DNS Sinkholing to Reduce Network Compromises

Wednesday, May 16 | 2:00PM–3:00PM | Meeting Room 103/104
Session Type: Professional Development
Large university networks are often decentralized as a result of organic growth and federation between schools. These environments therefore tend to lack centralized network security controls, which makes mitigating threats difficult. Antivirus software and patching aren't enough to protect clients from zero-day threats, polymorphic malware, and malicious third-party ads hosted on otherwise legitimate websites. We'll compare and contrast two different implementations of a DNS sinkhole, which ultimately led to a minimum 70% reduction in compromises at two different universities. Attendees will come away with a firm understanding of two different DNS sinkhole implementations, with quantitative evidence of their effectiveness, and with a model for handling privacy concerns.

Presenters

  • Brandon Dixon

  • Melissa Muth

    Security Architect, University of Pennsylvania

  • Matthew Wollenweber

Resources & Downloads

DNS Sinkholing Slide Deck
4 MB, PDF
Uploaded on 03/13/2015
speaker notes for Penn slides
2 KB, Text file
Uploaded on 09/08/2013
Github URL for Penn SafeDNS
32 KB, Off-site resource
Uploaded on 06/05/2012