Security

Higher Ed Security Org Uses DNS Database to Track Criminal Action

• By Dian Schaffhauser
• 05/26/17

An organization that provides security services to the research and education community at large has gone public with its adoption of a historic DNS database service. The Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) is working with DNSDB, a database with passive DNS data maintained by Farsight Security that enables security teams to view Internet infrastructure as it was at a certain point in the past.

REN-ISAC has two roles. It serves as a computer security incident response team that notifies higher education institutions about infected hosts and suspicious network traffic. The organization also runs a membership service giving colleges and universities access to a "private, vetted community" of information security professionals in research and higher ed. Currently, REN-ISAC has 554 member institutions.

Farsight Security is known for its real-time threat intelligence services. In 2013 it acquired assets of Passive DNS from the Internet Systems Consortium (ISC), including DNSDB. Farsight was founded by two DNS pioneers, including Paul Mockapetris, who, along with Jon Postel, invented the Internet Domain Name System. DNSDB currently maintains an indexed collection of 13 billion domain names. The database is used by security experts to uncover patterns of attacks and investigate how cyber criminals have entered, moved through and discarded related domains, IP addresses and name servers.

"Information security remains a top concern for higher education institutions," said Doug Pearson, REN-ISAC technical director, in a prepared statement. Calling Farsight Passive DNS an "important tool" in his organization's "security arsenal," Pearson added, "Threat actors increasingly are abusing the domain name system to gain a foothold into our member networks. As both a contributor and user of Farsight Security's DNSDB, REN-ISAC believes this technology plays a critical role in rapidly detecting and responding to malicious intent."