Chapter 5. Maintaining Availability: A DNS-Based Approach
As previously noted, availability must be the highest priority in building a web application security strategy. To do business, your applications must be available to both your staff and your customers. Securing your Domain Name System (DNS) infrastructure is a critical first step to ensuring the availability of your enterprise applications and cloud services. DNS is a foundational piece for protecting availability. A thorough analysis of your DNS infrastructure and its ability to deliver on availability requirements should include building DDoS defenses, implementing a plan for active failover, and coordinating availability plans with your DNS server provider to assure performance and responsiveness. From there, you build up step by step to the application layer to provide both data availability and protection.
The reality is that most organizations don’t think about DNS availability until after an incident occurs. Often, organizations simply leave DNS management in the hands of their domain registrar without inquiring about the availability and reliability of the registrar’s DNS infrastructure. Yet DNS breaches and outages, aswell as slow DNS performance, can lead to customer dissatisfaction, a tarnished brand image, and revenue loss. As applications and resources become more distributed, addressing DNS at the edge becomes more important to ensuring a high-quality, consistent experience.
DDoS attacks ...