In past few years there has been increasing number of attacks on DNS (Domain Name System) servers as well as on TLDs (Top Level Domains). This has clearly demonstrated the intrinsic lack of security that most DNS servers possess. However, it is not just the DNS servers that are under attack.
Cyber criminals with malicious intent are also targeting the DHCP (Dynamic Host Configuration Protocol) services. Together the DNS and DHCP form the backbone of modern communication network. An attack on these two services can result in total disruption of the networking system in any organization leading to loss of incomprehensible scale. Thus, DNS security has become an essential component for business organizations in recent times.
How DNS and DHCP service disruption affects the networking system?
DNS and DHCP are the two main components required for the purpose of communicating on the intranet or the Internet. DNS is the system that converts domain names to corresponding IP addresses and fetches and sends the required data from and to the location as deduced from IP address. DHCP, on the other hand, plays the role of connector for any system logging in to the network. If there is failure of DHCP service you will find that your device is not able to connect to the wireless network.
An attack on DNS and DHCP can happen in a multitude ways. The resulting effect can be broadly classified into the following categories –
- External DNS publishing error: This is a bad situation for organizations that provide service to clients through web based platform. This error will not allow visitors to reach your website and thus there is loss of business.
- External DNS resolving error: This will prevent employees within the organization to access the Internet. For any business this can be a disastrous situation.
What are the threats on DNS and DHCP?
DNS and DHCP may face threat from any one or more of the following intents.
- Random attacks – These are arbitrary attacks on the known DNS used by any business. There can be one or more type of attack mounted against the DNS server and results can me like buffer overflow or something else.
- Motivated attacks – Both political attacks and attacks launched by hacktivist fall under this category. The intent is clear and the attack happens on country or any specific organization.
- Phishing or identity theft – This is one of the most common attacks that allows the attacker to pose as some other organization to gain sensitive data about users visiting the website. It is generally done by corrupting the DNS server information.
- Infowarfare – This attack is mounted by nations.
How can you protect your DNS and DHCP?
- Get the best DNS and DHCP software available. You will find all the necessary information from Internet Software Consortium (ISC). You will find useful information from Vulnerability Notes Database released by CERT Coordination Center.
- Increased redundancy can be helpful. It is better to have more number of servers running and ready as backup rather than depending on just one.
- Dedicating the DNS and DHCP software running system and disabling all other ports of that machine will reduce the probability of exploits.
- Getting DNS and DHCP service from external sources in addition to the internal one will help you prepare for any contingency.
- Using different operating systems to run the DHCP and DNS software is also a good idea.
As the CIO you might have to take some risk with higher investment to prevent any loss in future.