Story image

Why protecting your DNS should never be an afterthought

11 Oct 2018

Article by Neustar senior vice president, senior technologist and fellow Rodney Joffe

Regardless of age, location and industry, most people can agree that the internet is an extremely dangerous place.

Seemingly harmless server updates and spam emails can act as the perfect malware-inducers, and news headlines are now reporting what seems like a data breach per day.

Thanks to this heightened threat landscape, organisations are spending a significant amount of time, money and resource thinking about how they can avoid being the next target.

However, with multiple priorities and the realisation that today’s cyber criminals can no longer be deterred by yesterday’s technology, more aggressive security strategies need to be considered.

The first step to putting this robust strategy in place lies within the Domain Name System (DNS), the backbone of the internet that allows text-based websites – as well as server names – to be translated into the identifiable and numerical IP address.

However, being such an integral part of the internet infrastructure also makes DNS a popular target for cyber criminals looking to attack organisational networks and data.

Giving DNS the time of day

Despite being so important, DNS is often one of the most overlooked points when it comes to creating a cybersecurity strategy.

This is mainly since the original DNS protocol design was somewhat flawed and failed to consider many security issues, resulting in several related vulnerabilities.

Despite these vulnerabilities, DNS is more than a directory of Internet Protocol addresses and can act as the first line of defence for internet communications entering and leaving a network.

By filtering the traffic that goes in and out of the network at the DNS level, enterprises can stop the vast majority of malware, viruses and unwanted content before it even enters the network.

In the firing line

An attack on a business’ DNS can cause a multitude of problems, which then go on to manifest in a number of different ways – mainly through the theft of sensitive information that lies within an organisation’s servers.

Hackers can also steal data from private networks via DNS-based breaches, with some Distributed Denial of Service (DDoS) attacks specifically targeting DNS, in a bid to cripple a company’s functionality.

According to recent data from the Neustar International Security Council (NISC), 40% of businesses have been on the receiving end of a DDoS attack in the last year alone.

Often used to overload the authoritative DNS server – blocking visitors from accessing an organisations website – DDoS attacks can result in significant downtime, leading to loss of business.

In many cases, a DDoS attack may also merely be a decoy, allowing attackers to begin probing an organisation’s digital infrastructure to find further weaknesses safe in the knowledge that the network security team will be busy trying to deal with the more immediate issue of the DDoS attack, and therefore not focusing on the DNS.

Watching your back

To combat the threats associated with DNS, a security strategy should include multiple layers of protection, including real-time monitoring to identify and respond to risks both quickly and efficiently. This strategy should also have a network of private connections capable of fending off common DNS-spoofing attempts via the open internet.

The right security intelligence is key in the fight against DDoS attacks, data theft, viruses and other forms of malware.

DNS servers are an enterprise’s first line of defence against these cyber attacks.

Authoritative and recursive DNS servers have complementary but different roles to fill in that line of defence.

An authoritative DNS server, for example, needs to protect a network against DDoS attacks and ransomware—a newer form of malware that is increasingly being launched in conjunction with DDoS attacks.

Recursive DNS servers need to provide consistent and customisable policies that block threats and bad user behaviour based on current, reliable threat intelligence.

As rates of cybercrime continue to grow DNS will remain constantly under threat from a number of potential attackers; from DDoS attacks, cache poisoning assaults, spoofing attempts and even innocently enough, high-volume website traffic, which all can lead to service disruptions for a large part of the internet.

Five things MSPs need to keep in mind in 2019
A Datto APAC channel exec outlines the most important factors for MSP to being paying attention to in the coming year.
Survey: IT pros nostalgic over on-prem data centre visibility
There are significant security and monitoring challenges faced by IT staff responsible for managing public and private cloud deployments.
61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nozomi and RIoT to deliver advanced ICS security solutions to Australia
''As a specialised integrator of robust and resilient ICT and IoT solutions within Australia, we are delighted to be partnering with Nozomi Networks."
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.