Enjoy unlimited access to all forum features for FREE! Optional upgrade available for extra perks.

DNS: what it is and why you need to protect it

Acorn Newsbot

Junior Member
Joined
Jan 28, 2006
Posts
22,606
Reaction score
126
What is your top cyber security priority? The answer to this question will vary industry to industry, sector to sector and business to business. However, one thing all companies have in common is that their strategic decisions can be overturned in an instant: the moment a cyber criminal exploits a weakness they had not considered. And that weakness could well be the Domain Name System (DNS): overlooked, unloved, deprioritised and an easy-picking attack vector.

DNS-based cyber attacks are among the most common: it’s been estimated that in 2017, 76% of organisations around the world suffered DNS-based attacks, costing some businesses more than $5 million in damages. Despite this, DNS gateways are often left unprotected by security teams at enterprises, the data flowing through them white-flagged. Why is this, and what can businesses do to strengthen this weak link in their defences?

An introduction to DNS

To answer this question, we need to understand what DNS is, how it works, and why it’s a security threat.

Put simply: DNS is the phonebook of the internet. It comprises a group of servers that turn humanly understandable domain names, such as www.example.com, into the internet protocol (IP) addresses that can be understood by machines.

This process occurs in a series of three, iterative steps. When a person requests to go to a website, a DNS query is issued to the local recursive server, which acts as the hub of the process. The recursive server will begin by contacting the root server, which returns the address of the name server responsible, in this case for the .com zone. A query is then made to the .com top-level domain (TLD) server, which will respond with the location of the authoritative name server responsible, here: example.com. Finally, the authoritative name server will be contacted, and will return the IP address for the domain requested. This whole process takes just milliseconds.

A tempting target

The reason that the DNS layer of a network represents such a tempting target for hackers is that it’s ubiquitous, always on, and works behind the scenes (and is therefore very easy to be overlooked). What’s more, to make the DNS process as seamless and smooth as possible, many security administrators white-flag DNS traffic. This leaves the door open for malicious actors.

DNS vulnerabilities are behind some of the damaging cyber attacks. Simply by changing the answers to some of the queries hosted in your DNS server, cyber criminals can redirect users to a malicious website where they can pass on malware, insert data exfiltration trojans or expose people to phishing tactics. The latter occurred at a Brazilian bank last year, when online customers were diverted to fake websites and stripped of their most sensitive financial data. Cyber criminals can also extract data through DNS tunnelling, where DNS traffic is used to bypass firewalls.

Plugging the DNS hole

Fortunately, not only is DNS traffic relatively easy to secure, the right approach can turn this traffic from a vulnerability into an important threat intelligence asset. Thanks to advanced heuristics developed here at Nominet, organisations can inspect the billions of packets of DNS data flowing out of their businesses and find even the smallest trace of inproper activity. This deep packet inspection operates in real time, without introducing network latency and gives enterprises the ability to automatically shut down active threats the moment they’re detected.

By putting in place a new layer of visibility and control to DNS systems, organisations can effectively enable their DNS traffic for use in cyber defence; using the data to protect against malware, phishing, botnets, data exfiltration, cryptomining and other dangers.

Find out more

If you would like to read more about DNS and its associated security threats please download our new white paper. Here, you can also learn how Nominet can help protect your DNS layer and turn DNS traffic into a strategic threat intelligence asset.

The post DNS: what it is and why you need to protect it appeared first on Nominet.

Continue reading...
 

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

☆ Premium Listings

Sedo - it.com Premiums

IT.com

Premium Members

Acorn Domains Merch
MariaBuy Marketplace

Domain Forum Friends

Other domain-related communities we can recommend.

Our Mods' Businesses

Perfect
Laskos
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
  • Helmuts @ Helmuts:
    @Admin please enable the chat visible to unregistered users, or who haven't signed in their accounts. Tx
  • Helmuts @ Helmuts:
    please
    brave_qptn86fptt-png.4616
  • D AcornBot:
    DLOE has left the room.
  • Helmuts @ Helmuts:
    also, please keep the restriction in regards to posting > posting permission should be available to members only
  • Daniel - Monetize.info @ Daniel - Monetize.info:
    Welcome everyone!
  • Helmuts @ Helmuts:
    @Daniel - Monetize.info
    chrome_8fedcfysiy-png.4617
    .. can you see this one?
  • Helmuts @ Helmuts:
    nice, isn't it? :)
  • alan AcornBot:
    alan has left the room.
    • Wow
    Reactions: Jam
  • alan AcornBot:
    alan has joined the room.
  • alan AcornBot:
    alan has left the room.
  • alan AcornBot:
    alan has joined the room.
  • Helmuts @ Helmuts:
    Hi Alan
  • Helmuts @ Helmuts:
    long time no see
  • Helmuts @ Helmuts:
    hows parachute doing?
  • Helmuts @ Helmuts:
    :) huhhh.. Joe Rogan has just published an interview with Donald Trump
    To view this content we will need your consent to set third party cookies.
    For more detailed information, see our cookies page.
  • Helmuts @ Helmuts:
    almost 3 hours..
  • Helmuts @ Helmuts:
    morning all :)
  • Helmuts @ Helmuts:
    .. is anyone going to domain day in Dubai or icann Turkey?
    • Like
    Reactions: gdomains
  • boxerdog AcornBot:
    boxerdog has left the room.
  • Helmuts @ Helmuts:
    Greetings from Istanbul, Turkey!
  • alan AcornBot:
    alan has left the room.
  • C AcornBot:
    cav has left the room.
      C AcornBot: cav has left the room.
      Top Bottom