- Cool Yule Tools: 2008 Holiday Gift Guide
- 10 kitchen gadgets for the geek gourmet
- Google admits to violating iPhone development terms
- Smartphone smackdown: Storm vs. iPhone
- Google layoffs: 10,000 jobs being cut
You're familiar with the dangers of phishing, but what about pharming threats? Pharming misdirects Web users of trusted brands to phony storefronts set up to harvest IDs. The crime is typically accomplished through cache poisoning of DNS servers or domain hijacking, in which registrars are tricked into moving domains.
In recent months, hackers have proven there's reason for concern about both types of attacks. In March, SANS Institute uncovered a single cache-poisoning attack that redirected 1,300 brands, including ABC, American Express, Citi and Verizon Wireless. In January, Panix had its domain hijacked by an Australian hacker; and in April, Hushmail's main name server's IP address was changed to that of a hacker graffiti site.
Statistics tracking pharming occurrences aren't yet available. However, the Anti-Phishing Working Group (APWG) has deemed the potential problem serious enough that it has lumped pharming into the types of Internet scams and fraud the group aims to prevent.
The problems of cache poisoning and domain hijacking have been around a long time, and they're technologically and organizationally complex to solve, experts say. But there are some steps you can take to protect your DNS servers and your domains from being manipulated by pharmers, who will soon be using hacker techniques to trick large numbers of redirected users into giving up personal information.
The DNS security problem points back to Berkeley Internet Domain (BIND), which is riddled with security problems that have been widely reported for the past five years. If you're running a BIND-based DNS server, follow best practices for DNS management, says Ken Silva, VeriSign's chief security officer.
"Keeping DNS servers patched and up to date is a first step, and there are a number of best practices guides about configuring these servers better. But DNS in its current state has fundamental problems," says Johannes Ullrich, chief research officer at SANS.
Upgrading to BIND 9.2.5 or implementing DNSSec would make the cache poisoning risk disappear, says Paul Mockapetris, chief scientist at Nominum and an original author of the DNS protocol. But such migrations are tedious and difficult without interfaces provided in DNS management appliances from vendors such as BlueCat Networks, Cisco, F5 Networks, Lucent and Nortel. And some companies such as Hushmail have opted to replace BIND with the open source TinyDNS. Alternate DNS software options include those from Microsoft , PowerDNS and JH Software, among others.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment