A DNS attack can have an outsize impact on the targeted organization – or organizations. Here's how to make hackers' lives much more difficult.

The Domain Name System (DNS) has long been a favored target for threat actors looking to disrupt victims. Whether criminals are looking to use DNS to misdirect traffic in order to steal information, gain access, or launch attacks that deny access to a victim's resources, it is a critical link that can become a huge vulnerability.

DNS vulnerability was put under the spotlight in the Mirai attack on the DynDNS service in 2016. In that case, attacking a single DNS source had an impact on scores of major organizations. And that's one of the great attractions DNS has as a target: Disrupting DNS can have an outsize impact on the organization (or organizations) hit by an attack.

Other qualities make DNS a favorite tool for hackers. Because the information returned is considerably larger than the query, and DNS is a service that nearly every firewall will allow to pass, DNS servers make useful amplification tools in DDoS attacks. That usefulness means DNS servers and services need to be protected in two different dimensions.

First, DNS must be protected so that it continues to resolve names consistently and correctly for the organization it serves. Next, it must be protected so that it can't be used as a weapon against other organizations and individuals. Many of the steps to protect one will protect the other, but some defensive mechanisms focus on one aspect or the other.

Many of the protective steps on this list can be taken without rushing out to buy new networking hardware. The question for many organizations will be how to prioritize defensive steps and ensure that all the steps taken work in harmony to protect an organization's network, applications, and users.

(Image: GrAI VIA SHUTTERSTOCK)

About the Author(s)

Curtis Franklin, Principal Analyst, Omdia

Curtis Franklin Jr. is Principal Analyst at Omdia, focusing on enterprise security management. Previously, he was senior editor of Dark Reading, editor of Light Reading's Security Now, and executive editor, technology, at InformationWeek, where he was also executive producer of InformationWeek's online radio and podcast episodes

Curtis has been writing about technologies and products in computing and networking since the early 1980s. He has been on staff and contributed to technology-industry publications including BYTE, ComputerWorld, CEO, Enterprise Efficiency, ChannelWeb, Network Computing, InfoWorld, PCWorld, Dark Reading, and ITWorld.com on subjects ranging from mobile enterprise computing to enterprise security and wireless networking.

Curtis is the author of thousands of articles, the co-author of five books, and has been a frequent speaker at computer and networking industry conferences across North America and Europe. His most recent books, Cloud Computing: Technologies and Strategies of the Ubiquitous Data Center, and Securing the Cloud: Security Strategies for the Ubiquitous Data Center, with co-author Brian Chee, are published by Taylor and Francis.

When he's not writing, Curtis is a painter, photographer, cook, and multi-instrumentalist musician. He is active in running, amateur radio (KG4GWA), the MakerFX maker space in Orlando, FL, and is a certified Florida Master Naturalist.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights