Implicit Deny ALL for DNS Resolution
The Principle of Least Privilege (PoLP), also known as the principle of minimal privilege or the principle of least authority, requires a process or function must be able to access only the information and resources that are necessary for its legitimate purpose.
While the DNS has many flaws, its recursion "feature" is inherently a major security weakness. A recursive DNS lookup is where a DNS servers will attempt to find an an IP address for a fully qualified domain name.
Unlike Securd, DNS servers do not have any security feature to quickly modify allowed resolution to implicitly deny resolution.
In a critical incident or breach situation, you may be forced to immediately block, log and analyze all outbound DNS traffic across your enterprise endpoints and sites to rapidly contain an evolving threat. With Securd, you can flip a switch and immediately block all external resolution and mitigate an egress cyber threat.
Security Policy Default Actions
Allow Traffic - This is the default setting in a security policy. This allows all DNS queries to be performed and then they are processed by Securd, order of operations.
Block Traffic - This setting implicitly will drop all DNS traffic. Unless you specifically allow domains to be accessed in a policy list, DNS resolution will be blocked.
Updated about 1 year ago