Domain Name Server (DNS) Security Tips & Tricks

What is DNS And What Are Its Biggest Threats?  

Cybercrime is on the rise and it's not just inconvenient for a business – it can be devastating. Domain Name System, or DNS, attacks are becoming more frequent and increasingly more sophisticated.

The International Data Corporation (IDC) reported in late 2019 that 82% of companies had a DNS attack within the last year. 63% of those companies suffered downtime as a result of the DNS attack. IDC's data also revealed that from 2018 to 2019 alone, it became 49% more expensive to recover from a DNS attack, with nearly half the respondents reporting costs in excess of $500,000. More than half of the organizations in the study also said multiple days are required to resolve a single attack.

Cyber attacks against DNS servers are one of the largest Internet security threats in the world today. DNS is used across virtually all industries, by companies of all sizes – any organization that uses network applications, including email, websites, e-commerce, instant messaging, and much more.

As these attacks get ever more complex and are more commonly launched from within the internal network, organizations are being forced to come up with highly-advanced mitigation techniques and tools to combat them. However, many employees outside a company's IT department don't even understand exactly what DNS is or how it works.

Defining DNS

The primary function of DNS is to provide a link between specific IP addresses and the website names displayed to Internet users. When someone types in a familiar term to find a website, such as, "www.360smartnetworks.com," they are essentially sending a query. DNS then works in the background to translate that to a unique IP address.

This hostname-to-IP-address mapping results in records being stored in a database, which is held and distributed by a DNS server. Every DNS in the world holds relatively few records compared to how many there are total, which makes sense considering there were 366.8 million domain name registrations in just the first quarter of 2020. When a domain name is typed into a search bar, the nearest DNS server finds the correct IP address, then grants the user access to the website.

What Are The Biggest Threats To DNS?

Because DNS is a critical component of a company's infrastructure and it is so widely used, it is frequently targeted in cyberattacks. There are several sophisticated ways that DNS can be attacked.

• DNS hijacking - When attackers hijack a DNS, they often override and change a computer or network's IP settings. In more mild cases, this often presents as a redirect, routing users to an entirely different website.
• DNS phishing - Phishing has long been a common type of cyberattack, but more recently, DNS hijacking and phishing have become some of the most popular methods to carry it out. In phishing attacks, users are re-directed to a near-identical, fraudulent copy of a legitimate website. These types of attacks are typically undetectable and are almost always devastating. Not only are website security and privacy compromised, but unsuspecting visitors may input sensitive information that the attackers can then harvest, manipulate, or use in some other way.
• DDoS attacks - Commonly referred to as a "DNS flood," a DDoS (Distributed Denial of Service) attack involves cybercriminals overwhelming, or "flooding," the DNS server(s) of a specific domain. When successful, this disrupts or crashes the domain's DNS resolution. DNS DDoS attacks can compromise a company's website or API, rendering it unable to handle traffic requests.

DNS Best Practices

DNS acts as the first line of defense in a company's data security. The great news is that there are many steps an organization can take to strengthen its DNS and protect its websites and other network-based applications against common attacks.

• Have a minimum of two internal DNS nameservers attached to each domain
• Audit all DNS zones, including those no longer used at all, subdomains, and test webpages. These often have substantially less oversight and are more vulnerable to attacks because of outdated software and other applications.
• Keep all DNS servers up to date
• Use two-factor authentication. Even the most well-secured DNS servers could be compromised, but if a two-step authentication system is in place, the worst-case scenario is that attackers obtain some usernames and passwords.

Finally, one of the best things any company can do to protect its DNS and all the sensitive data that goes along with it is working with a dedicated IT services company. Cyberattacks are only going to get more complex, and even large organizations simply don't have the resources – or desire – to keep up with them full-time.

While there will always be cybercriminals who attack DNS and other critical technology infrastructure, a company that focuses solely on protecting it can be a tremendous and invaluable resource.

360 Smart Networks is exactly such a company, providing IT services and technology solutions in the Atlanta and Charlotte areas. Contact us or call us at {phone} to schedule a consultation today.