Unpacking the latest expectations in DNS Security
Following the release of 2017 cyber-security studies by industry leaders including Cisco, Efficient IP, and Infoblox, it has become clear the face of DNS security is to change dramatically in the coming years.
Cybercriminals are carrying out increasingly sophisticated– and profitable – attacks, revealing a clear need for organisations to evolve their approach to cybersecurity and embrace an industry-wide paradigm shift.
With a view to advising our customers on how to best manage their DNS architectures, we’re taking a closer look at the suggested changes and what they mean for your infrastructure, starting with the basics.
What is DNS Security?
The Domain Name System (DNS) is a crucial infrastructure used by almost every enterprise or organisation in its day-to-day business. To put it simply, DNS maps Internet domain names to IP numbers in the same way that a phone book matches a name with a number.
Despite being one of the most critical elements in the network to deliver IT services, it is not always efficiently protected and is increasingly the target of cyber-attacks designed to cause business damage, service degradation or even downtime. The reality is that most security solutions have simply not been designed to deal with threats to the DNS infrastructure.
Another important thing to remember is that when discussing DNS security, one has to distinguish between threats against the external internet-facing DNS servers and targeted attacks against internal systems where the DNS service is being misused during the preparation, the intrusion, and the attack stage.
Threats to External DNS Infrastructure: What you should be worried about!
The job of external or “authoritative” DNS servers is to answer external queries from anyone on the Internet trying to connect to your company email or web servers. They must be available 100% of the time or your services will disappear from the Internet.
The main attack types against DNS Servers are DNS DDoS and DNS Zero-Day attacks.
- DNS DDoS attacks are volumetric attacks which are used to flood the server with seemingly legitimate traffic. Most DNS servers can only cope with up to 300.000 queries per second (QPS);
- DNS Zero-Day attacks take advantage of security holes for which a patch has not been developed or applied.
In its 2017 Global DNS Threat Survey Report, EfficientIP, a provider of network services, revealed that globally 88% of DNS DDoS attacks were over 1M QPS and that 83% of organisations did not apply the adequate number of security patches.
Threats to Data and Your Internal DNS Infrastructure
In cyber-attacks which pose a threat to Data and internal DNS, the Domain Name Service is used (or better: misused) in order to execute the planned attack against systems that are located inside the organisations’ firewall perimeter.
- Malware Exploiting DNS
Malicious malware is becoming increasingly sophisticated and uses DNS to locate and connect to C&C Servers, making it harder for traditional security tools to detect the intrusion. Command & Control servers are centralised machines that are used to remotely send commands to a compromised network of computers. According to Cisco’s 2016 Annual Security Report, over 90% of malware relies on Domain Name Services and exploits DNS for malicious purposes.
- DNS Tunneling with Data exfiltration
DNS may be used as a pathway to exfiltrate data out of the company network either unknowingly, by devices being infected with malware, or even intentionally, by malicious insiders. As the traditional security devices do not perform complete DNS transaction analysis, the data leakage will remain largely undetected.
According to EfficientIP, 28% of survey respondents who were attacked had sensitive data stolen.
What we recommend
An unsecured DNS architecture is an invitation to attackers that can result in data exfiltration, loss of business and application downtime. These security challenges mandate the need for DNS security solutions designed and deployed to ensure service continuity and data protection.
Here’s what we would recommend to start strengthening your cyber-security approach and protecting your sensitive data:
- Simplify the DNS architecture and use high-performance systems
- Eliminate single points of failure
- Enhance your threat visibility with DNS transaction analysis
- Apply adaptive countermeasures
- Keep your DNS security up to date by patching your servers
– Efficient IP 2017 Report DNS Threat Survey
– Cisco 2016 Annual Security Report
– Infoblox – The New Standard in DNS Security May 2016