Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Shining the spotlight on DNS security

Ken Pohniman, General Manager ASEAN, Infoblox | Jan. 26, 2016
To effectively protect an organisation from DNS attacks, businesses first need to understand DNS security, the challenges businesses face around DNS security, and the gaps in security solutions these companies are using today.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

In 2013, government portals in Singapore encountered a string of cyber-attacks including that of the prime minister and president's office, through Domain Name System (DNS) poisoning. 19 government sites suffered an outage on that day.

DNS-based attacks have increased 115 percent from 2011 to 2013, and the number of incidents doubled from 2013 to 2014. Due to the little skill required, the wide range of attack types and the open availability of botnets, DNS-based attacks are extremely visible and damaging to a business, and attacks grow in frequency and volume every year. These attacks are not just focused on bringing DNS down, but also use DNS to steal personally identifiable information (PII), passwords or credit card numbers.

To effectively protect an organisation from DNS attacks, you first need to understand DNS security, the challenges businesses face around DNS security and the gaps in security solutions these companies are using today.

DNS acts like a phone directory, translating user-friendly domain names into IP addresses. The system then routes access to a specific internet location using its domain name. These translation database tables hold billions of entries and are widely dispersed, meaning no one server holds all the IP addresses and their assigned domain names. DNS tables are stored across millions of servers, making it an easy target for adversaries to cache wrong information (cache poisoning), falsely answer requests sent to a 'real' DNS server (DNS spoofing) and ultimately misdirect normal traffic to malicious destinations.

Unsecured DNS servers can be used by adversaries to amplify attacks against other targets. Adversaries may also hijack traffic to monitor customer interactions, exposing and even exhilarating sensitive customer Personally Identifiable Information (PII) data, passwords or credit cards, or even tricking customers into downloading malware.

The impact of DNS-based attacks can be substantial, ranging from degraded end user experience to data theft to overruns on operational costs. IT and security organisations are tasked to prevent critical outages and to define defence strategies. However, these major functions of the enterprise rarely operate in close alignment, causing the securing of DNS and IP address management (IPAM) services to fall between the cracks of traditional IT network functions and security functions.

With the lack of visibility into the number and types of devices connected to the internal network, it is difficult for security organisations to possess any type of control over those devices. IT organisations struggle to extend a consistent, scalable IP management model from traditional data centres to the cloud with only a system of spreadsheets - providing no visibility or reporting. As a result, IT operations and security organisations are segmented, stretched thin with too many battle "fronts" to deploy adequate resourcing for a strategic defence.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.