Story image

Why protecting your DNS should never be an afterthought

11 Oct 2018

Article by Neustar senior vice president, senior technologist and fellow Rodney Joffe

Regardless of age, location and industry, most people can agree that the internet is an extremely dangerous place.

Seemingly harmless server updates and spam emails can act as the perfect malware-inducers, and news headlines are now reporting what seems like a data breach per day.

Thanks to this heightened threat landscape, organisations are spending a significant amount of time, money and resource thinking about how they can avoid being the next target.

However, with multiple priorities and the realisation that today’s cyber criminals can no longer be deterred by yesterday’s technology, more aggressive security strategies need to be considered.

The first step to putting this robust strategy in place lies within the Domain Name System (DNS), the backbone of the internet that allows text-based websites – as well as server names – to be translated into the identifiable and numerical IP address.

However, being such an integral part of the internet infrastructure also makes DNS a popular target for cyber criminals looking to attack organisational networks and data.

Giving DNS the time of day

Despite being so important, DNS is often one of the most overlooked points when it comes to creating a cybersecurity strategy.

This is mainly since the original DNS protocol design was somewhat flawed and failed to consider many security issues, resulting in several related vulnerabilities.

Despite these vulnerabilities, DNS is more than a directory of Internet Protocol addresses and can act as the first line of defence for internet communications entering and leaving a network.

By filtering the traffic that goes in and out of the network at the DNS level, enterprises can stop the vast majority of malware, viruses and unwanted content before it even enters the network.

In the firing line

An attack on a business’ DNS can cause a multitude of problems, which then go on to manifest in a number of different ways – mainly through the theft of sensitive information that lies within an organisation’s servers.

Hackers can also steal data from private networks via DNS-based breaches, with some Distributed Denial of Service (DDoS) attacks specifically targeting DNS, in a bid to cripple a company’s functionality.

According to recent data from the Neustar International Security Council (NISC), 40% of businesses have been on the receiving end of a DDoS attack in the last year alone.

Often used to overload the authoritative DNS server – blocking visitors from accessing an organisations website – DDoS attacks can result in significant downtime, leading to loss of business.

In many cases, a DDoS attack may also merely be a decoy, allowing attackers to begin probing an organisation’s digital infrastructure to find further weaknesses safe in the knowledge that the network security team will be busy trying to deal with the more immediate issue of the DDoS attack, and therefore not focusing on the DNS.

Watching your back

To combat the threats associated with DNS, a security strategy should include multiple layers of protection, including real-time monitoring to identify and respond to risks both quickly and efficiently. This strategy should also have a network of private connections capable of fending off common DNS-spoofing attempts via the open internet.

The right security intelligence is key in the fight against DDoS attacks, data theft, viruses and other forms of malware.

DNS servers are an enterprise’s first line of defence against these cyber attacks.

Authoritative and recursive DNS servers have complementary but different roles to fill in that line of defence.

An authoritative DNS server, for example, needs to protect a network against DDoS attacks and ransomware—a newer form of malware that is increasingly being launched in conjunction with DDoS attacks.

Recursive DNS servers need to provide consistent and customisable policies that block threats and bad user behaviour based on current, reliable threat intelligence.

As rates of cybercrime continue to grow DNS will remain constantly under threat from a number of potential attackers; from DDoS attacks, cache poisoning assaults, spoofing attempts and even innocently enough, high-volume website traffic, which all can lead to service disruptions for a large part of the internet.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.