Introduction
DNS was not designed with security in mind, and there are many types of attacks created to exploit vulnerabilities in the DNS system.
Domain Name System or DNS is used every time you access a website to convert the site name to an IP address. The performance, reliability and speed of the DNS determine the quality of the user experience when using the content and application. The purpose of DNS is critical, making it a very sensitive area and therefore a popular target for hackers. DNS is one of today’s fastest-growing attack vectors. When critical DNS services are compromised, it can result in catastrophic network and system failure.
Performance, downtime and security threats
When external DNS servers are subject to cyber attacks such as DNS DDoS, DNS reflection, amplification, protocol anomalies, exploits and reconnaissance, the result for enterprises can be disastrous. Service disruption, poor customer experience, unwanted publicity, brand damage and loss of revenue are the most common outcomes.
Malware exploiting DNS, data exfiltration via DNS
DNS is also used by infected endpoints within an enterprise to communicate with command and control servers to steal sensitive data. Techniques such as fast-flux and domain generation algorithm (DGA) cost precious time to detect and mitigate.
Data exfiltration is done using DNS tunnelling and is capable of transferring data from inside an enterprise to outside recipients by encrypting and embedding pieces of that data in legitimate DNS queries.
DNS Hijacking
When DNS is hijacked, users are redirected to a bogus site controlled by the hacker. Using this method, hackers can get unauthorized access to usernames, passwords and other private or sensitive data.
Securing DNS requires purpose-designed security solutions that protect the DNS servers and services from the threats above. DNS security solutions are also used to enforce network protection.
Secure your business, secure your DNS
SR Cloud Solutions offers DNS security solutions for UK businesses of all sizes. DNS security solutions are built on technology from innovative and leading vendors such as Cisco, EfficientIP, Infoblox, and Imperva.
Our experts have the capability to assess your DNS security risks and advise on the best solution to fit your business and technical requirements.
DNS solutions overview
- DNS Anti DDoS Protection
- DNS Firewall
- DNS-Layer Security
- DNS Malware Containment and Control
- DNS Data Exfiltration Prevention
- DNS delivery solutions to improve DNS performance
Why choose SR Cloud Solutions?
SR Cloud Solutions has a 25-year track record of supplying managed security services to many organisations in different industries.
- The best technology – highest levels of accreditation with the world’s leading vendors such as Cisco, EfficientIP, Infoblox, and Imperva.
- Skills and expertise with a UK-based 24/7 Security Operations Centre (SOC).
- We are a Joscar accredited business which means we are certified to work with leading defense companies who require the highest standards of cyber security.
- We are experts in Cloud infrastructures such as Microsoft Azure so we can provide expert security consultancy on hybrid cloud environments and how best to secure and monitor those environments including Cloud Governance.
Book a meeting with one of our consultants to learn more or read on more below to find out more about our DNS Security Solutions.
DNS SECURITY SOLUTION BENEFITS
Multi-Vendor DNS Protection
Multi-vendor DNS protection that is designed to meet the highest security standards.
Experienced
Extensive field experience from different customers, markets and countries.
Integration
Support with turnkey deployment and integration of a DNS security solution
Experts in DNS Security
Potential to use our experts for continuous reviews of your DNS security solution configuration and settings.
Join Other Leading Companies Who Trust SR Cloud Solutions
Frequently Asked Questions
DNS security is the practice of protecting DNS infrastructure from cyberattacks in order to keep it performing quickly and reliably. An effective DNS security strategy incorporates a number of overlapping defenses, including establishing redundant DNS servers, applying security protocols like DNSSEC, and requiring rigorous DNS logging.
Like many Internet protocols, the DNS system was not designed with security in mind and contains several design limitations. These limitations, combined with advances in technology, make DNS servers vulnerable to a broad spectrum of attacks, including spoofing, amplification, DoS (Denial of Service), or the interception of private personal information. And since DNS is an integral part of most Internet requests, it can be a prime target for attacks.
In addition, DNS attacks are frequently deployed in conjunction with other cyberattacks to distract security teams from the true target. An organization needs to be able to quickly mitigate DNS attacks so that they are not too busy to handle simultaneous attacks through other vectors.
Attackers have found a number of ways to target and exploit DNS servers. Here are some of the most common:
DNS spoofing/cache poisoning: This is an attack where forged DNS data is introduced into a DNS resolver’s cache, resulting in the resolver returning an incorrect IP address for a domain. Instead of going to the correct website, traffic can be diverted to a malicious machine or anywhere else the attacker desires.
DNS tunneling: This attack uses other protocols to tunnel through DNS queries and responses. Attackers can use SSH, TCP, or HTTP to pass malware or stolen information into DNS queries, undetected by most firewalls.
DNS hijacking: In DNS hijacking the attacker redirects queries to a different domain name server. This can be done either with malware or with the unauthorised modification of a DNS server.
NXDOMAIN attack: This is a type of DNS flood attack where an attacker inundates a DNS server with requests, asking for records that do not exist, in an attempt to cause a denial-of-service for legitimate traffic.
Phantom domain attack: A phantom domain attack has a similar result to an NXDOMAIN attack on a DNS resolver. The attacker sets up a bunch of ‘phantom’ domain servers that either respond to requests very slowly or not at all.
Random subdomain attack: In this case, the attacker sends DNS queries for several random, nonexistent subdomains of one legitimate site. The goal is to create a denial-of-service for the domain’s authoritative nameserver, making it impossible to lookup the website from the nameserver.
Domain lock-up attack: Attackers orchestrate this form of attack by setting up special domains and resolvers to create TCP connections with other legitimate resolvers. When the targeted resolvers send requests, these domains send back slow streams of random packets, tying up the resolver’s resources.
Botnet-based CPE attack: These attacks are carried out using CPE devices (Customer Premise Equipment; this is hardware given out by service providers for use by their customers, such as modems, routers, cable boxes, etc.). The attackers compromise the CPEs and the devices become part of a botnet, used to perform random subdomain attacks against one site or domain.
A DNS firewall is a tool that can provide a number of security and performance services for DNS servers. A DNS firewall sits between a user’s recursive resolver and the authoritative nameserver of the website or service they are trying to reach. The firewall can provide rate limiting services to shut down attackers trying to overwhelm the server. If the server does experience downtime as the result of an attack or for any other reason, the DNS firewall can keep the operator’s site or service up by serving DNS responses from cache.
In addition to its security features, a DNS firewall can also provide performance solutions such as faster DNS lookups and reduced bandwidth costs for the DNS operator.
Speak to one of our security EXPERTS
Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.
