DNS Vulnerability 1) You own a Firewall and you use third party DNS IP 2) You own a Proxy server and you use third party DNS IP 3) You own a VPN Access Server and you use third party DNS IP 4) You own a Domain Controller/Active Directory and you use third party DNS IP 5) User DNS Queries are resolved by a third party DNS Server which is not in their control 6) DNS Becomes a Data Channel - DNS Tunnel 7) DNS 'A' record has 4 bytes of data, with 100 DNS Queries it can becomes 400 bytes of data which can be transferred or received 8) DNS 'AAAA' record has 16 bytes of data which can be transferred or received 9) DNS 'TXT' record has 255 character space which payload out from your network with private key (Example-Ransomware) 10) All the Browser does is WGET (HTTP GET/POST), there by downloading pictures/any executable files (Example-malware) at the backend which gives pathway to your network to the outside world in the form of DNS Queries. Artificial Intelligence and Machine Learning to Predict Good/Bad Queries and Information Category of the Queries Good/Bad Queries Domain Age,Registrar,TLD,DNSBL,Reputation Score and so on. Information Categories Limitization,Stop Words,Tokenization,Term Frequency and ITF provide preprocessing data. SKLearn - Random Forest,Naivebayes,SVC and Logistic regression DNS Firewall Artificial Intelligence Machine Learning Powered Customizable DNS Security Solution Dedicated Public Cloud - Shared Public Cloud Services - Private Cloud / On Premise DIMA Warrior DNS Firewall Architecture 1. DIMA AI-ML powered Intelligent Threat Vector (ITV) and Secure API. 2. DIMA ITV and AI Secure API will remain in DIMA Cloud. 3. Access control lists deals with IP address inspection. 4. Database deals with both IP address and Domain inspection. 5. AI-ML Secure API deals with IP, Threat and Information categories databases. 6. DIMA Intelligent Threat Vector (ITV) , deals with Access Control Lists and ITV database. 7. Whitelist and Blacklist databases will be manual. DNS Firewall Firewall Proxy Server VPN Access Server DIMA Warrior Compatibility DNS Firewall Standalone Customer/DIMA Public Cloud INTERNET Public Cloud Private Cloud Or On Premise Proxy Server INTERNET IP Address LDAP SSL Inspection File Extension Analysis Keyword Analytics URL Block/Redirects Public Cloud INTERNET Proxy Server From Anywhere LDAP SSL Inspection File Extension Analysis Keyword Analytics URL/Block Redirects Public Cloud Private Cloud Or On Premise HTTP Proxy Server INTERNET VPN Access Server CA-Certificate Authority Client Certificate Client Key TLS Auth Key LDAP Public Cloud INTERNET VPN Access Server From Anywhere VPN CA-Certificate Authority Client Certificate Client Key TLS Auth Key LDAP VPN Public Cloud Private Cloud Or On Premise INTERNET VPN Access Server WRT Router (WiFi/Ethernet) VPN CA-Certificate Authority Client Certificate Client Key TLS Auth Key LDAP Private Cloud Or On Premise INTERNET Private Cloud Or On Premise INTERNET Primary Secondary Private Cloud Or On Premise INTERNET Primary Secondary Proxy Server LDAP SSL Inspection File Extension Analysis Keyword Analytics URL Block/Redirects Remote Original URL DIMA Remote Original URL DIMA Accessing Web Application Remote Original URL DIMA Office Users Accessing Web Application Firewall Proxy Server WRT Router (WiFi/Ethernet) Route Zero - Powerful & Compliant Recommended Network Security Solution (Free Idea from DIMA)