Essay on DNS Monitoring-Enabling Users to Connect to Websites Easily

DNS (Domain Name Service) is typically an internet service which translates domain names into internet protocol addresses, the numerical label given to each device that is connected to an internet device network. DNS monitoring always utilizes the network monitoring tool to determine the connectivity between the client's local recursive servers and the authoritative name. The primary reason why DNS monitoring might be used is to enable users to connect to websites or a website. Keeping the performance of DNS at a practical level is mandatory for most companies that depend on the internet for operations. On the other hand, Kibana is a dashboard of precise visualization data for Elasticsearch. This offers visualization abilities on top the index topped on a cluster of Elastic search (Jin, Tomoishi & Yamai, 2019).

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

To monitor your DNS, you need an application monitor and SolarWinds server, site24x7 domain name service monitoring, Atera, dotcom monitor, Nagios XI, manager applications manager's engine, and lastly, p trends. DNS makes the use of the internet much easier for humans by enabling them to request a friendly name like tindrasgrove.com and then translates it into a PC friendly IP Address, for example, 146.66.99.37. It also eases internet use for malware (Jia & Han, 2019).

Currently, beginning with a Wireshark of 3.0 Orc1, the Tshark is now able to produce some Elasticsearch mapping files through an option of -G elastic-mapping. For the security analysts and administrators of networks, the essential capabilities rely on packet capture as well as analysis. The ability to evaluate every piece of payload and metadata which went over the wires presents critical visibility to help monitor systems, detect anomalies and debugs issues. Packet capture could be an advertisement hoc utilized in debugging a particular issue. For such a case, only one server may be captured for a particular period. Or it could be extensive, for instance, making use of a network tap from outside to monitor all traffic. In contrast, network alone is transmitted in binary format with each packet containing several distinct fields; thus the use of proper tools could be parsed into numeral, timestamps, text, IP address, among others. All this information can be kept in Elasticsearch and studied, visualized and searched in Kibana (Thompson, 2020).

The architecture of any network data pipeline consists of many steps, as summarized in the figure below. First, we have the packet capture, which records the packet traffic on any network. Secondly, protocol parsing which involves parsing out of various network fields and protocols, and thirdly, search and visualize that is, detailed exploration and aggregation of data (Thompson, 2020).

To transform the data before they are indexed into Elasticsearch, you can follow two ways; the ingest pipeline, which is an Elasticsearch with the concept of ingesting pipeline from version 5.0. This particular pipeline also has a series of processors which can make several distinct changes to the information. The pipeline shall then change the index the packets shall be written to that is the default defined by Tshark packets-YYYY-MM-DD. This can be highlighted in the URL. Both logstash and filebeat possess equivalent configuration option to determine an ingest pipeline while sending Elasticsearch data (Jia & Han, 2019)

The figures below indicate the visualization and exploration of network packets in Kibana:

Profound view of packets of networks, e.g. a table indicating raw data packet in elastic rows

Source: Jia, Z., & Han, Z. (2019, October). Research and Analysis of User Behavior Fingerprint on Security Situational Awareness Based on DNS Log. In 2019 6th International Conference on Behavioral, Economic and Socio-Cultural Computing (BESC) (pp. 1-4). IEEE.DOI: 10.1109/BESC48373.2019.8963120

Pie chart indicating the distributions of protocols of network

Source: Jin, Y., Tomoishi, M., & Yamai, N. (2019, August). Anomaly Detection by Monitoring Unintended DNS Traffic on Wireless Network. In 2019 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM) (pp. 1-6). IEEE.DOI: 10.1109/PACRIM47961.2019.8985052

Due to presence of the network data from Wireshark contains data format which is distinct from Syslog, it may be meaningful to transform some settings to Kibana that is, management tab of Kibana advanced setting (Jin et al., 2019).

Conclusion

Conclusively, Elasticsearch is preferably scalable and has low -latency data storage which is quite well suited to keep packet data and offer somewhat near actual-access to it. The information technology and network administrators and security analysts both gain from their capacity to interactively explore packets of networks in a website browser, dashboards and searches they share.

References

Thompson, E. C. (2020). Continuous Monitoring. In Designing a HIPAA-Compliant Security Operations Center (pp. 95-163). Apress, Berkeley, CA. doi.org/10.1007/978-1-4842-5608-4_5

Jia, Z., & Han, Z. (2019, October). Research and Analysis of User Behavior Fingerprint on Security Situational Awareness Based on DNS Log. In 2019 6th International Conference on Behavioral, Economic and Socio-Cultural Computing (BESC) (pp. 1-4). IEEE.DOI: 10.1109/BESC48373.2019.8963120

Jin, Y., Tomoishi, M., & Yamai, N. (2019, August). Anomaly Detection by Monitoring Unintended DNS Traffic on Wireless Network. In 2019 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM) (pp. 1-6). IEEE.DOI: 10.1109/PACRIM47961.2019.8985052