Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to stay ahead of threats to DNS servers

David Williamson, CEO, EfficientIP | Jan. 28, 2015
It's virtually impossible to stop DNS attacks, but these best practices can significantly minimise the impact.

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

Gartner predicts more than 30 billion devices will be connected by the Internet of Things (IoT) by 2020, and Domain Name System (DNS) servers are critical to keeping it all running. However, the number, frequency and variety of attacks on DNS servers is rising, putting businesses and initiatives like IoT at enormous risk. The good news is, there are steps you can take to mitigate these attacks.

The DNS system translates easily memorized domain names into the numerical IP addresses needed for locating computer services and devices worldwide. According to the Internet Corporation for Assigned Names and Numbers (ICANN), there are 30 to 50 million DNS servers on the planet. These servers are being hit by four main types of attacks: zero-day, cache poisoning, denial of service (DoS) and distributed denial of service (DDoS).

With a zero-day attack, a previously undiscovered vulnerability that resides within the DNS server software or the DNS protocol stack is exploited to compromise, confuse or even crash a DNS server.

Cache poisoning is one of the more notable types of attack. To speed up the process of connecting the points on the Internet, the DNS system holds many local copies of itself in regional caches. By exploiting bugs, local malware or poor DNS server configuration, external agents can inject fraudulent addressing information into DNS caches in order to launch an attack. Users accessing the cache with the aim of visiting a targeted site are, instead, redirected to a different server, under the control of the attacker. For example, this could be a fake e-tail site that offers a close replica of the target's official site, tricking users into divulging financial information.

DoS, like its name implies, blocks users from accessing a given Internet service or web site. This is typically achieved by flooding a victimized web site with simultaneous queries, creating such high volumes of traffic that legitimate users can't enter the site.

DDoS is a more elaborate form of DoS. It involves a network of zombie computers, often in the thousands, which the attacker commandeers from the victim by spreading malware from one machine to another. Even a single infected desktop on a local network can generate more than 200,000 DNS queries per second and almost kill a DNS server by stopping most of its internal services. 

Best practices for mitigating DNS attacks
Given the changing nature and growing scale of threats, it's virtually impossible to stop DNS attacks outright. But, by adopting the following best practices, you can significantly minimize them:

 

1  2  3  Next Page 

Sign up for MIS Asia eNewsletters.