PVS 4.4.0
- LCE 4.6.0
SecurityCenter Continuous View (CV) provides continuous network monitoring, vulnerability identification, risk reduction, and compliance monitoring. Nessus is continuously updated with information about advanced threats and zero-day vulnerabilities, and new types of regulatory compliance configuration audits. The Passive Vulnerability Scanner (PVS) performs deep packet inspection to enable discovery and assessment of operating systems, network devices, hypervisors, databases, tablets, phones, web servers, cloud applications, and critical infrastructure. The Log Correlation Engine (LCE) performs deep log analysis and correlation to continuously discover and track systems, applications, cloud infrastructure, trust relationships, and vulnerabilities. By integrating with Nessus, PVS, and LCE, SecurityCenter CV’s continuous network monitoring is able to detect systems and vulnerabilities across the enterprise.
This dashboard includes the following components:
- DNS Event Counts: The DNS Event Counts matrix displays the counts of various DNS events within the past seven days.
- DNS Servers: The DNS Servers table presents an IP summary of the DNS servers detected in the network.
- DNS Error Indicators: The DNS Error Indicators matrix shows whether specific DNS errors or alerts have been detected.
- DNS Event Trends: The DNS Event Trends table lists normalized events related to DNS by count.
- DNS Vulnerabilities: The DNS Vulnerabilities table lists the top 100 vulnerabilities related to DNS by severity.
- DNS Requests by TLD: The DNS Requests by TLD matrix displays the counts of DNS requests to several top-level domains (TLD) within the past 72 hours.
- Most Recent DNS Failed Client Queries: The Most Recent DNS Failed Client Queries table lists the 100 most recent client query failure events detected.