Domain Name System (DNS) and Cyber Security Vulnerability

DNS- At the Heart of the Internet

It is safe to say that without the Domain Name System (DNS), the Internet would not be the force it is today.

In the early days of the Internet, users trying to reach another host on the network were required to input lengthy IP number strings (e.g., 74.125.45.105- a listed IP address for Google). As the Bay Area process servers internet grew number strings became more cumbersome and unworkable as most users could not consistently remember the proper sequencing of random numbers.

To simplify this process, a solution was developed based on a data solution (flat file) that related each IP address to a comparatively easy-to-remember common language address (e.g., Amazon.com, U-Tube.com, and Twitter.com) that was easy to remember and provided ease of use.

By the late 1980s, the flat file had evolved to the Domain Name System (DNS) in use today-a system that is open, distributed, and expands as users, enterprises, Internet Service Providers (ISPs) and domains appear on the network. Ease of use and expandability was the goal but, since cyber security attacks and malware were virtually unknown, DNS security was not a priority.

DNS is very effective and works in the background of search activity. Internet users are assured that when they type in a URL or e-mail address, they will be connected to the correct Web site or e-mail box. Many commercial companies developed brand strategies based on this functionality in order to use the Internet’s reach to develop more customers and increase sales/revenue. Most of these companies adopted a.com or.net extension. The Federal government adopted a.gov or.mil extension.

DNS Brand Implications

The functionality of DNS opened the branding world to the Internet. Common names became commonplace brands (e.g. Google, Bing, Amazon, and E-Bay) and powerful strategies were developed to market brands on the Internet.

An entirely new marketing strategy called Search Engine Marketing (SEM) developed whereby keyword searches and positioning on search pages developed into a major industry. Premier placing on the first page of a search engine gave the recipient an advantage for more business versus the competition.

Google became a multi-billion dollar concern by developing algorithms that enabled effective and powerful key word searches. Web based purchases supported by easy, convenient key word searches now account for 20-30% of all retail business and the web based e-commerce market share continue to enjoy strong growth. DNS is an integral part of this success. But as traffic on the Internet grew, the entire net became vulnerable to Cyber attacks. A good portion of this vulnerability can be attributed to the inherent vulnerability of DNS.

DNS is inherently Insecure

The original design of the Domain Name System (DNS) did not include robust security features; instead it was designed to be a scalable distributed system and attempts to add security, while maintaining backwards compatibility were rudimentary and did not keep pace with the skills of malicious hackers. As a result cyber attacks created Internet chaos.

Security may top the list of enterprise and network administrators, but too often the link between security vulnerability and DNS is not understood. In order to enhance security and defend against cyber attacks, government agencies, commercial enterprises and network administrators must acknowledge the importance of DNS to the secure operation of the Internet.

Consequently, any commercial company that uses the Internet for sales, e-commerce, service, marketing or logistics, as well as Internet Service Providers (ISPs) and large, strategically sensitive government networks need to be aware of DNS vulnerability.

As the Internet expands in terms of users, devices and traffic, so does the opportunity for sophisticated DNS mayhem-whether malicious (hacking), aggravating (spam) or illegal (accessing sites containing content that violates legal and regulatory mandates) or devastating denial of service (DoS) attacks..

It became very evident that enterprises and ISPs must protect their users and networks-sometimes from the amateur hacker but increasingly from organized crime and state sponsored cyber terrorism. One of the most vulnerable, critical areas was DNS. Cyber attacks are expected to increase and have a bigger impact as the Internet grows.

The internet is also growing by an order of magnitude and just about every user of the internet is directly affected by the Domain Name System (DNS). The Domain Name System (DNS) is an essential part of the Internet. Many Internet security mechanisms, including host access control and defenses against spam and phishing, heavily depend on the integrity of the DNS infrastructure and DNS Servers.

DNS Servers

DNS servers running the software known as BIND (for Berkeley Internet Name Daemon, or sometimes Berkeley Internet Name Domain), is one of the most commonly used Domain Name System (DNS) server on the Internet, and still proclaims it to be so.

Presently, BIND is the de facto standard DNS server. It is a free software product and is distributed with most UNIX and Linux platforms. Historically, BIND underwent three major revisions, each with significantly different architectures: BIND4, BIND8, and BIND9. BIND4 and BIND8 are now considered technically obsolete. BIND9 is a ground-up rewrite of BIND featuring complete Domain Name System Security Extensions (DNSSEC) support in addition to other features and enhancements. But even with the rewrite BIND, in all versions, remains vulnerable.

A new version, BIND 10 is under development but the effectiveness of it its security features are untested. Its first release was in April 2010, and is expected to be a five-year project to complete its feature set.

Common Vulnerabilities: Cache Poisoning and Distributed Denial of Service

The DNS vulnerabilities open the affected networks to various types of cyber attacks but cache poisoning and DDoS attacks are usually the most common.

Cache poisoning is arguably the most prominent and dangerous attack on DNS. DNS cache poisoning results in a DNS resolver storing (i.e., caching) invalid or malicious mappings between symbolic names and IP addresses. Because the process of resolving a name depends on authoritative servers located elsewhere on the Internet, the DNS protocol is intrinsically vulnerable to cache poisoning. Cache poisoning allows the perpetrator to gain access to proprietary information like bank records and social security numbers.

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is focused on making computer resources unavailable to its intended users. A DDoS consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all.

Perpetrators of DoS attacks typically target sites or services hosted on high-profile web servers such as government agencies, banks, credit card payment gateways, and even root nameservers. The term is generally used with regards to computer networks. Of particular concern are DoS or DDoS attacks on large government networks like the Department of Defense or Veteran’s administration networks.

CATEGORIES:

Tags:

No Responses

Leave a Reply

Your email address will not be published. Required fields are marked *