Is IT losing the battle against DNS attacks?

Few things can strike fear into the heart of the IT  department like an attack on a company’s Domain Name System servers. Which may explain why companies are sending so much time and to deploy a complex myriad security measures to keep their DNS protected from malicious attackers.  A study released today of 465 IT and business professionals says despite the Sisyphean efforts, many businesses remain vulnerable, as over half the respondents reported having fallen victim to some form of malware attack. Over one third had been hit by a denial-of-service attack while over 44% had experienced either a pharming or cache poisoning attack. Findings showed both external and internal DNS servers were equally vulnerable, as both types succumbed to attacks with roughly the same frequency, according to the study by Mazerov Research and Consulting.  A DNS server compromised by a hacker could be used to funnel Web surfers to all sorts of phishing attacks and malicious Web sites and even cause havoc with directory services and e-mail in some cases, according to the father of the technology, Paul Mockapetris in a Network World article earlier this year.  “Once you control the DNS server, you have license to do phishing and farming attacks and mislead all the users of that DNS server,” says Mockapetris, who in 1983 proposed the DNS architecture and is acknowledged, along with the late Jon Postel, as the technology’s inventor. According to the study DoS attacks are prevalent among the respondents, with only 16% having “never” experienced a DoS attack while over 10% of the IT professionals say they often or frequently receive DoS attacks to their network. What is also interesting is that, while a sum of 59% of the audience rarely or never experiences DoS attacks, a surprisingly high 41% of the audience experience DoS attacks.  The top forms of DNS attacks include: Malware (worms, viruses, trojans, etc) 68%; Denial of Service 48%; Cache Poisoning 36%; and Pharming 23%, the study states.  The patching game seems to be the method of choice for protecting DNS. Three-fourths of all respondents devote valuable resources to continuously patch their operating systems. Others reported having to harden operating systems, invest in dedicated firewalls, and add DNS appliances, DoS mitigation services and other network security devices. On average, respondents typically use at least 3.5 overlapping methods simultaneously to shore up their DNS security. The most popular defense mechanisms included:  

·          Keep OS patches up to date 75%

·          Firewall, but not solely DNS-dedicated  48%

·          DNS-dedicated firewall 43%

·          Harden the OS 40%

·          Other network security devices, but not solely DNS-dedicated  35%

·          Commercial DNS appliance 34%

·          DNS-dedicated other network security devices 29%

·          Use denial of service mitigation solutions 28%

·          Overprovision DNS server 17% 

The study also looked at how long their business could weather DNS being taken offline before significant problems occurred, IT personnel were more sensitive to the issue than those occupying C-suites. According to the study, C-level executives estimated they could withstand losing Internet connectivity for just over two hours (126 minutes), whereas IT managers estimated it would only be 105 minutes before significant problems arose. Other IT personnel – who may be most directly responsible for maintaining Internet uptime – estimated an even shorter timeframe at an average of 72 minutes.  Respondents were also asked to assess what the likely impact would be on the health of their business if they were to experience a loss of Internet connectivity for a significant period of time. Maybe most alarming was 12% of participants claimed they would be extremely or somewhat likely to go out of business completely, the study said.

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022