How to Stop DNS Application Attacks
How to Stop DNS Application AttacksI. Strategies for DNS application security:
Focusing on DNS applications, we can understand:
>> DNS applications or “services” like BIND, Microsoft® Domain Name Service (DNS) (Microsoft Corporation), Simple DNS, or dbjdns Management Systems
>> DNS configuration (because it can enable some attacks due to bad configuration practices)
So, what's important to ensure when we're trying to mitigate DNS application-related vulnerabilities? There are some good practices when trying to protect exposed services, and we'll cover them here.
II. Deploying Intrusion Prevention Systems (IPSs)
If you look for DNS service-/application-related signatures in the community version of Snort® on its actual release, you will find around 50 specific signatures only for DNS vulnerabilities and for commercial IPS applications. This number can grow to hundreds of signatures, not mentioning the anomaly detection algorithms, so
it's important to deploy an IPS system in front of your farm.
Keep in mind that it's important to enable only the algorithms and signatures that match you DNS service vendor so your IPS will not spend processing time looking for patterns that are not important.
Also, intrusion prevention systems were not designed to be used against distributed denial-of-service (DDoS) attacks. So, as we discussed in earlier posts, you need to address those kinds of attacks with the proper solutions.
III. Keeping your system up-to-date
As a friend of mine says: “It just needs to be software to be vulnerable.” So, work with your vendor to receive security bulletins and communications about vulnerabilities and how to mitigate risk (patches, processes, workarounds, etc.).
For example, you can look for the latest “Bind v9.x related vulnerabilities” here:
http://www.isc.org/software/
And do the same for Microsoft DNS:
http://technet.microsoft.com/
Of course, the same applies for the host operating system, whatever it is.
Also, the use of tools that can automate the distribution of patches is recommended to help ensure that your entire system is running on the same version. And be sure to test any patch/workaround in your lab environment, prior to applying it to production.
IV. Validate your configurations under “best practices”
There are common “best practices” when configuring your DNS system. Because each software vendor has its own way of doing it, it´s beyond the scope of this post. Also, many of those tasks can be done outside of the system itself, so the actions remain the same, but the ways to accomplish it can highly differ from network to network.
You choose the most appropriate method for your network.
Some of the best practices are
> Prevent DNS Open Resolver configurations
> Prevent clients from abusing the Resource Record Time To Live in the cache of the DNS
> Segregate Authoritative and Recursive servers
> Limit the Zone Transfer servers;
> Restrict the administrator access to the system (including IP and access method)
> Deploy out-of-band management;
> Lock down the underlying operational system (OS)
V. Scan your systems for vulnerabilities
It is a good idea to scan your systems for vulnerabilities from time to time. You can do it internally and externally to have both views. This can give you a lot of information about the status of your systems and important intelligence data about your actual security process.
Centralized security monitoring Monitoring your systems’ logs is also an important step in order to properly secure your systems. It can offer you a more fine-grained view about the status of your network and help you early on to detect an attack and to initiate the incident response process.
Correlation is also greatly needed, because if you can correlate your DNS Defender®:
http://www.cloudshield.com/
IPS, network scanner, OS and DNS logs, you can obtain a clear view of an attack – its intentions, targets, methods, and the most important part, the outcome.
VI. NEXT STEPS
Security is made by layers. You need to control all aspects of your environment — devices, networks, applications. They're all important, and they all need to be addressed.
Moreover, it´s important for you to monitor your system, to generate new intelligence so you can update your process and intelligence in order to keep up with the attackers.
![Subway Surfer Sydney Mod[Crack]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj598QkaYIS2bNX7-p0ViZhkHqDxdjte3wYiYfnetZboEr8VCV96QYVBOyft433qK5y7ibaAAciYwNQOfFMC-x-opJbXh2IZUXCusnUtWQfJcTqd7q9KX1HfQprQmXLdEAgZhgeOT1-ShRp/s72-c/subway+tokyo.png)
0 comments: