Why does DNS security feel like a never-ending story?

Think about the complexity associated with failover zones, multilevel networking combined with a variety of different security tools, controls and software which use that environment all abstracted from the hardware. I used to think a bad JLL or a bad NIC card was a problem but I can't even imagine the complexity buried in a Google, Microsoft or Salesforce environment. When I was head of infrastructure at a biotechnology company, a network outage occurred on the campus. The first problem was that when they built the campus network, Cisco was the advisor on what to buy and how much to buy for every building. Every building got 4 times the switch it needed with all of the extra accoutrements—accelerators, an extra supervisor—which were unnecessary. We began having this problem in a couple of buildings where certain people couldn’t access their file systems online. Other people can't access the internet. Some people are having no problems at all. It's a widespread but intermittent issue that differs from customer to customer. It took us 2 hours to find out that it was a problem with the accelerator card in the network switch which created that behavior.

Anonymous Author
Think about the complexity associated with failover zones, multilevel networking combined with a variety of different security tools, controls and software which use that environment all abstracted from the hardware. I used to think a bad JLL or a bad NIC card was a problem but I can't even imagine the complexity buried in a Google, Microsoft or Salesforce environment. When I was head of infrastructure at a biotechnology company, a network outage occurred on the campus. The first problem was that when they built the campus network, Cisco was the advisor on what to buy and how much to buy for every building. Every building got 4 times the switch it needed with all of the extra accoutrements—accelerators, an extra supervisor—which were unnecessary. We began having this problem in a couple of buildings where certain people couldn’t access their file systems online. Other people can't access the internet. Some people are having no problems at all. It's a widespread but intermittent issue that differs from customer to customer. It took us 2 hours to find out that it was a problem with the accelerator card in the network switch which created that behavior.
1 upvotes
Anonymous Author
You should know DNS issues are coming and nobody's figured out a great way to handle that yet. We've been doing phased cut overs with people to single sign on with our Office 365. We'd been doing them in batches and the person who was scheduled that night had some emergency and wanted to be pulled off that migration list. So I sent somebody a note on Teams and then called them. Then I called my CTO and Deputy CIO separately. After that I sent an email blast and 20 minutes later I finally found the right person to start the process. We had it solved within 45 minutes, but I paused and said, “If this were a real emergency or true outage, what is our process? What would we have done? Because this wasn't the real test.”
3 upvotes
Anonymous Author
DNS Security is a moving target based on current security threats. It should be part of your overall strategic security plan. It shouldn't be thought of as a separate security issue.
3 upvotes