[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Questioning the wisdom of using DNS SRV records for TAXII 2.0 Discovery
Hi, y'all - While from an architectural perspective using DNS SRV records to support discovery in TAXII 2.0 is an elegant and obvious approach (cf. [0]), when viewed from the perspective of operational security things appear rather problematic. At the same time you're making it easy for the blue team to discover your TAXII gateway, you're simultaneously advertising it to the whole internet, including potential attackers. Using DNS SRV records *internally* within an organization makes sense but for public-facing discovery we should come up with an alternative that's less advantageous to the blackhats. [0]: https://taxiiproject.github.io/taxii2/rest-api/#dns-srv -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "No matter how hard you try, you can't make a baby in much less than 9 months. Trying to speed this up *might* make it slower, but it won't make it happen any quicker." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]