Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
Source : https://www.networkworld.com/article/3707471/dns-security-poses-problems-for-enterprise-it.html
Attacks related to Domain Name System infrastructure – such as DNS hijacking, DNS tunneling and DNS amplification attacks – are on the rise, and many IT organizations are questioning the security of their DNS infrastructure.
Most IT organizations maintain a variety of DNS infrastructure for public services (websites and internet-accessible services) and private services (Active Directory, file sharing, email). Securing both internal and external DNS infrastructure is critical due to a growing number of threats and vulnerabilities that malicious actors use to target them. Unfortunately, very few organizations are confident in their DNS security.
Enterprise Management Associates (EMA) recently examined the issue of DNS security in its newly published research report, “DDI Directions: DNS, DHCP and IP Address Management Strategies for the Multi-Cloud Era.” Based on a survey of 333 IT professionals responsible for DNS, DHCP and IP address management (DDI), the research found that only 31% of DDI managers are fully confident in the security of their DNS infrastructure.
Top DNS security concerns
EMA asked research participants to identify the DNS security challenges that cause them the most pain. The top response (28% of all respondents) is DNS hijacking. Also known as DNS redirection, this process involves intercepting DNS queries from client devices so that connection attempts go to the wrong IP address. Hackers often achieve this buy infecting clients with malware so that queries go to a rogue DNS server, or they hack a legitimate DNS server and hijacks queries as more massive scale. The latter method can have a large blast radius, making it critical for enterprises to protect DNS infrastructure from hackers.
The second most concerning DNS security issue is DNS tunneling and exfiltration (20%). Hackers typically exploit this issue once they have already penetrated a network. DNS tunneling is used to evade detection while extracting data from a compromised. Hackers hide extracted data in outgoing DNS queries. Thus, it’s important for security monitoring tools to closely watch DNS traffic for anomalies, like abnormally large packet sizes.
The third most pressing security concern is a DNS amplification attack (20%). This is a kind of distributed denial of service (DDoS) attack, whereby a hacker tricks third-party, publicly addressable DNS servers into flooding a target DNS server with unwanted, spoofed query responses, overwhelming that server’s ability to respond to legitimate queries. This attack can make websites unreachable because end user’s DNS queries to the site cannot be resolved.