Moses' Security
  • Blog
  • Linux
  • Windows
  • Networking
  • About

Blog Posts

The Importance of DNS Security and Measures to Secure It

1/9/2019

1 Comment

 
The DNS service is vital part of any company's network and compromising it can lead to the loss of confidentiality and integrity. Therefore it is crucial service that needs to be both monitored and protected heavily. 
In this post we are going to discuss 3 common DNS attacks that you should protect against, now given there are many more so continue to do your research afterwards. In addition, I am also going to assume that you understand how DNS works.

Cache Poisoning

The basics of this attack is simple, redirect valid traffic going to a legitimate server over to a malicious one and it does this by corrupting the DNS cache data. Each time your computer encounters a domain name it does not recognize it must contact the DNS server, this server looks up the translation of IP addresses to domain names and then sends the packets accordingly. However, if an attacker can modify the information that the DNS server is telling users then it can affect entire companies, even more so, depending on the relationship this server has with others, then this false information can propagate to other servers in different organizations and so forth, eventually spreading like wildfire.
In short the attack can work like this:
  1. An attacker sends a query called fake-security.com to the local DNS server
  2. The local DNS server does not have this resolution so it must look it up via the internet
  3. While this happens the attacker floods the local DNS server with fake responses that look to come from the master DNS server
  4. These responses then become cached by the local DNS server
 ​Thankfully there are a number of security measures that you can take to protect against this attack. The first is to make sure that you keep your servers updated and to secure the network itself. Next is to only store data that is related to the requested domain, while restricting and limit the query responses to only provide information about the requested domain. Finally, make sure that any services not needed are turned off. If you need further security DNSSEC is a tool that can provide additional security through public key encryption. 

DOS - TCP SYN Floods

​In short, an attacker will overload the server by sending bogus SYN packets to abuse the TCP 3-way handshake connection. In reply, the server will send SYN-ACK responses, thus leaving the server 'hanging', which eventually leaves the server unable to connect to requests coming from valid users.
A method to prevent against such an attack would be to implement a host based firewall and a host-based intrusion detection system, while securing the network itself.

MITM - DNS Hijacking

Man in the middle DNS hijacking is the idea of an attacker intercepting and altering the cache data traffic between a user and the DNS server, thus leading the user to be redirected to a different destination that is often malicious. 
While not fool-proof the three best methods that can be used to prevent against such an attack are to secure the surrounding network, locking down who is allowed access, using DNSSEC, and encouraging and sometimes even forcing clients to use HTTPS whenever browsing websites. Now, forcing users to use HTTPS will not encrypt the DNS traffic itself, but can act as a last line of defense with the web browser displaying that user has entered into an unsafe zone.
1 Comment

    Archives

    January 2020
    June 2019
    April 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018

    Categories

    All
    Cisco
    CTF
    Firewalls
    Linux
    Networking
    Penetration Testing
    Security Defense
    VulnHub
    Windows

Hope you have enjoyed your stay! Come back again!
​This site is under constant (slow) construction. Thank you for your patience.
Created by Moses J. Arocha ©
  • Blog
  • Linux
  • Windows
  • Networking
  • About