What is DNS TAPIR? | DNS TAPIR
The DNS system is an integral part of the Internet infrastructure, and by its nature fully distributed, highly resilient and with no central point of control. It is also an old protocol with no security mechanisms at its core. This makes it ideal for abuse.
There are several security products available to counter threats in DNS. Threat intel usually comes from third party sources and internal research. The quality of that intel is used as a sales argument, which creates silos of information and partial, frequently disjoined protection from vendors, and research is focused on commercial value. This makes us all less secure. Government interests in this space tend to fall into intelligence gathering or regulation. The prior is not prone to sharing information whereas the latter lacks maturity and means of enforcement. The net effect is that threat actors and entities outside government jurisdiction remain completely unhindered, while law abiding citizens and entities incur even further administrative burdens and restrictions to little or no effect.
Research into DNS threats requires data. This is a tightrope balance between legitimate interest and privacy, and efforts are made to strengthen privacy controls within DNS. Privacy, however, is a double-edged sword, and unfortunately, individual privacy and security both received the dull edge. Malicious actors use privacy measures to hide and mask activities, some privacy mechanisms make more identifying information available to DNS providers doing data collection, while other mechanisms make those same data collection activities more difficult to monitor. Big data has fostered a ‘collect everything, sort it out later’-attitude and with the security threat landscape evolving rapidly, the temptation of ‘just in case’ over-collection and purpose creep is hard to resist. Frequent mishaps have eroded trust in both corporate and government data collection, as well as oversight and regulation.
