Name: Route 53 Support for DNSSEC
Uploaded: 2021-03-12T00:33:53Z
Duration: 70
Description: DNS attacks are fairly common because DNS was not designed with security at the center.

Route 53 Support for DNSSEC

DNSSEC Signing in Amazon Route 53

DNS attacks are fairly common because DNS was not designed with security at the center. In a DNS attack, the attacker exploits the communication between clients and servers. Amazon’s DNS web service, Route 53, provides DNSSEC signing to combat the inherent vulnerabilities in DNS. The DNSSEC feature in Route 53 enable DNSSEC signing for all existing and new public hosted zones, as well as DNSSEC validation for Amazon Route 53 Resolver. This validates that a DNS response coming from Amazon Route 53 and has not been tampered with.

To learn more, visit the AWS documentation for configuring DNSSEC signing in Amazon Route 53.

Transcription

DNS is the target of many attacks. If an attacker can undermine the reliance we place on DNS to ensure that we have ended up on a verified website because of the URL that we’ve put in and it has not passed us over to some malicious server somewhere over in another country, then we just can’t trust what we’re doing on the web. That’s why DNSSEC is a very important service to utilize and now Amazon Route 53 supports the use of DNSSEC. You are able to enable it so that Route 53 cryptographically signs your hosted zone and it ensures that the data origin authentication and data integrity verification is occurring, so we can be assured the session has not been tampered with in transit. Be sure to look into this today to ensure you are utilizing this important service.

Route 53 Support for DNSSEC

Related Videos

Basic Tools for AWS Security

Cloud Attacks on the Rise

Do All Keys Have Resources Attached?

Enable Role Based Access Control (RBAC) for Azure Key Vault

Encrypt Kubernetes Secrets Using Keys

Encrypting Traffic In and Out of AWS

Encryption Decisions for Your Technology Stack

Encryption Opportunities

Encryption for EBS Volumes

Encryption for S3 Buckets

Enforce Separation of Duties When Assigning KMS Related Roles

Enforcing Strong TLS Ciphers

Ensure KMS Cryptokeys Are Not Publicly Accessible

Ensure Use of CMKs for Unattached Disks' (CMK)

Ensure that Virtual Hard Disks Are Encrypted

Ensure that an Expiration Date Is Set for All Keys in Non-RBAC Key Vaults

Ensure that an Expiration Date Is Set for All Secrets in Non-RBAC Key Vaults

Ensure the Key Vault Is Recoverable

Events that Drive Key Rotation

FAQs for Amazon S3 Security

How to Configure Encryption for EBS Volumes on Existing EC2 Instances

How to Configure Encryption for EBS Volumes on New EC2 Instances

How to Configure Encryption for RDS

How to Configure Encryption for S3 Buckets

Install Endpoint Protection for All Virtual Machines

Introduction to Amazon Inspector

Key Rotation and Management

Load Balancers Must Require TLS 1.2

Only Install Company-Approved Extensions on Your Virtual Machines

PCI Requirement 3.1 - Keep Cardholder Data Storage to a Minimum

PCI Requirement 3.2 - Do Not Store Sensitive Authentication Data After Authorization

PCI Requirement 3.3 Mask PAN when Displayed

PCI Requirement 3.4 Render PAN Unreadable Anywhere it Is Stored

PCI Requirement 3.4.1 Logical Access Management

PCI Requirement 3.5 Document & Implement Procedures to Protect Keys

PCI Requirement 3.5.1 Maintain a Documented Description of The Cryptographic Architecture

PCI Requirement 3.5.2 Restrict Access to Cryptographic Keys

PCI Requirement 3.5.3 Store Secret and Private Keys Used to Encrypt/Decrypt Cardholder Data

PCI Requirement 3.5.4 Store Cryptographic Keys in The Fewest Possible Locations

PCI Requirement 3.6 Document & Implement all Key-Management Processes & Procedures

PCI Requirement 3.6.1 Generation of Strong Cryptographic Keys

PCI Requirement 3.6.2 Secure Cryptographic Key Distribution

PCI Requirement 3.6.3 Secure Cryptographic Key Storage

PCI Requirement 3.6.4 Cryptographic Key Changes at Cryptoperiod Completion

PCI Requirement 3.6.5 Replacing Weakened Keys

PCI Requirement 3.6.6 Using Split Knowledge & Dual Control

PCI Requirement 3.6.7 Prevention of Unauthorized Substitution of Cryptographic Keys

PCI Requirement 3.6.8 Key-Custodian Responsibilities

PCI Requirement 3.7 Security Policies & Operational Procedures

PCI Requirement 4.1 – Use Strong Cryptography & Security Protocols to Safeguard Sensitive CHD

PCI Requirement 4.1.1 – Ensure Wireless Network Transmitting CHD Use Strong Encryption

PCI Requirement 4.3 – Ensure Security Policies and Procedures are Known to all Affected Parties

PCI Requirements 3.2.1, 3.2.2, & 3.2.3 Do Not Store Tracks, Codes, or PINs After Authorization

Preventing Public Accessibility on DB Instances

Re-Keying for Decryption

Requirement 4 - Encrypt Transmission of Cardholder Data Across Open, Public Networks

Requirement 4.2 – Never Send Unprotected PAN by End-User Technologies

Rotate KMS Encryption Keys Regularly

Set Expiration Date for All Keys in RBAC Key Vaults

Set Expiration Date for All Secrets In RBAC Key Vaults

Take Advantage of Automatic Key Rotation within Azure Key Vault

The AWS Shared Responsibility Model

Use CMEK To Secure GKE Storage

Using AWS KMS

Using Prowler to Evaluate AWS Security

Using S3 Versioning

Using TLS 1.2 to Encrypt Data in Transit

Utilize CMKs for OS and Data Disks