Your browser has JavaScript turned off.
You must turn it on to proceed.










NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8118

Number 9-8-8118
Priority Critical
Description Protect Against DNS (Domain Name System) Distributed Denial of Service: Service Providers and Network Operators should provide DNS DDoS protection by implementing protection techniques such as: 1) Rate limiting DNS network connections 2) Provide robust DNS capacity in excess of maximum network connection traffic 3) Have traffic anomaly detection and response capability 4) Provide secondary DNS for back-up 5) Deploy Intrusion Prevention System in front of DNS.
Network Type(s) Cable; Internet/Data; Satellite; Wireless; Wireline
Industry Role(s) Service Provider; Network Operator
Keyword(s) Cyber Security;Disaster Recovery;Emergency Preparedness;Intrusion Detection;
Reference/Comments RFC-2870, ISO/IEC 15408, ISO 17799,US-CERT "Securing an Internet Name Server" (http://www.cert.org/archive/pdf/dns.pdf).