eBooks

OreillyMultiCloudFinalEBOOK

Learn all you need to know about email best practices, deliverability, and tools with email whitepapers and ebooks.

Issue link: https://hub.dyn.com/i/1119883

Contents of this Issue

Navigation

Page 47 of 57

San Francisco, London, and Tokyo, and a DNS request comes in from a location in Atlanta. A DNS provider that has traffic steering capabilities can direct that request to the datacenter in Miami. You can use these same techniques to identify potential new loca‐ tions in which to expand the cloud architecture. For example, if the DNS provider begins recording an increasing number of DNS requests from Morocco, and this is confirmed as a growing trend, it might be time to consider expanding to a cloud provider with a datacenter in Africa. Again, these capabilities are not inherently part of DNS and not all DNS providers support them. If your DNS provider does support them, these features can help to enhance the security and availability of your multicloud architecture. Secure Interaction with the DNS Provider DNS providers can offer web applications an extra layer of security. But you need to be aware of the threat of DNS hijacking. It's such a big problem that ICANN issued a warning about the threat. It's important to use DNS to add a layer of security to cloud infrastruc‐ ture. But organizations should also be sure to secure communica‐ tion with DNS providers. Take the following precautions immediately for every domain currently registered by your organi‐ zation: • Catalog all of the domains that the organization has registered. • Add two-factor authentication with registrars. • Lock domains so that they can't be transferred or updated. • Enable Domain Name System Security Extensions (DNSSEC) for all of your domains. • Test regularly to ensure security procedures are followed. Domain registrars should be considered part of your potential attack surface, so be sure to take steps to keep domains safe. Bot Management Organizations running public-facing web applications have undoubtedly run into problems with bots. Bots are programs that 42 | Chapter 4: Multicloud Security Use Cases

Articles in this issue

view archives of eBooks - OreillyMultiCloudFinalEBOOK