What is a DNS Attack?
DNS is a fundamental part of the internet, but sadly it is not known for its security. This means that a DNS attack remains a very viable strategy for cyberattackers - unless you take steps to protect yourself against it.
How to Protect your Website from the Main Types of DNS Attack?
DNS stands for Domain Name System. It is the system that converts alphabetic URLs (www.example.com) as used by humans into IP addresses (12.34.56.78) as used by computers. As such, it is fundamental to the functioning of the internet.
In fact, it is so fundamental that companies cannot choose to stop supporting it even though it has well-known security issues. They just have to deal with those issues as best as they can. Fortunately, if you take the right measures, you are highly unlikely ever to fall victim to a DNS attack.
Three Major DNS Attack Types
There are many different strategies cybercriminals can use to implement a DNS attack. Ultimately, however, they all have one of three goals. These are data theft, domain hijacking, and DDoS attacks. Here is a quick guide as to how to deal with each of these threats.
1. Data Theft
Officially, the way to deal with DNS being used to facilitate data theft is to implement DNSSEC. Ideally, this should be partnered with HTTPS for maximum data security. In practice, however, support for DNSSEC is not as mainstream as you'd think it ought to be given the importance of implementing effective data security in the modern world.
This is, therefore, one of those occasions where it generally makes more sense to treat the symptom rather than the cause. In other words, keep all sensitive data encrypted at all times and ideally send it over an encrypted connection as well.
2. Domain Hijacking
Domain hijacking is when someone uses DNS to redirect traffic from your website to a website of their choosing. This form of DNS attack tends to be either very blatant or very subtle. The blatant attacks tend to redirect traffic to “non-work-safe” websites. The subtle ones tend to redirect traffic to sites that look and feel like the genuine one, but which serve some malicious purpose, such as data theft.
There are lots of potential signs that you have been the victim of a domain-hijacking DNS attack. Unfortunately, these signs can also point to numerous other issues, many of which are far more common. This means that it is advisable to be proactive about checking for DNS hijacking (even though it's relatively rare).
Once a day or so, ping an IP address you do not use. If it comes back unresolved, all is well. If it comes back resolved, then there is a very strong chance that your domain has been hijacked. Your first course of action should be to check for malware on your router. Once you've removed it, you need to work out how it got there in the first place and hence what you need to do to stop it happening again.
As a final point, using DNS is one of the two main ways to hijack a domain. The other is to get the credentials to the account with the domain registrar (or with your host if you get your domain through them). You need to guard these details carefully and you also need to put a lock on your domain to prevent it from being transferred without additional verification.
Last but definitely not least, remember that domains expire and if you fail to renew them in time, somebody else can buy them. This is not domain hijacking but it has the same effect. Your only recourse is to hope the buyer is prepared to sell you back your domain and, if they are, you'll be paying their price. This should be an easy issue to avoid, but you need to keep on top of it!
3. DDoS Attacks
DDoS attacks are one of the major pains of the modern internet. It is, however, possible to put up robust defenses against them.
Protecting against DDoS attacks starts with implementing flexible, decentralized architecture with plenty of bandwidth. That means looking at the efficiency of traffic routes, avoiding single points of failure, using smart DNS lookup, load-balancers, and content delivery networks as appropriate, and having plenty of bandwidth. Buy as much bandwidth as you can reasonably afford.
Ping your servers regularly so you pick up on any problems when they are still in the early stages. If you have plenty of bandwidth, then you will have at least a decent fighting chance of resolving it before it goes critical.
Implement a web applications firewall and consider signing up for a DDoS mitigation service. These can both go a long way to fending off malicious traffic.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
