Gary Cox, Technology Director, Western Europe at Infoblox, offers insight into how organisations can best prevent DNS attacks.
With its 30 year history, Domain Name System, or DNS, has scaled from serving a network of thousands of computers to a network of billions of computers and other connected devices.
It’s now decentralised, made up of millions of cooperating resolvers and DNS servers, yet it still provides rapid resolution of arbitrary domain names from all over the globe. Therefore, it’s a prime target for misuse across those networks and devices.
Given how pervasive DNS is, attacks can occur in many different shapes and sizes – for example through malware command and control, DDoS attacks, data exfiltration (and infiltration), domain hijacking, phishing and spear phishing attacks, to name just a few.
And DNS has become an increasingly popular target with bad actors.
So how can organisations best protect themselves against the threats posed via DNS?
DNS firewalling can be a great asset in the fight against DNS misuse, in particular for malware and phishing identification but its effectiveness is directly aligned with the quality of intelligence data that it is acting on.
Therefore, as a starting point, organisations should invest in high quality and highly curated threat intelligence data with low false positives. In addition to that data should be newly observed domain feeds this gives organisations a good technical control as well as a proactive stance against phishing and other attacks.
It’s also important to understand how to protect against DNS rebinding – whereby a malicious web page causes visitors to run to a client-side script that attacks machines elsewhere on the network. Companies should be checking with their internet of things suppliers to ensure API’s and web interfaces are secure in the first place.
A layered defence is always a good idea, if we look at DDoS as one example, it is prudent to protect your Authoritative DNS servers from the effects of denial of service, this should be done both at the DNS Server itself but also against the Internet connection coming into that point of presence.
While technology is always beneficial, there is no substitute for high quality and regular user education, for example, staff training on what to do should a hack occur. Both educational and technical controls should always be rolled out in parallel.
DNS security is often overlooked when it should, in fact, be a high priority for businesses. Current intrusion detection and prevention systems and next-generation firewalls are, when used in isolation, insufficient to successfully defend against DNS attacks.
With these attacks continuing to rise, there’s a real need for organisations to implement a multi-faceted strategy to combat modern criminals and the increasingly sophisticated malware that uses DNS as a way of evading existing defence systems.