Protecting DNS Data

  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |

You may wonder, why care about DNS security? What's the worst that could go wrong with a service that primarily maps names to IP addresses? Eugene Kashpureff understood the importance of protecting DNS data. On July 11, 1997, he hacked into the website of InterNIC, then the leading Internet organization responsible for domain name and IP address allocation. Illegally altering their DNS server, for several days he redirected InterNIC visitors to his own organization that opposed InterNIC. Even the premier DNS-related organization was not immune to attack.

And don't think these kinds of attacks have dwindled. History repeated itself on June 26, 2008, when hacker group NetDevilz did a similar thing to icann.com, the current leading domain name and IP address provider. Even though the error was caught within 20 minutes, the fake information had already spread throughout the DNS and visitors continued to see the NetDevilz-defaced page for up to 48 hours later.

Competitors, spyware-hawkers, and outright scammers and con artists frequently inject their own code onto innocent websites and servers. Without DNS security solutions, your customers, clients, employees, or members could think they're going to your web site when they're really going to a counterfeit site designed to steal their information. And don't think that DNS security is a standard or automatic measure.

At the start of last year, 80% of U.S. federal agencies, including the Department of Homeland Security, had failed to update their DNS security to a truly safe standard. As you can see, protecting DNS data is an under looked but crucial issue in web security. If you lose integrity of the system, the information could be modified or even maliciously deleted in a seemingly "authorized" way.

How should one go about protecting DNS data? There are several different varieties of DNS security. One method is to secure transactions. Transactions are the messages - queries, responses, and others - sent and received by the DNS name server. One way to secure transactions is to digitally sign the zone data so that no unauthorized user could access it. One could also use a whitelist-based approach, refusing or ignoring all queries from unauthorized addresses, but this would not be practical for a public web site. For situations such as this, it's best to get DNS solutions from a proven DNS security expert.

Rate this Article:
  • Article Word Count: 381
  • |
  • Total Views: 10
  • |
  • permalink
  • Print Article |
  • Send to a Friend |
  • |
  • Add to Google |
Popular Articles by kevin foley
>