DNS security is too easily taken for granted

Organisations invest a lot of time, resources and money into ensuring the security of their back office systems but this can often be in vein if they fail to account for the external threats impacting their business. The security of your DNS provider is arguably one of the biggest examples of this, according to Oscar Arean, technical operations manager at Databarracks.

  • 8 years ago Posted in
Recently, it was revealed that webhosting company Easily had emailed its customers to inform them that it had fallen victim to a malware attack. While it was quick to reassure customers that there was no evidence that account details, passwords or any personal information which could identify the customer had been accessed, Arean suggests it is imperative that organisations should have practices in place to protect themselves should this happen to their DNS provider:

“Most organisations depend on their DNS provider in some capacity, whether it be for SPF records, their website, online portals or their Exchange, however what often isn’t considered is how secure these providers actually are themselves and what the consequences would be for you should these providers suffer a cyber-attack.

“It is actually relatively easy for a hacker to disrupt your services if you depend on an external provider and their security measures aren’t up to scratch. The impact on your business could be disastrous. A hacker could potentially change, wipe or redirect your DNS, impacting your mail-flow, website, marketing or your service portals. You could even get locked out of the control panel you use to manage your DNS records if a hacker changes your password. A lot of DNS providers just use shared passwords with no Two Factor Authentication (2FA) to verify the user is legitimate. All it would take is for someone with the password to log on, redirect your IP to a malicious site, and then change your password so that you are locked out of the account and unable to resolve the issue.

“Unfortunately, a lot of organisations don’t have plans in place for dealing with such events, and it is crucial that action is taken. As a starting point, consider your supplier carefully. It is recommended to look for security features like 2FA. This is a two-part process, which usually includes a password and a separate code sent to a pre-verified device such as a mobile phone that is only accessible by the user. For the hacker this is difficult to break unless they have access to the pre-verified device.

 
“It’s imperative that accurate DNS records are kept. It can take up to 24 hours for DNS records to update, so a hacker could make changes and you might not even notice until the following day if you weren’t sufficiently tracking them. Accurate auditing allows you to see what the DNS record was before and what it has been changed to, so you can easily revert to your original settings if an unauthorised change has been reported. Most DNS providers log their changes but this isn’t always visible to the customer. It’s possible to issue a support request for your logs but this can often take time. There are some good alerting tools available to help your IT team, alerting you as soon as an authorised change occurs, but these are optional and do come at a cost.

Arean concludes: “Ultimately, there isn’t a failsafe way to protect your DNS – this is the responsibility of your provider. Work with a provider who can prove that they take security seriously to limit your risks and give you the peace of mind that your IT is in safe hands.”
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...