2nd Edition

Tracking the trends and news for IT and IT Security

Paul

4 strategies to help reduce the risk of DNS tunneling

shutterstock_1887170134_attack-surface-1200x800-100938692-large.jpg?auto=webp&quality=85,704 strategies to help reduce the risk of DNS tunneling>
CSO Online – Linda Rosencrance
An organizationâs DNS systems can be a gateway for intruders looking to exfiltrate sensitive data without setting off alarms. Knowing whatâs at stake and how to protect against DNS tunneling can thwart attacks before they start. Most DNS attacks focus on spoofing or misdirection, where an attacker either feeds false information to DNS servers or convinces other systems to query a hostile DNS server instead of a legitimate one. But DNS tunneling essentially smuggles hostile traffic through DNS ports, which makes these attacks difficult to detect and mitigate.

Organizations should look to both human and technical solutions to deal with DNS tunneling, says Terrence OâConnor, assistant professor of computer engineering and sciences and cybersecurity program chair at the Florida Institute of Technology. >From a personnel standpoint, organizations can establish internal, proactive threat-hunting groups.

>From a technical standpoint, companies can enable security mechanisms that defeat DNS tunneling. For example, organizations may employ the DNS Security Extensions (DNSSEC), a security mechanism that requires cryptographic validation of DNS messages, O’Connor says. “While no approach is perfect, combining both human and technical solutions can largely defeat most DNS tunneling attack approaches.â DNS service is a perfect choice and target for attackers due to the sensitivity of this service, so it’s important for organizations to rigorously monitor and alert their DNS services for unusual activities, says Izzat Alsmadi, associate professor in the Department of Computing and Cyber Security at Texas A&M University-San Antonio.

One way of doing this is to actively monitor internet activities and block IP addresses known to create such issues, Alsmadi says. âThis is a general blacklisting approach, but it is generally hard to accommodate all possible attackers, hence itâs important to include rules that alert for strange or unusual DNS queries.â

Ensure third parties fix misconfigurations in their DNS servers Employee training
Link: https://www.csoonline.com/article/3692876/4-strategies-to-help-reduce-the-risk-of-dns-tunneling.html

Categories:

Tags: