Summary
In today’s complex and heterogeneous environment, protecting efficiently your network has become a difficult task. DNS is indeed subjected to new, sophisticated attacks which can result- in the worst case scenario- in the loss of sensitive data. The solution? New firewalls need to be implemented in your network system in order to protect you against impending threats and DNS attacks.
Two common DNS attacks: DNS poisoning, fishing and amplification
Perhaps you may remember the massive outage that hit many popular websites in 2016, including Twitter, Etsy, Spotify or Netflix. That outage was the result of a sophisticated DNS attack; for almost 10 hours, these websites became unavailable to millions web users. The cause of this dramatic outage was a powerful DNS attack.
In one of the most common DNS attacks, called DNS poisoning (or spoofing), web users are redirected towards a fake website, entirely created by the attacker. In order to do so, hackers exploit the vulnerabilities of the DNS and corrupt its caching system.
The attacker then has the opportunity to carry out what is called phishing techniques to steal sensitive information or infect computers with a malware (virus or trojan). Since internet users believe that they are using the right website, they don’t even realise that they are subjected to a DNS attack. This is why this type of attack is very difficult to counteract and actually, it can take days for the server to resolve the issue.
DNS amplification is another type of attack carried out against the DNS service. DNS amplification exploits the open nature of DNS, and attackers use a network of infected devices (called botnet) to send thousands of DNS queries. The aim of this attack is therefore to overload the target in order to crash it. This DNS attack is, however, very difficult to detect, because the responses are legitimate data, sent from valid servers.
Defending yourself against DNS attacks
It has been demonstrated that 91% of malware are using DNS services to build attacks; consequently, DNS attacks have to be taken seriously. You definitely have to provide your network system with the proper layer of defense. But what can you do to prevent your organisation becoming the victim of a DNS attack?
Organisations- from both private and public sectors- have to consider the issue and implement efficient DNS firewalls if they want to protect their business for malicious intents. Many solutions actually exist to fight against DDoS attacks; some firewalls can detect them and prevent them from damaging your system. DNS firewalls effectively protect your network about the kinds of DNS attacks that have been mentioned above, and against other threats, such as malware and Advanced Persistent Threat (APT) by filtering queries and blocking illegitimate ones. One of the best method to prevent spoofing would be to regularly clean the DNS caches, or to host your architecture on many servers. Find a perfect solution on http://www.efficientip.com/products/dns-firewall/.
DNS attacks have become particularly aggressive and damaging, since they are often carried out to steal data, create outages and damage brand reputation. Protecting your system against these common threats should therefore become one of your priorities.
