Investigate DNS query logging, and alarms associated with non-expected domain traffic.

cds-snc / covid-alert-server

Exposure Notification: Diagnosis Server implementation / Notification d’exposition : Mise en œuvre du serveur de diagnostic

Apache License 2.0

298 stars 31 forks source link

Investigate DNS query logging, and alarms associated with non-expected domain traffic. #337

Open stephenyates-gc opened 3 years ago

stephenyates-gc commented 3 years ago

This allows us to monitor the DNS queries coming out of our compute clusters. Should we find any egress to places we do not trust, we can assume that malicious activity is going on.

Risk: Not able to identify malicious activity.

Acceptance criteria:

[ ] DNS logging enabled
[ ] Notification sent to appropriate channel once DNS query logged

stephenyates-gc commented 3 years ago

Estimated at around a day of effort.