Rencontrez nos experts
English Content

Articles récent

ICT Experts LuxembourgNetwork & Connectivity Unpacking the latest expectations in DNS Security
Unpacking the latest expectations in DNS Security

Unpacking the latest expectations in DNS Security

Following the release of 2017 cyber-security studies by industry leaders including Cisco, Efficient IP, and Infoblox, it has become clear the face of DNS security is to change dramatically in the coming years.

Cybercriminals are carrying out increasingly sophisticated– and profitable – attacks, revealing a clear need for organisations to evolve their approach to cybersecurity and embrace an industry-wide paradigm shift.

With a view to advising our customers on how to best manage their DNS architectures, we’re taking a closer look at the suggested changes and what they mean for your infrastructure, starting with the basics.

What is DNS Security?

The Domain Name System (DNS) is a crucial infrastructure used by almost every enterprise or organisation in its day-to-day business. To put it simply, DNS maps Internet domain names to IP numbers in the same way that a phone book matches a name with a number.

Despite being one of the most critical elements in the network to deliver IT services, it is not always efficiently protected and is increasingly the target of cyber-attacks designed to cause business damage, service degradation or even downtime. The reality is that most security solutions have simply not been designed to deal with threats to the DNS infrastructure.

Another important thing to remember is that when discussing DNS security, one has to distinguish between threats against the external internet-facing DNS servers and targeted attacks against internal systems where the DNS service is being misused during the preparation, the intrusion, and the attack stage.

Threats to External DNS Infrastructure: What you should be worried about!

The job of external or “authoritative” DNS servers is to answer external queries from anyone on the Internet trying to connect to your company email or web servers. They must be available 100% of the time or your services will disappear from the Internet.

The main attack types against DNS Servers are DNS DDoS and DNS Zero-Day attacks.

  • DNS DDoS attacks are volumetric attacks which are used to flood the server with seemingly legitimate traffic. Most DNS servers can only cope with up to 300.000 queries per second (QPS);
  • DNS Zero-Day attacks take advantage of security holes for which a patch has not been developed or applied.

In its 2017 Global DNS Threat Survey Report, EfficientIP, a provider of network services, revealed that globally 88% of DNS DDoS attacks were over 1M QPS and that 83% of organisations did not apply the adequate number of security patches.

Threats to Data and Your Internal DNS Infrastructure

In cyber-attacks which pose a threat to Data and internal DNS, the Domain Name Service is used (or better: misused) in order to execute the planned attack against systems that are located inside the organisations’ firewall perimeter.

  • Malware Exploiting DNS
    Malicious malware is becoming increasingly sophisticated and uses DNS to locate and connect to C&C Servers, making it harder for traditional security tools to detect the intrusion. Command & Control servers are centralised machines that are used to remotely send commands to a compromised network of computers. According to Cisco’s 2016 Annual Security Report, over 90% of malware relies on Domain Name Services and exploits DNS for malicious purposes.
  • DNS Tunneling with Data exfiltration
    DNS may be used as a pathway to exfiltrate data out of the company network either unknowingly, by devices being infected with malware, or even intentionally, by malicious insiders. As the traditional security devices do not perform complete DNS transaction analysis, the data leakage will remain largely undetected.

According to EfficientIP, 28% of survey respondents who were attacked had sensitive data stolen.

What we recommend

An unsecured DNS architecture is an invitation to attackers that can result in data exfiltration, loss of business and application downtime. These security challenges mandate the need for DNS security solutions designed and deployed to ensure service continuity and data protection.

Here’s what we would recommend to start strengthening your cyber-security approach and protecting your sensitive data:

  • Simplify the DNS architecture and use high-performance systems
  • Eliminate single points of failure
  • Enhance your threat visibility with DNS transaction analysis
  • Apply adaptive countermeasures
  • Keep your DNS security up to date by patching your servers

Sources:

  • Efficient IP 2017 Report DNS Threat Survey
  • Cisco 2016 Annual Security Report
  • Infoblox – The New Standard in DNS Security May 2016

Derrière chacun de nos échanges électroniques se cache nécessairement un réseau. Avec la digitalisation de l’économie, les besoins en connectivité des organisations ont considérablement évolué. L’entreprise s’ouvre vers l’extérieur, doit répondre à des besoins accrus en mobilité. Elle est désormais connectée au cloud. Elle doit aussi faire face à de nouveaux enjeux de sécurité, en mettant en place des contrôles d’accès à son réseau et des systèmes de protection efficaces contre les tentatives d’intrusion.

En tant que Product Manager au sein de POST Telecom, ma mission est de penser et développer des produits de réseautique répondant aux besoins actuels et à venir du marché.

Mon parcours, au sein des divers départements ICT de sociétés spécialisées dans la gestion de l’information sensible, comme SES ou EBRC, m’a permis de bien appréhender les enjeux les plus complexes liés à l’émergence d’une société numérique.

Pour les entreprises, il ne s’agit plus seulement de se doter de solutions performantes. Désormais, les organisations souhaitent pouvoir s’appuyer sur des services de connectivité intégrés, incluant la mise à disposition d’infrastructures performantes, leur supervision et leur gestion. La sécurité est aussi un enjeu crucial. Or, une bonne protection des systèmes et des données doit passer par une sécurisation optimale du réseau et de ses points d’entrée, ainsi que par un monitoring de l’activité en son sein.

Au sein de POST Telecom, j’ai la chance de pouvoir mettre mon expertise au service d’une large variété d’acteurs, pour les aider à mieux évoluer au cœur de cette société de plus en plus digitale.

Pas de commentaires

Laisser une réponse