Setting up a network for your business is a must in this present age of technological interconnectedness. Having different workstations present in a single network makes it much easier to handle data, share files, keep track of other parts of your project, and communicate efficiently. However, a network, if not handled properly, can also leave you vulnerable to an attack from malicious third party sources.
When building a network, most people forget the basic tenants of security. It is imperative that there be a DNS firewall to protect your confidential data and resources from the risk of breach. Without the proper checks in place, all your hard work may just be in vain.
What is DNS?
DNS or Domain Name Server is dynamic database that spans the entire globe and keeps a map of paths between hostnames, IP Addresses, text records etc. in order to efficiently send to or receive data from sites stored anywhere on the web. DNS is hierarchical in nature and contains a tree-like data structure that links domain names as nodes. The root of this tree starts with “.”. For example the right dot in “www.facebook.com.” represents the root zone from which the DNS hierarchy is further split.
The primary function of DNS is to translate hostnames to IP addresses. For example, users understand what “google.com” refers to, but a computer will not. The DNS resolver checks its maps and changes this hostname to its equivalent IP address in order to display appropriate results.
DNS cache poisoning or DNS spoofing is a method of falsifying an IP Address in order to hack a DNS. This occurs when an attacker manages to corrupt the DNS resolver. Normally, a DNS resolver caches previous queries in order to return faster data. However, if an attacker can spoof this cache, the returned IP Address may not be the one that the user requires and the traffic may be re-routed to the attacker’s computer. For example, if the user wants to access “google.com”, the DNS should provide the IP Address of one of the many Google servers that handles traffic from your nearest location. However, if the cache has been corrupted, the DNS may reply with a malicious IP which can then read all data packets you were trying to send to Google.
Once the cache has been corrupted, it will stay in the server for cache lifetime (Time To Live) or until someone notices the breach. However this type of breach is not easy to detect since there isn’t an anomaly that the system can detect.
How to prevent this?
Prevention of cache poisoning is, unfortunately, not a one-step solution. There are a lot of ways we can try to plug the loopholes. For starters, companies should ensure their IT teams configure their DNS servers to rely as little as possibleon other DNS servers. By doing this, even if one DNS server is corrupted, the breach will stay localized and not compromise the entire network. You should also use the most updated DNS available. BIND 9.5.0 or higher has port randomization features and cryptographically secures Transaction IDs. This prevents spoofing of caches.
IT teams should also limit recursive queries in DNS servers. The DNS server should ensure that it proactively clears any services that are not immediately required. Apart from this, you can also use available tools like DNSSEC (Domain Name System Security Extension) to prevent possible attacks.
The boundaries of security are continuously evolving, as are the methods to bypass them. It will never be possible to guarantee a failsafe method of protection, but by being aware of possible dangers and being vigilant of your services, you can make your network as secure as possible.