Wednesday, February 26, 2020

Word of the Day: DNS attack

 
Word of the Day WhatIs.com
Daily updates on the latest technology terms | February 26, 2020
DNS attack

A DNS attack is an exploit in which an unknown entity takes advantage of vulnerabilities in the domain name system (DNS).

 

Although the DNS is quite robust, it was designed for usability, not security, and the types of DNS attacks in use today are numerous and quite complex. Typically, attackers take advantage of the plaintext communication back and forth between clients and the three types of DNS servers. Another popular attack strategy is to log in to a DNS provider's website with stolen credentials and redirect DNS records.

In order to understand how DNS attacks work, it is important to understand how the domain name system works:

DNS is a protocol that translates a user-friendly domain name, like WhatIs.com, into the computer-friendly IP address 206.19.49.154.

 

When an end user types the people-friendly domain name WhatIs.com into a client's browser, a program in the client's operating system called a DNS resolver looks up WhatIs.com's numerical IP address.

 

First, the DNS resolver checks its own local cache to see if it already has the IP address for WhatIs.com. If it doesn't have the address, the resolver then queries a DNS server to see if it knows the correct IP address for WhatIs.com.

 

Once the resolver locates the IP address, it returns it to the requesting program and caches the address for future use.

 

DNS servers are recursive, which means they can query each other to find a server that has cached the correct IP address -- or locate the DNS server that stores the canonical mapping for the domain name. By default, DNS queries and responses are sent in cleartext which has become a security concern that browsers like Chrome and Firefox are trying to address with DNS over HTTPS.

 

Plaintext DNS queries can also reveal information about which websites a user visits, their IP address, and the type of computing device they used. When content filters are in place, DNS logs can capture client IDs or MAC addresses. Research has shown that DNS lookups can even be used to de-anonymize traffic from the Tor network, which was specifically designed to protect users from network surveillance and traffic analysis.

 

To defend against DNS attacks, experts recommend implementing multifactor authentication when making changes to the organization's DNS infrastructure. Operations personnel should also monitor for any changes publicly associated with their DNS records or any digital certificates associated with their organization. Another strategy is to deploy Domain Name System Security Extensions (DNSSEC), which strengthens authentication in DNS by using digital signatures based on public key cryptography. Continue reading...

Today's Takeaway

 

"DNS has two big weak points: All DNS queries and responses are sent in the clear and the authentication of DNS responses are weak." - Johannes Ullrich

Today's Buzzwords

 
denial of service (DoS) attack
To detect a DNS server participating in a denial of service attack, an organization should consistently monitor its systems for suspicious activities.

Flag Day
DNS vendors and operators have begun an annual initiative to address DNS security concerns called DNS Flag Day.

subdomain takeover
Takeovers commonly happen when web projects are ended but the subdomain DNS entries are not fully shut down.

blockchain
Blockchain could be used to manage DNS records such that unauthorised changes could be performed only by the domain owner.

Do You Speak Security?

 
A _________ is a computer that an attacker has accessed and set up to forward malicious transmissions.

a. ghost

b. zombie

Answer

Stay in Touch

 

Thank you for reading! For feedback about any of our definitions or to suggest a new definition (or learning resource) please contact us at: editor@whatIs.com

FOLLOW US

TwitterRSS
About This E-Newsletter
The Word of the Day is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US.

Click to: Unsubscribe.

You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com.

© 2020 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners.

Privacy Policy | Partners List
TechTarget

No comments: