摘要
针对DNS协议安全设计缺陷,文章对终端设备本地hosts缓存重定向技术、终端设备应用层DNS代理技术、操作系统内核驱动层DNS阻断技术进行了深入研究,提出了终端设备DNS协议安全设计缺陷代偿技术模型。该模型不仅能从终端设备操作系统底层拦截DNS域名解析请求数据包,还能联动威胁情报。经验证,它能在不影响用户正常体验的前提下对恶意域名进行准确识别和首包拦截,从而满足各行业的企、事业单位员工及供应链人员对终端设备的安全管理需求。
Aiming at the security design defects of DNS protocol,this paper deeply studies the local hosts cache redirection technology of terminal devices,DNS proxy technology of terminal devices application layer and DNS blocking technology of operating system kernel driver layer,and puts forward a compensation technology model of DNS protocol security design defects of terminal devices.This model can not only intercept DNS domain name resolution request packets from the underlying operating system of terminal devices,but also link threat intelligence.After verification,it can accurately identify and intercept malicious domain names without affecting the normal user experience,thus meeting the security management needs of terminal devices for employees and supply chain personnel in various industries.
作者
颜颖
廖周缘
YAN Ying;LIAO Zhouyuan(Information Center of Yunnan Power Grid Co.,Ltd.,Kunming 650000,China)
