How to Protect Your Site at the DNS Level
Domain Name Server (DNS) is a common term in the internet world and something that many have likely encountered and promptly ignored, passing it off as more internet-related lingo. Well, it turns out that DNS is pretty important especially as it relates to internet security.
What is DNS and How Does it Work?
DNS is an internet protocol that acts to translate domain names (i.e., 'bestwebhostingaustralia.org' ) into a more code-friendly IP address like 18.104.22.168. When a user types the words “bestwebhostingaustralia.org" into the web browser, a program in the operating system looks up that input using a DNS resolver and retrieves the IP address. That DNS resolver might also first check the user’s web cache to see if it already has the IP address.
When you consider all of the domain names and corresponding IP addresses that are out there, you get an understanding of how robust the DNS is. But the DNS was designed for functionality and usability and not for security. This lack of a security focus and the constant transfer of data back and forth from clients to servers has made it a frequent target for some pretty advanced security attacks.
What are Some Common DNS Attacks?
Now that you have a high-level understanding of how DNS works let's take a look at some of the most common ways that DNS attacks occur. A DNS attack occurs when a hacker exploits vulnerabilities in the DNS
Denial of Service (DoS) Attacks - Malicious bots (which are often highjacked computers that don’t even know they are participating) sends more traffic to a targeted IP address than the site is built to handle. The target site becomes bogged down and unable to control either the bot traffic or legitimate traffic and eventually is unable to respond.
DNS Amplification Attacks - Amplification attacks are a form of denial of service (DoS) attacks and are become far more common. The afore-mentioned DoS attack is substantially amplified by a DNS server that is highjacked and effectively spreads the bot attack to other servers. It is a DoS attack on steroids.
DNS Spoofing - this is the process of replacing a proper website address for the “spoofed” website of another. Users looking to enter a known, trusted site (yours for instance) are instead taken to a fake website that might contain malware, spyware, or a virus. The user’s computer is infected, and they may never even know what happened. The spoofed websites can be carbon copies of the real site making it even harder for users to spot what’s happening.
DNS Flux - in this trick, hackers essentially swap out DNS records with extreme frequency to avoid detection while successfully redirecting users to fraudulent sites.
Cache Poisoning - DNS server becomes corrupted when legitimate IP addresses are cached on a server, replaced by bad IP addresses, and then redirecting any traffic to the legitimate site to a malicious website. Its a form of spoofing but instead that infiltrates the cached web addresses.
How to Protect Your Site at the DNS Level
Every business or brand should have a strategy in place to protect against the frequent attacks listed above. These attacks can take down websites, creating lost revenue and opportunity, or they can make servers and computers complicit in bot and spoofing attacks on other sites or addresses. If every domain owner took the following steps, it would help to lessen the frequency and likelihood of DNS attacks.
Here are some safeguarding steps to take.
- Know where all of your domains are - any business or entity should have full knowledge and access (in the form of a dashboard) to all of its domains. Re-directed domains and addresses provide an entry point for all the related domains. Vigilance over your domains is also an excellent way to have your finger on the pulse and know what is going on at all times.
- Set Your Domains as “Locked” - locking a domain means it is unavailable for transfer. This locking feature protects against fraudulent attacks.
- Work Only with Registrar’s that is Secure - making sure your domain registrar employs a secure, hardened portal while continually checking for questionable traffic and vulnerabilities is a huge step and a good defense. These registrars should also have robust security features in place for preventing DNS attacks. Cloudflare is a good choice for this.
- Monitor Critical Domains - critical domains should continually be monitored for any unauthorized DNS updates, content change, or cache poisoning. Any issues that are detected should be addressed immediately. Reach out to your host or registrar when this happens.
Keeping Safe One step at a time
In our digital world, customers and visitors to your website rely on it to get the information, products, or communication they are seeking. It is likely the most visible representation of your company and brand. Securing that website and its corresponding domain should be a priority for any business or individual site owner.
DNS attacks are frequent because it's considered a “soft” target and hackers have become quite advanced in executing attacks. While you can’t control what goes on at the DNS level and need to rely on the industry to respond to these threats, you can boost your own website and domain security with the steps outlined above. This is vital and necessary. You are responsible for your website’s visitors, and your business or brand is counting on that interaction to succeed.