Story image

Why protecting your DNS should never be an afterthought

11 Oct 18

Article by Neustar senior vice president, senior technologist and fellow Rodney Joffe

Regardless of age, location and industry, most people can agree that the internet is an extremely dangerous place.

Seemingly harmless server updates and spam emails can act as the perfect malware-inducers, and news headlines are now reporting what seems like a data breach per day.

Thanks to this heightened threat landscape, organisations are spending a significant amount of time, money and resource thinking about how they can avoid being the next target.

However, with multiple priorities and the realisation that today’s cyber criminals can no longer be deterred by yesterday’s technology, more aggressive security strategies need to be considered.

The first step to putting this robust strategy in place lies within the Domain Name System (DNS), the backbone of the internet that allows text-based websites – as well as server names – to be translated into the identifiable and numerical IP address.

However, being such an integral part of the internet infrastructure also makes DNS a popular target for cyber criminals looking to attack organisational networks and data.

Giving DNS the time of day

Despite being so important, DNS is often one of the most overlooked points when it comes to creating a cybersecurity strategy.

This is mainly since the original DNS protocol design was somewhat flawed and failed to consider many security issues, resulting in several related vulnerabilities.

Despite these vulnerabilities, DNS is more than a directory of Internet Protocol addresses and can act as the first line of defence for internet communications entering and leaving a network.

By filtering the traffic that goes in and out of the network at the DNS level, enterprises can stop the vast majority of malware, viruses and unwanted content before it even enters the network.

In the firing line

An attack on a business’ DNS can cause a multitude of problems, which then go on to manifest in a number of different ways – mainly through the theft of sensitive information that lies within an organisation’s servers.

Hackers can also steal data from private networks via DNS-based breaches, with some Distributed Denial of Service (DDoS) attacks specifically targeting DNS, in a bid to cripple a company’s functionality.

According to recent data from the Neustar International Security Council (NISC), 40% of businesses have been on the receiving end of a DDoS attack in the last year alone.

Often used to overload the authoritative DNS server – blocking visitors from accessing an organisations website – DDoS attacks can result in significant downtime, leading to loss of business.

In many cases, a DDoS attack may also merely be a decoy, allowing attackers to begin probing an organisation’s digital infrastructure to find further weaknesses safe in the knowledge that the network security team will be busy trying to deal with the more immediate issue of the DDoS attack, and therefore not focusing on the DNS.

Watching your back

To combat the threats associated with DNS, a security strategy should include multiple layers of protection, including real-time monitoring to identify and respond to risks both quickly and efficiently. This strategy should also have a network of private connections capable of fending off common DNS-spoofing attempts via the open internet.

The right security intelligence is key in the fight against DDoS attacks, data theft, viruses and other forms of malware.

DNS servers are an enterprise’s first line of defence against these cyber attacks.

Authoritative and recursive DNS servers have complementary but different roles to fill in that line of defence.

An authoritative DNS server, for example, needs to protect a network against DDoS attacks and ransomware—a newer form of malware that is increasingly being launched in conjunction with DDoS attacks.

Recursive DNS servers need to provide consistent and customisable policies that block threats and bad user behaviour based on current, reliable threat intelligence.

As rates of cybercrime continue to grow DNS will remain constantly under threat from a number of potential attackers; from DDoS attacks, cache poisoning assaults, spoofing attempts and even innocently enough, high-volume website traffic, which all can lead to service disruptions for a large part of the internet.

How to stay safe when shopping online
Online shopping is a great way to avoid the crowds – but there are risks.
Dell EMC embeds security in latest servers
Dell EMC's 14th generation of PowerEdge servers has comprehensive management tools to provide security across hardware and firmware.
Why data backups should be a part of daily operations
"Disaster recovery needs to address complete system failure and provide a set of security policies to govern disaster incidents."
Businesses focusing on threats from within - survey
Over 50% of respondents reported that 100 days of dwell time or more was representative of their organisation.
Corelight and Exabeam partner to improve network monitoring
The combination of lateral movement and siloed usage of point security products leaves many security teams vulnerable to compromise.
SailPoint releases first identity annual report
SailPoint’s research found that many organisations are lacking maturity in their governance processes over identities.
Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
Businesses too slow on attack detection – CrowdStrike
The 2018 CrowdStrike Services Cyber Intrusion Casebook reveals IR strategies, lessons learned, and trends derived from more than 200 cases.