Attacks/Breaches
8/30/2013
06:52 PM
Ehsan Foroughi
Ehsan Foroughi
Commentary
50%
50%

Thwart DNS Hijackers: 5 Tips

Domain name system attacks hit The New York Times and Twitter hard last month. Here are five ways to make your DNS records harder to hack and easier to recover if they're compromised.

4. Avoid having low TTL where possible, specifically on master records.

DNS caching can delay a DNS hijacking. The higher the TTL (time to live), the longer a hijacked domain needs to stay hijacked before it can reach the masses. However, many services use low TTL; for instance, only one minute, for load-balancing purposes.

One way of avoiding low TTL on the master record in high-traffic services is to have the master record point to a number of static servers that serve a lean landing page and have all other services use a sub-domain with low TTL.

For example, you can have "your-service.com" with high TTL to serve a small landing/login page, and use "www.your-service.com" and "api.your-service.com" with low TTL service for the rest of the application. As long as the DNS records for "your-service.com" are set up with high TTL and point to your secure DNS servers, hijacking the registrar will take a fairly long time to hit the majority of users due to the caching nature of the DNS.

5. Use high TTL for MX records to delay the hijackers' ability to reroute your emails.

Despite the fact email is known to be inherently insecure, a large amount of confidential information gets passed around in email inside companies. DNS hijackers can essentially steal these emails and cause considerable damage to an organization. Using high TTL for mail exchanger (MX) records in a DNS adds a delay for hijacking emails. Using email encryption such as PGP (pretty good privacy) will also ensure that attackers can't steal the information in the emails.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5314
Published: 2014-11-23
Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 and 5 before 5.1.4, and Dezie 8 before 8.1.1 allows remote authenticated users to execute arbitrary code via e-mail messages.

CVE-2014-5325
Published: 2014-11-23
The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity refe...

CVE-2014-5326
Published: 2014-11-23
Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-6477
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?