Having a good domain setup is great for marketing and allow consumers to access a website easily. But there is one important factor that is sometimes neglected when it comes to discussing DNS. That factor is recursive DNS. Recursive DNS is the piece that allows users to find the domain names that companies setup.
Consumers may not realize it, but every time they go on their computers or phones to read the news, access their bank accounts or even read this blog, they are using recursive DNS services. Recursive DNS does two major tasks:.
If the IP address information is already in memory, then the recursive DNS server will immediately provide the IP address back to the browser and the user will be taken to the website. As you can see, Recursive DNS is very important when it comes to users accessing websites and other ecommerce services online. An open recursive server is one that has no security controls or IP access lists enabled. That enables anyone on the Internet to use the recursive DNS server including malicious attackers.
Unfortunately, many of the administrators are unaware they have open recursive DNS servers. Thus, malicious attackers have free rein to leverage the many open recursive DNS servers that exist on the Internet.
This issue caused the ISC to publish notes on best practices on running recursive DNS servers, including implementing IP access lists and security controls to restrict access to known parties:.
Various studies have estimated a 25x to 40x amplification factor when comparing the original DNS query packet size to the DNS response packet that is received. You know the gazillion Google searches you do? All those websites you visit or all that online shopping? The way you socialize and find news on the web?
All that great music you find … all the Gifs and memes you share? None of that is happening without DNS. Multi-CDN Management. Compare Outages Outage Prevention. April 14, Give us your email and we'll send you the good stuff. Thanks for joining our newsletter. Get Started. Guide to Site Performance and Domain Latency. What is a DNS Server? Sign up for industry news and insights. It'll be worth it. Domain Registration.
All rights reserved. To understand how exactly you can protect your business from exploitable flaws the DNS system has firstly we need to understand how it works. A DNS server resolves names to numbers. To be more specific — if you were to input www. In this case, that IP address is Image Source. The most common delivery mechanism for this kind of malware are phishing and spear phishing attacks — when a user downloads a malicious attachment or is prompted to click an embedded link.
This CnC center is actually a server from which the hacker can instruct the malware automatically to start doing malicious activities such as downloading remote access tools, additional software components, or updates that exploit the unpatched vulnerabilities of the compromised device.
Not only that, if it so happens that the CnC server has gained access to the end-user machine on the targeted network it can start to spread on all endpoint devices inside that network. To make it even worse, hackers have created several different tactics to make securing your network even harder like DGAs Domain Generation Algorithms and Fast Fluxing.
Domain Generation Algorithms prevent the network detection techniques companies started using like a predefined list of malicious domain names the network users are unable to access. DGA generate a large number of domain names used as rendezvous points with their CnC servers.
Fast fluxing prevents IP-based access control lists from working by taking advantage of the fact that DNS allows an administrator to register a number of IP addresses to a single host name for purposes of load balancing. Fast flux can be used to hide phishing and malware delivery sites behind an ever-changing network of compromised hosts acting as proxies. Data extraction is also possible through DNS requests.
CnC servers, once the computer is infected, are able to extract sensitive data through a process called DNS tunneling. In tunneling, cyber criminals use DNS to smuggle data out of the enterprise by breaking it up into small chunks, hiding them in a DNS query and sending them to a rogue authoritative DNS server they control remotely. Significantly improve defenses and close DNS security gaps. They also protect the client from data exfiltration by using the unique and up-to-date threat intelligence.
Attacks are stopped before the IP connection happens.
0コメント