Article by Neustar senior vice president, senior technologist and fellow Rodney Joffe
Regardless of age, location and industry, most people can agree that the internet is an extremely dangerous place.
Seemingly harmless server updates and spam emails can act as the perfect malware-inducers, and news headlines are now reporting what seems like a data breach per day.
Thanks to this heightened threat landscape, organisations are spending a significant amount of time, money and resource thinking about how they can avoid being the next target.
However, with multiple priorities and the realisation that today’s cyber criminals can no longer be deterred by yesterday’s technology, more aggressive security strategies need to be considered.
The first step to putting this robust strategy in place lies within the Domain Name System (DNS), the backbone of the internet that allows text-based websites – as well as server names – to be translated into the identifiable and numerical IP address.
However, being such an integral part of the internet infrastructure also makes DNS a popular target for cyber criminals looking to attack organisational networks and data.
Despite being so important, DNS is often one of the most overlooked points when it comes to creating a cybersecurity strategy.
This is mainly since the original DNS protocol design was somewhat flawed and failed to consider many security issues, resulting in several related vulnerabilities.
Despite these vulnerabilities, DNS is more than a directory of Internet Protocol addresses and can act as the first line of defence for internet communications entering and leaving a network.
By filtering the traffic that goes in and out of the network at the DNS level, enterprises can stop the vast majority of malware, viruses and unwanted content before it even enters the network.
An attack on a business’ DNS can cause a multitude of problems, which then go on to manifest in a number of different ways – mainly through the theft of sensitive information that lies within an organisation’s servers.
Hackers can also steal data from private networks via DNS-based breaches, with some Distributed Denial of Service (DDoS) attacks specifically targeting DNS, in a bid to cripple a company’s functionality.
According to recent data from the Neustar International Security Council (NISC), 40% of businesses have been on the receiving end of a DDoS attack in the last year alone.
Often used to overload the authoritative DNS server – blocking visitors from accessing an organisations website – DDoS attacks can result in significant downtime, leading to loss of business.
In many cases, a DDoS attack may also merely be a decoy, allowing attackers to begin probing an organisation’s digital infrastructure to find further weaknesses safe in the knowledge that the network security team will be busy trying to deal with the more immediate issue of the DDoS attack, and therefore not focusing on the DNS.
To combat the threats associated with DNS, a security strategy should include multiple layers of protection, including real-time monitoring to identify and respond to risks both quickly and efficiently. This strategy should also have a network of private connections capable of fending off common DNS-spoofing attempts via the open internet.
The right security intelligence is key in the fight against DDoS attacks, data theft, viruses and other forms of malware.
DNS servers are an enterprise’s first line of defence against these cyber attacks.
Authoritative and recursive DNS servers have complementary but different roles to fill in that line of defence.
An authoritative DNS server, for example, needs to protect a network against DDoS attacks and ransomware—a newer form of malware that is increasingly being launched in conjunction with DDoS attacks.
Recursive DNS servers need to provide consistent and customisable policies that block threats and bad user behaviour based on current, reliable threat intelligence.
As rates of cybercrime continue to grow DNS will remain constantly under threat from a number of potential attackers; from DDoS attacks, cache poisoning assaults, spoofing attempts and even innocently enough, high-volume website traffic, which all can lead to service disruptions for a large part of the internet.