Maksim Kabakou - Fotolia

Security Think Tank: Business should arm against rise in DNS server attacks

What are the main security risks associated with DNS and how are these best mitigated?

Domain name system (DNS) server attacks are on the rise, generally because adversarial threats are looking for financial or political gain.

DNS servers translate a web address (URL) into an IP address. Some organisations use an external service provider to resolve DNS queries, whereas others have the capability in-house.

Organisations using an external service provider could be vulnerable to an attack such as the one that targeted US DNS provider Dyn in October 2016.

Because of cost and logistics, most organisations use only a single external service provider. However, some enterprises have decided that the impact of an attack on an external service provider is too great, and have engaged an additional provider.

If DNS servers are located in-house, organisations should consider having more than one authoritative DNS server. This is more complex to manage, but can provide redundancy when threats are focused on compromising a single point of failure.

Beyond basic hygiene and good network practices, such as patching, privileged access and not using default passwords, there are other actions that organisations with in-house DNS servers can take.

Reviewing DNS logs is helpful, particularly looking for DNS queries to newly registered domains because, typically, DNS domains for malicious software are created specifically for an attack. Also consider looking for DNS look-up failures to identify systems that are likely to be infected by malware.

Organisations can consider using DNS security extensions (DNSSEC) to attest to the validity of the address of the sites being requested. Internet organisation ICANN recommends using DNSSEC in the root zone (the first port of call for a DNS server).

Although not all organisations are keen on DNSSEC, with cost and complexity the main issues, we are in a new era in which devices making up the internet of things are used to launch DNS server attacks, and so consideration should be given to the benefits of deploying such technology against the risks of not doing so.

Maxine Holt is principal analyst at the Information Security Forum (ISF). ............................................................................................................

Read more on IT risk management