Domain name system or DNS security threats are among the most common types of cyber threats that occur today, and therefore securing DNS should be an integral part of an organisation's security plan.
If an attacker takes control of a company’s DNS, they can easily gain control over open sources, redirect incoming e-mails, Web requests and authentication attempts, and create and validate SSL/TLS certificates.
So says Hakun Uzun, CEO of DNSSense, who will be presenting on “How is DNS-based security empowering digital transformation?”, at the ITWeb Security Summit 2022, to be held at the Sandton Convention Centre from 31 May to 2 June.
The ‘phone book of the Internet’
People often refer to DNS as the, “phone book of the Internet,” because every device on the Web, from PCs to the servers hosting Web sites, have an IP address that consists of a unique series of numbers. Connecting to another device requires knowing its associated IP address, much like connecting to another phone requires knowing its associated phone number.
According to Uzun, DNS was invented so that people wouldn’t have to remember long IP addresses.
“Instead, they could visit Web sites using human-friendly names like dnssense.com. And because there are too many Web sites on the Internet for a computer to store a comprehensive list of corresponding domain names and IP addresses, this task is outsourced to designated DNS servers.”
He says people use DNS thousands of times a day without knowing it – every time they connect to a Web site, open a mobile phone app, or update software, their device queries DNS servers to find the IP address associated with the domain.
“That’s why we often refer to DNS as the foundation of the internet,” says Uzun.
A common thread
Uzun says although bad actors employ a variety of methods to compromise networks, the common thread is often DNS. “While DNS can bolster your security posture, don’t ignore the prospect of DNS as a threat vector. When someone controls your DNS, they can redirect users anywhere or commit data exfiltration.”
Organisations should implement DNS security to protect users, devices and other critical infrastructure.
Hakun Uzun, CEO of DNSSense.
He cites several types of attacks as examples, include DNS tunnelling, DNS poisoning (also known as DNS spoofing), and DNS cache poisoning. “There’s also DNS hijacking and distributed denial of service, or DDoS, attacks.”
DNS security refers to the safeguards and protective measures businesses deploy to prevent attackers from carrying out malicious attacks that use an entity’s DNS, and in fact, he says one of the most effective aspects of superior DNS security solutions is the ability to use the DNS layer to monitor and enforce outbound Web requests to ensure that users and IT systems are unable to access unacceptable or malicious Web sites.
Anticipate, prevent, detect
Uzun says DNS presents security and risk management leaders with some real opportunities to anticipate, prevent, detect and respond to prevailing threats.
“Organisations should implement DNS security to protect users, devices and other critical infrastructure.”
Since the DNS is an essential part of the Internet, it will always be a target for attackers, he explains. The best way to protect against these future attacks is to know the techniques used in the attacks and to identify potential entry points in advance (threat hunting).
“DNS security should be an integral part of the security plan,” Uzun ends. “Secure DNS server services provide Web protection and parental control by filtering and blocking unsafe, malicious, and unwanted Web sites.”
Delegates attending Uzun’s presentation, will learn why threat actors target DNS and why traditional protection is ineffective against evolving DNS threats. In addition, he will delve into what DNS-based security is, and how it can protect (digital) business.
Share