- Worst of the lot: PCConnection and PCMall
- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Cisco loses $2 million order to Nortel
- Enterasys, Extreme hooking up?
BitTorrent blocking; SQL injection attack. Listen now!
Hacker writes Cisco rootkit; Microsoft launches online telescope. Listen now!
Most companies have a solid disaster recovery plan in place to handle a "complete failure" of its Active Directory, which is really quite rare. What most recovery plans are missing, and the most common scenario, is a means to efficiently restore single directory objects. In this paper, we'll explore what most disaster recovery plans already address, highlight potential weak points, and suggest solutions that help fill those gaps-without requiring you to completely re-do your existing plan.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
Find out how you can consolidate Windows workloads and create a more efficient virtualized data center in this informative webcast, "Reduce Complexity and Cost - Windows Server Consolidation with Virtualization." Six concise webcast modules are available for your viewing. Watch them all consecutively or only the topics that interest you. The modules cover performance, user case studies, enterprise-level support, managing windows workloads, setup and configuration and the future of virtualization. Learn more today. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
For implementing GTD you might try out this web-based application:
Gtdagenda
You can use it to...- Dan
More than half of Internet name servers today allow requests that leave networks vulnerable to cache poisoning and distributed denial of service attacks -- a fact that has not improved over the past year.
The finding is part of the third annual survey of the Internet’s domain name servers released this week by The Measurement Factory, which conducted the survey for DNS management appliance maker Infoblox. The survey is based on a sample that included 5% of the IPv4 address space -- nearly 80 million devices -- and works to reveal configuration errors that compromise network security and availability.
DNS servers are an oft-neglected but essential part of the infrastructure that map domain names, such as www.networkworld.com into an IP address like 65.214.57.165. If DNS doesn’t work, then it appears the network is down. DNS servers perform domain name resolution to fulfill Internet requests, and in turn, when DNS fails so does e-mail, Web access and more.
Filed under bad news, more than 50% of Internet name servers "allow recursive queries," which is unchanged from 2006, and such queries require a name server to relay requests to other name servers. That action leaves many name servers vulnerable to pharming attacks, according to Infoblox, which can also enable those servers to be used in DNS amplification attacks.
"Even with the growing adoption of more secure DNS systems, compromises to these systems are still occurring and organizations need to pay more attention to configurations and deployment architectures that are leaving their DNS infrastructures vulnerable to attacks and outages," said Cricket Liu, vice president of architecture at Infoblox, in a statement.
More bad news comes in the form of DNS servers allowing "zone transfers to arbitrary requestors" grew 2% in 2007 to 31%. Allowing such transfers can enable duplication of an entire segment of DNS data from one server to another and make the system susceptible to a DDoS attack. The study also found that 75% of those surveyed machines remain misconfigured, which can cause service outages.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
MS DNS vs BINDBy Adam Mikrut on November 26, 2007, 10:54 pmIf you evaluate the CVE entries between MS DNS and BIND, I do not believe it is appropriate to state one is more secure than the other (without explaining yourself)....
Reply | Read entire comment
RE: Are your servers vulnerable to DNS attacks?By Brian Steele on November 26, 2007, 1:27 pmPrecisely what about MS-DNS makes it less secure than BIND? And please, no smarmy answers like "because it's from Microsoft". Give me the specifics - I'm interested...
Reply | Read entire comment
View all comments