Kindle Price: $14.99

Promotions apply when you purchase

These promotions will be applied to this item:

Some promotions may be combined; others are not eligible to be combined with other offers. For details, please see the Terms & Conditions associated with these promotions.

Read with our free app
You've subscribed to ! We will preorder your items within 24 hours of when they become available. When new books are released, we'll charge your default payment method for the lowest price available during the pre-order period.
Update your device or payment method, cancel individual pre-orders or your subscription at
Your Memberships & Subscriptions

Buy for others

Give as a gift or purchase for a team or group.
Learn more

Buying and sending eBooks to others

  1. Select quantity
  2. Buy and send eBooks
  3. Recipients can read on any device

These ebooks can only be redeemed by recipients in the US. Redemption links and eBooks cannot be resold.
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the authors

Ross Gibson J.D.
+ Follow
Joshua M Kuo
+ Follow
See all
Something went wrong. Please try your request again later.

The Hidden Potential of DNS In Security: Combating Malware, Data Exfiltration, and more - The Guide for Security Professionals Kindle Edition

by Joshua Kuo (Author), Ross Gibson (Author) Format: Kindle Edition
4.8 4.8 out of 5 stars 45 ratings
See all formats and editions

DNS is a foundational element of network communications. It’s also the starting point for countless cyberattacks. Threat actors abuse DNS to install malware, exfiltrate data, and perpetrate malware threats. Cyber threats that leverage DNS are widespread, sophisticated, and rapidly evolving. DNS is used by over 90 percent of malware and in an ever-growing range of pernicious attacks.

However, despite its vulnerabilities, DNS can unlock a hidden world of security capabilities that can help protect today’s highly distributed and cloud-integrated networks. The Hidden Potential of DNS in Security reveals how attackers exploit DNS and how cybersecurity professionals can proactively use DNS to turn the tables and mitigate those threats.
Knowing how to leverage the protective capabilities of DNS can give you an unprecedented head start in stopping today’s advanced cyberthreats. This book gives you that knowledge.

Written specifically for security practitioners, and including real-world case studies, this book offers a thorough yet easy-to-digest understanding of today’s most urgent and potentially damaging DNS-based cyberthreats, how to mitigate them, and how to leverage your DNS infrastructure to further your security mission. In it, you will discover:

  • Why DNS is inherently vulnerable and why knowledge of DNS is now crucial for security teams
  • How malware uses DNS to avoid detection and communicate with command-and-control (C2) infrastructure
  • How threat actors leverage DNS in executing a broad array of attacks involving look-alike domains, domain generation algorithms, DNS tunneling, data exfiltration, and cache poisoning
  • What DNSSEC is (and is not) and how it works
  • How recently emerging encrypted DNS standards can impact security controls, along with the security advantages they can provide
  • How DNS can be leveraged in Zero Trust architectures
  • How you can improve your security posture using the DNS infrastructure you already have
Read more Read less
Previous page
  1. Print length
    237 pages
  2. Language
    English
  3. Sticky notes
    On Kindle Scribe
  4. Publication date
    August 2, 2023
  5. File size
    8707 KB
  6. Page Flip
    Enabled
  7. Word Wise
    Not Enabled
  8. Enhanced typesetting
    Enabled
  9. See all details
Next page
Add a debit or credit card to save time when you check out
Convenient and secure with 2 clicks. Add your card

Customers who bought this item also bought

Page 1 of 1 Start overPage 1 of 1
Previous page
  1. DNS and BIND: Help for System Administrators
  2. Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
  3. PowerShell Automation and Scripting for Cybersecurity: Hacking and defense for red and blue teamers
  4. Microsoft Certified Azure Fundamentals All-in-One Exam Guide (Exam AZ-900)
  5. Cyber Threat Intelligence Field Manual (CTI FM): For Decision-Makers, Analysts, and Operators across All Industries
  6. Python for Security and Networking: Leverage Python modules and tools in securing your network and applications
Next page

Product details

  • ASIN ‏ : ‎ B0CDNYJJ9P
  • Publication date ‏ : ‎ August 2, 2023
  • Language ‏ : ‎ English
  • File size ‏ : ‎ 8707 KB
  • Text-to-Speech ‏ : ‎ Enabled
  • Screen Reader ‏ : ‎ Supported
  • Enhanced typesetting ‏ : ‎ Enabled
  • X-Ray ‏ : ‎ Not Enabled
  • Word Wise ‏ : ‎ Not Enabled
  • Sticky notes ‏ : ‎ On Kindle Scribe
  • Print length ‏ : ‎ 237 pages
  • Customer Reviews:
    4.8 4.8 out of 5 stars 45 ratings

About the authors

Follow authors to get new release updates, plus improved recommendations.
Previous page
  1. Ross Gibson J.D.

    Ross Gibson J.D.

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Ross Gibson, J.D. is currently a Principal Solutions Architect / Global SME for Infoblox, Inc., where he focuses on DNS security, DNS architecture, global server load balancing (GSLB), DHCP architecture, and IP address management. He holds a B.S. in Commerce from the University of Virginia, and a Juris Doctorate from the University of Richmond School of Law. He brings more than 20 years of experience in the networking industry along with his legal training and experience to his current role. Ross and his wife, Jenn, and their sons Pierce and Evan live in Richmond, Virginia with their Labrador, Aspen. When he and Jenn aren’t busy cheering on their boys at baseball games and concerts, he enjoys playing and recording music as well as cooking barbecue and pizza.

    See more on the author's page
  2. Joshua M Kuo

    Joshua M Kuo

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Joshua M. Kuo (郭孟謙) dreamed of becoming a novelist growing up in Taiwan but ended up studying computer science in Hawaii. He has been working in the technology field since the late 1990s, wearing many different hats in areas of programming, system administration, network architecture, information security, technical training, and consulting. Josh is passionate about sharing what he knows with others around him, sometimes a little too much. When not preaching about DNS and technology as the Senior Educator at Infoblox, Josh enjoys spending time with his young children, cooking in his kitchen and backyard, and reading about obscure topics in history (such as the history of circus, cod, and the measurement system). Josh currently lives in North Carolina with his family.

    See more on the author's page
Next page

Customer reviews

4.8 out of 5 stars
4.8 out of 5
45 global ratings
Go on an adventure with the book's authors in the land of DNS security
5 Stars
Go on an adventure with the book's authors in the land of DNS security
A great book that takes you by the hand and leads your through the topic of DNS security – not how to do everything – but the basic understanding of topics, techniques, and mitigation with a springle of real-world examples. The book is aimed at professionals that want a better understanding of DNS threats and how to combat them.You can either read the book from the beginning to the end or find the topics you are most interested in. If you read from the beginning to the end the authors of the book are holding your hand along the way as you discover the new topics, but if you want to start at a specific topic, you can find it quickly in the back of the book where you will find the section ‘This Book at a Glance’.The chapters cover a wight variety of topics and even though I have been working with DDI solutions for over 10 years there is still new things to learn about here and there. One of the great things if you buy this book is that you now have a reference work that you can go back and look at to be sure way you are making the claims that you are. There is links to reports from well reputed organizations and examples on why you still need to think about things like DNSSEC and Domian Hijacking.I got new perspectives on stub resolver security, DNS cookies and zero trust architecture. Topics I can explore even more.It is a book you can use as a base foundation to have an elaborate talk about an enterprises DNS security infrastructure.
Hide
Thank you for your feedback
Sorry, there was an error
Sorry we couldn't load the review

Top reviews from the United States

Stephen C Makousky
5.0 out of 5 stars Easy to read and understand; a must have for your bookshelf
Reviewed in the United States on July 24, 2023
Verified Purchase
The book first outlines DNS fundamentals from a security perspective, elucidating key capabilities like request analysis, logging, and response policy zones. It then dives into pragmatic techniques to weaponize DNS, from securing connections to foiling data exfiltration.

A major highlight is using DNS to block command and control of botnets and malware. The book shines in demonstrating real-world implementations like detecting tunnels or sandboxing unverified links. Helpful diagrams visualize complex architectures simply.

It tackles modern issues like DDoS, phishing, and cloud security with DNS-centric solutions. The book is masterful in highlighting overlooked DNS features that can amplify defenses.

While packed with technical detail, it aptly summarizes need-to-know takeaways for time-strapped professionals. Readers will come away with a holistic methodology to incorporate DNS into their broader security strategy. For any IT leader looking to future-proof defenses, this book is a seminal guide.

With threats evolving, every cybersecurity team needs to exploit DNS as an advanced safeguard. This is the definitive handbook on the topic with actionable guidance. I highly recommend security engineers, CISOs and professionals add this invaluable book to their shelf.
3 people found this helpful
Helpful
 Report
Crash
5.0 out of 5 stars Timely and relevant.
Reviewed in the United States on July 24, 2023
Verified Purchase
Nearly all modern exploits involve DNS at some point, making it a key part of the kill chain for those trying to protect their environment. However, DNS is also an inherently insecure protocol, which can be abused in a multitude of ways.

This book clearly describes those methods of abuse, with numerous real-world examples of those who have fallen victim to them, and ways to avoid being added to that list. For those of us who have not really looked at DNS since college (that's probably you, admit it!), this is a fantastic refresher. However, it also covers many areas of DNS security that you probably never knew, even if you are a cybersecurity professional.

It is NOT a 'DNS 101' or a 'how to' book. It is, however, written clearly enough for anyone to benefit from, even total beginners.

This book is fantastic! It should be read and re-read by anyone involved in cybersecurity.
3 people found this helpful
Helpful
 Report
ed hunter
5.0 out of 5 stars Discusses an important (often neglected) aspect of Infrastructure Security
Reviewed in the United States on September 4, 2023
Verified Purchase
Well written and seemed targeted towards Information Security Professionals rather than Network Administrators. Good coverage of the various security aspects of a modern DNS implementation, and provides pointers on what you should check in your infrastructure, and what should be added to your roadmap.
Helpful
 Report
Victor D.
5.0 out of 5 stars Essential for SecOPS staff
Reviewed in the United States on August 1, 2023
Verified Purchase
The Hidden Potential of DNS in Security is a rare type of book that breaks down how an overlooked and misunderstood network protocol works. The book is intended for CISO and SecOPS staff who want to understand how DNS can be used by bad actors and what you can do about it in a simple and easy to understand way. The book starts with understanding some basic DNS concepts, and builds on how those concepts are exploited, and in later chapters walks you through what to do to reduce risk.
One person found this helpful
Helpful
 Report
Anthony C.
4.0 out of 5 stars Quick primer on DNS security and vulnerabilities
Reviewed in the United States on August 18, 2023
Verified Purchase
The authors did a good job in covering the various areas of vulnerabilities in the DNS protocol and how to mitigate them. They included brief backgrounds on several DNS foundational concepts and business practices involved in establishing DNS registrations. Concepts were described concisely, albeit somewhat too brief in my opinion. I would have liked some more examples of both real life hacks as well as mitigation techniques. A bit more in depth explanations of the variations in vulnerabilities would have been nice too. Overall it was a good read and handy reference to pick up on the broad topic of DNS security.
One person found this helpful
Helpful
 Report
MadisonKelleyMason,LLC
5.0 out of 5 stars Simple and informative
Reviewed in the United States on August 8, 2023
Verified Purchase
Well written book. I'm not technical yet I still found the content easy to understand. You'll learn about mitigating risks of DNS exploitation. Any cybersecurity pro should have this in their collection or anyone interested in getting into this space. Well done!
Helpful
 Report
JWPerkins
5.0 out of 5 stars DNS: An Attack Vector and Resource
Reviewed in the United States on August 2, 2023
Verified Purchase
Information Security professionals will enjoy the ability to see how DNS can be used as an attack vector by threat actors while also gaining an understanding of how DNS can be leveraged to improve their overall security posture. Detailed information along with examples provide a simplistic manner of translating the information to the reader in a method that is easy to understand and apply within almost any industry! A must read for anyone interested in DNS and security!
One person found this helpful
Helpful
 Report
Kasper Hillestrøm
5.0 out of 5 stars Go on an adventure with the book's authors in the land of DNS security
Reviewed in the United States on October 11, 2023
Verified Purchase
A great book that takes you by the hand and leads your through the topic of DNS security – not how to do everything – but the basic understanding of topics, techniques, and mitigation with a springle of real-world examples. The book is aimed at professionals that want a better understanding of DNS threats and how to combat them.

You can either read the book from the beginning to the end or find the topics you are most interested in. If you read from the beginning to the end the authors of the book are holding your hand along the way as you discover the new topics, but if you want to start at a specific topic, you can find it quickly in the back of the book where you will find the section ‘This Book at a Glance’.

The chapters cover a wight variety of topics and even though I have been working with DDI solutions for over 10 years there is still new things to learn about here and there. One of the great things if you buy this book is that you now have a reference work that you can go back and look at to be sure way you are making the claims that you are. There is links to reports from well reputed organizations and examples on why you still need to think about things like DNSSEC and Domian Hijacking.

I got new perspectives on stub resolver security, DNS cookies and zero trust architecture. Topics I can explore even more.

It is a book you can use as a base foundation to have an elaborate talk about an enterprises DNS security infrastructure.
Customer image
Kasper Hillestrøm
5.0 out of 5 stars Go on an adventure with the book's authors in the land of DNS security
Reviewed in the United States on October 11, 2023
A great book that takes you by the hand and leads your through the topic of DNS security – not how to do everything – but the basic understanding of topics, techniques, and mitigation with a springle of real-world examples. The book is aimed at professionals that want a better understanding of DNS threats and how to combat them.

You can either read the book from the beginning to the end or find the topics you are most interested in. If you read from the beginning to the end the authors of the book are holding your hand along the way as you discover the new topics, but if you want to start at a specific topic, you can find it quickly in the back of the book where you will find the section ‘This Book at a Glance’.

The chapters cover a wight variety of topics and even though I have been working with DDI solutions for over 10 years there is still new things to learn about here and there. One of the great things if you buy this book is that you now have a reference work that you can go back and look at to be sure way you are making the claims that you are. There is links to reports from well reputed organizations and examples on why you still need to think about things like DNSSEC and Domian Hijacking.

I got new perspectives on stub resolver security, DNS cookies and zero trust architecture. Topics I can explore even more.

It is a book you can use as a base foundation to have an elaborate talk about an enterprises DNS security infrastructure.
Images in this review
Customer image
Customer image
2 people found this helpful
Helpful
 Report

Top reviews from other countries

mahesh
5.0 out of 5 stars Best Book on DNS Communication and Security
Reviewed in Canada on January 16, 2024
Verified Purchase
Hi,

This Book is Great for DNS Security. If anyone want to protect their Environment and need visibility on traffic then this book is for them. Learned so many new things on DNS Security and DNS Communication by reading this book.

I will highly recommend this book to those who are responsible for Network and Cyber Security. As DNS is often neglected but after reading this book you will know how important DNS is.

Great work By Authors on Writing this book.
Report
Jonas
5.0 out of 5 stars Great!
Reviewed in Sweden on November 20, 2023
Verified Purchase
Great book for everyone interested on the subject or professionals in the field!
Report
Mariusz K.
5.0 out of 5 stars A must-read for DNS Security Professionals
Reviewed in Poland on August 31, 2023
Verified Purchase
I found the book on DNS security incredibly insightful. It effectively demystifies the complex world of DNS security and offers practical solutions to protect against threats. Great job Joshua and Ross!
Report
Sumanth
5.0 out of 5 stars Securing DNS
Reviewed in India on August 18, 2023
Verified Purchase
An excellent compilation of different potential security threats with DNS and the mitigation steps for each of these potential threats. The content is well organised and is easy to follow. It is not an admin guide or an user guide, however the authors carefully curated the content and added real life
threats that most of us would have encountered. Highly recommend this for anyone who deals with DNS domain registration, dns management teams, security teams…etc.

I wish infoblox publishes many more books in future and improve the awareness of DNS management and I appreciate the efforts of the authors in compiling this book.
Report
Dark Newt
5.0 out of 5 stars A great introduction to the contribution DNS can make to Security:
Reviewed in the United Kingdom on August 5, 2023
Verified Purchase
The Hidden Potential of DNS in Security:
By Josh M. Kuo and Ross Gibson, J.D.

Before I get into my review, it’s worth noting a few things, I have had the pleasure of being trained by Josh, and subsequently have had many discussions on DDI (DNS DHCP IPAM) and DNS security. He is an interesting person to work with and he is always willing to explore different points of view and approaches, I also got to read some of the drafts for this book and played guinea pig for some of his courses, so I am probably a little biased but I have done my best to be subjective!

Vendor Agnostic:

One of the things I like about Infoblox is their investment into the DDI community overall, for example they have released several training courses aimed at giving people a “vendor agnostic” background to DDI theory and practice, and they are regularly giving people free access to these courses so if your just starting out in the field, or a technical manager who wants to gain a solid grounding in DDNS, DHCP, IPAM and DDI security it’s a great way to start.

I don’t know many organisations that provide this kind of Vendor Agnostic information, I guess it comes from the confidence in their own products.

I can say from the outset that the book follows the same principles of being a vendor agnostic look at the potential of DNS in security and not an “Infoblox sales vehicle” if that’s a concern.

Approach:
Imparting knowledge, at least worthwhile knowledge can be difficult and it is a challenge to impart complex technical knowledge in an easy to understand format. I think the approach to the book shows significant work has been put in to allow the reader to absorb the contents and understand both context and possible application in their own environment.

For the reader, you will find an introduction to the various topics, that then allows you to move to the case studies/examples with the pre-requisite knowledge.

Don’t expect an in-depth DDI primer or how to, that’s not the purpose of the book, but it does do what it says on the tin and open the reader up to the potential of DNS in security.

Contents:
Contrary to common misconceptions in the IT industry, DDI is not a simple thing, it has evolved and it is both complex but if standards are followed, resilient and stable, it has to be no modern network or indeed the internet would function without it.
In terms of security the book will surprise many in that it makes it clear that out of the box DNS is insecure.
The topics move through various relevant subjects such as DNS and Malware, Lookalike Domains, DNS tunnelling, DNSSEC. The best part for me however? There is a chapter dedicated to Encrypted DNS, something I have been spending a lot of time on, and the book does a great job of providing an introduction to it, something I would personally have bought the book just to read, and would recommend anyone with DDI responsibility or in their Job Description to get a handle on now..

Some other topics of note are DNS attacks against Clients, DNS and Zero Trust Architecture (possibly my second favourite chapter).
The final chapter “Conclusion” lists eight ways to fight DNS Insecurity, again if you have any DNS/DDI/Security responsibilities in you Job Description, and you read the book, you should be thinking, “what am I doing about this”, or at the very least putting those questions onto your roadmap.

Overall:

Overall it’s a great book and I recommend it, so whether your starting out, have inherited some DDI/DNS responsibility or you are security professional, technical manager I would recommend this, there isn’t another title out there afaik that brings these topics together cohesively so it’s a great way to start.
It's now sat on my shelf with some of the other, “formative” DDI books I have had the pleasure of reading.
Report
Report an issue

Does this item contain inappropriate content?
Report
Do you believe that this item violates a copyright?
Report
Does this item contain quality or formatting issues?
Report