DNS Security: How to Reduce the Risk of a DNS Attack
March 24, 2019 Share

DNS Security: How to Reduce the Risk of a DNS Attack

DNS Security

Domain Name System or DNS is one of the foundational elements of the entire internet; however, unless you specialize in networking, you probably don’t realize how important it is.

DNS is essentially like a phone book of numbers that computers use for communication. Specifically, these numbers are IP addresses.

This directory is stored on domain name servers around the world, and a site can have more than one IP address.

Despite the importance of DNS, it’s something that tends to be overlooked in terms of network security. DNS security tends to fall lower on the totem pole than firewalls, proxies and endpoint protection, for example.

As was touched on, DNS is the foundation of the internet, and it can be a target for cyber attacks. With DNS, any application that’s part of the network can be reached. At the same time, while the DNS can be a target, it can also be a valuable source of protection when handled correctly and secured.

The following are some things to know about securing your DNS.

Understand Vulnerabilities

Some of the things a cybercriminal will do when they attack a DNS make it so that different IP addresses are reported, which allows them to scam people, redirect email and web traffic, or launch DNS amplifying attacks.

When this happens, visitors to your website would have no way of knowing they were being redirected somewhere else, or that their email wasn’t being sent to the server they thought it was. It’s difficult to detect this kind of attack which it’s already in place, which is why DNS security should be a top focus area. Prevention is the best objective.

What Did the 2018 Global DNS Threat Report Reveal?

In 2018, DNS attacks brought serious problems around the world. According to the 2018 Global DNS Threat Report, 77% of organizations faced DNS attacks in the 12 months before the report.

The report also showed that 20% of global organizations were victims of DNS tunneling, which is a favorite among hackers because it’s so tough to detect and it usually can go on for a long period of time before that happens.

Some of the biggest incidents last year were:

  • A 16-year-old tunneled into Apple servers and gained access to 90 gigabytes of files. He did so over a 12 month-period all from his home in Melbourne. This was an excellent example of how easy it is for hackers to go through firewalls and not be detected, even by the largest organizations.
  • Several big banks were affected by DNS attacks. For example, RBS was one of the names with operations significantly impacted by these attacks.
  • When an organization faces a DNS attack, it can cost them massively. For 2018 attacks on financial organizations, the cost was on average $924,390 excluding the costs related to damage brand image and customer loyalty.
  • There was something called Xbash that recently surfaced, which is an evolved form of malware. Xbash attacks occur when there are a weak password and machines that are unpatched.

Network Security Tips

The following are some specific security tips and best practices to reduce the risk of an attack.

  • Look for strange traffic behaviors. You can use both live and context-aware DNS transaction analytics. This will allow you to start to see where there could be threats based on certain behaviors.
  • Use DNS public records to see all of your zones and provide audits of them. It’s very easy to forget about things like sub domains that might have outdated software.
  • Don’t make the assumption you’re protected by cloud providers.
  • Think about a holistic approach to network security. For example, add multiple layers of security into your overall strategies and solutions.
  • Always keep your DNS servers up to date. The less up-to-date your servers are, the more vulnerabilities there are. If you stay up to date, you’re strengthening yourself against the potential for attacks.
  • DNS firewalls can be useful tools as well.
  • Prevent a DNS poisoning attack, which is one of the most common types of DNS attacks, by disabling DNS recursion.

If you are the target of a DNS attack, it can destroy your network and cripple your business due to the foundational component of DNS. The number of reported DNS attacks on businesses almost doubled in 2018 year-over-year, and the cost of the damage related to these attacks is extremely high.

If you’re proactive in dealing with DNS security, you can protect your entire business from something that could be potentially extremely difficult to recover from.

This post DNS Security: How to Reduce the Risk of a DNS Attack originally appeared on GB Hackers.