Following the release of 2017 cyber-security studies by industry leaders including Cisco, Efficient IP, and Infoblox, it has become clear the face of DNS security is to change dramatically in the coming years.
Cybercriminals are carrying out increasingly sophisticated– and profitable – attacks, revealing a clear need for organisations to evolve their approach to cybersecurity and embrace an industry-wide paradigm shift.
With a view to advising our customers on how to best manage their DNS architectures, we’re taking a closer look at the suggested changes and what they mean for your infrastructure, starting with the basics.
The Domain Name System (DNS) is a crucial infrastructure used by almost every enterprise or organisation in its day-to-day business. To put it simply, DNS maps Internet domain names to IP numbers in the same way that a phone book matches a name with a number.
Despite being one of the most critical elements in the network to deliver IT services, it is not always efficiently protected and is increasingly the target of cyber-attacks designed to cause business damage, service degradation or even downtime. The reality is that most security solutions have simply not been designed to deal with threats to the DNS infrastructure.
Another important thing to remember is that when discussing DNS security, one has to distinguish between threats against the external internet-facing DNS servers and targeted attacks against internal systems where the DNS service is being misused during the preparation, the intrusion, and the attack stage.
The job of external or “authoritative” DNS servers is to answer external queries from anyone on the Internet trying to connect to your company email or web servers. They must be available 100% of the time or your services will disappear from the Internet.
The main attack types against DNS Servers are DNS DDoS and DNS Zero-Day attacks.
In its 2017 Global DNS Threat Survey Report, EfficientIP, a provider of network services, revealed that globally 88% of DNS DDoS attacks were over 1M QPS and that 83% of organisations did not apply the adequate number of security patches.
In cyber-attacks which pose a threat to Data and internal DNS, the Domain Name Service is used (or better: misused) in order to execute the planned attack against systems that are located inside the organisations’ firewall perimeter.
According to EfficientIP, 28% of survey respondents who were attacked had sensitive data stolen.
An unsecured DNS architecture is an invitation to attackers that can result in data exfiltration, loss of business and application downtime. These security challenges mandate the need for DNS security solutions designed and deployed to ensure service continuity and data protection.
Here’s what we would recommend to start strengthening your cyber-security approach and protecting your sensitive data:
– Efficient IP 2017 Report DNS Threat Survey
– Cisco 2016 Annual Security Report
– Infoblox – The New Standard in DNS Security May 2016