je.st
news
Tag: your
When planning your security strategy, dont forget your DNS
2021-01-18 20:18:57| The Webmail Blog
When planning your security strategy, dont forget your DNS nellmarie.colman Mon, 01/18/2021 - 13:18 Whether they realize it or not, every organization relies on the domain name system (DNS). DNS is what allows people to find your website, shop on your ecommerce app and send you email. Its a critical service for not only your business, but the internet as a whole. As such, it makes sense that DNS servers have become a common target for cyber criminals: 82% of companies have experienced a DNS attack in the last year. 63% of companies have experienced application downtime as a result of a DNS attack. Widespread DNS hijacking was reported in 2017 and 2018, targeting multiple sectors across 12 different countries. 80% of malware uses DNS to establish a connection to a Command-and-Control (C2) server in order to steal data and spread malware. If your business relies on blacklisting Fully Qualified Domain Names (FQDNs) alone to combat DNS-based attacks, read on. Malicious actors and attack vectors are becoming more sophisticated so your security should, as well. Common DNS attack methods Your DNS servers, themselves, are not always the target of DNS-based attacks. Instead, the functionality of the DNS protocol is commonly exploited, in order to allow an attacker to exfiltrate sensitive data from your environment. Often, when a user within your network unintentionally visits a malicious site, a piece of malware is installed on the connecting machine. Once the machine is infected, it will leverage DNS to connect to the C2 server in order to receive instructions and act on them. Once an attacker has a foothold in your environment, the potential of malware spreading is greatly increased. Other leading DNS attack methods include: Domain hijacking: This can involve unauthorized changes to DNS records and/or your domain registrar, which directs traffic away from the original server to a new (often malicious) destination. DNS flood attack: This is a Distributed Denial of Service (DDoS) which affects the availability of DNS servers. DNS spoofing (cache poisoning): Attackers exploit system vulnerabilities and try to inject malicious data into a DNS resolvers cache. DNS tunneling: Once a machine is infected, the malware will abuse DNS in order to steal sensitive data and receive instructions from an attackers C2 server. A recent DNS breach reported by SecureList illustrates the scope of the challenge: In mid-May [2020], Israeli researchers reported a new DNS server vulnerability that lurks in the DNS delegation process. The vulnerability exploitation scheme was dubbed NXNSAttack. The hacker sends to a legitimate recursive DNS server a request to several subdomains within the authoritative zone of its own malicious DNS server. In response, the malicious server delegates the request to a large number of fake NS servers within the target domain without specifying their IP addresses. As a result, the legitimate DNS server queries all of the suggested subdomains, which leads to traffic growing 1620 times. What makes DNS so vulnerable The essential nature of DNS functionality within organizations presents many risks for gaps in security: Because internet access is required 24x7, an effort is generally made to ensure that DNS operations are never disrupted, even for security inspections. Most DNS requests are not restricted and are therefore allowed to pass through security devices, creating a potential opening and pathway for attackers to exploit. Some organizations attempt to block DNS attacks by creating a blacklist of bad domain names. However, attackers bypass restrictions by using Domain Generation Algorithms (DGA), which allow them to create and rotate thousands of domains to keep the C2 between client and server intact, even if some of the domains are blocked. Manually blacklisting a constantly growing list of malicious domains adds substantial administrative overhead. How to secure your system against DNS attacks To address this growing threat, Palo Alto Networks launched a new feature called DNS Security, which is used in combination with the anti-spyware functionality provided through the Threat Prevention license. This feature uses a cloud service that is updated in real-time from various feeds in order to detect traffic to known-malicious domains, as well as domains which were created from a Domain Generation Algorithm (DGA). The DNS Security feature takes valuable information about known-malicious domains from multiple trusted threat-intelligence feeds and combines it with machine learning and predictive analysis in order to dynamically identify and block access to domains created by DGAs. When a client sends a request to a malicious domain, the Palo Alto Next-Generation Firewall (with DNS Security configured) intercepts the traffic and compares the DNS request with information within the cloud database. If the request shows up in the cloud database as malicious, or if DNS tunneling is suspected, the DNS request can be automatically dropped. This not only allows the connection to be stopped, but also lets an analyst know that there is a device on the network that may require further investigation. Lean on our experts We can help you take control of your DNS, through our free DNS management service included with every cloud account. Learn more about DNS services at Rackspace Technology and our complete range of security solutions. When planning your security strategy, dont forget your DNSYour online presence depends on a secure domain name system (DNS), yet its often overlooked. Find out whats at risk and what you can do about it.Protect your business, with help from our experts./securityLearn more
Tags: your
security
planning
strategy
IndustryVoice: CGGs GeoVerse Delivers Decades of Analytics-Ready Digitally Transformed Geoscience Data to Your Desktop
2021-01-15 21:00:00| OGI
Integrate a unique resource of rich geological data into your workflows for faster, better-informed decisions when evaluating E&P opportunities.
Tags: your
data
desktop
decades
CEO Secrets: 'Try bartering to kickstart your business'
2021-01-06 01:25:48| BBC News | Business | UK Edition
The boss of an advertising screens company says he used barter to get a prime London office location.
Tags: your
business
ceo
secrets
Whats at stake in 2021; PLUS: How to reach your elected officials
2021-01-03 17:30:00| Beef
Kick off the New Year with a commitment to make your voice heard. The time is now. Heres how.
Tags: your
reach
officials
elected
Whats at stake in 2021; PLUS: How to reach your elected officials
2021-01-03 17:30:00| Beef
Kick off the New Year with a commitment to make your voice heard. The time is now. Heres how.
Tags: your
reach
officials
elected
Sites : [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] next »