Domain Name System or DNS security threats are among the most common types of cyber threats occurring today. Therefore, securing the DNS should be an integral part of an organization’s security plan.
If an attacker takes control of a company’s DNS, they can easily take control of open sources, redirect incoming emails, web requests and authentication attempts, and create and validate SSL/TLS certificates.
So says Hakun Uzun, CEO of DNSSense, who will present “How DNS-Based Security Drives Digital Transformation?” during the ITWeb Security Summit 2022, taking place at the Sandton Convention Center from May 31 to June 2.
The ‘Internet Phonebook’
People often refer to DNS as the “internet phone book” because every device on the web, from PCs to servers hosting websites, has an IP address made up of a unique series of numbers. Connecting to another device requires knowing its associated IP address, just as connecting to another phone requires knowing its associated phone number.
According to Uzun, DNS was invented so people don’t have to remember long IP addresses.
“Instead, they might visit websites using friendly names like dnssense.com. And because there are too many websites on the Internet for one computer to store a complete list of corresponding domain names and IP addresses, this task is outsourced to designated DNS servers.
He says people use DNS thousands of times a day without knowing it – every time they log on to a website, open a mobile phone app or update software, their device queries DNS servers to find the IP address associated with the domain.
“That’s why we often refer to DNS as the foundation of the Internet,” Uzun explains.
Uzun says that while bad actors use a variety of methods to compromise networks, the common thread is often DNS. “While DNS can strengthen your security posture, don’t ignore the perspective of DNS as a threat vector. When someone controls your DNS, they can redirect users anywhere or commit data exfiltration. »
Organizations should implement DNS security to protect users, devices, and other critical infrastructure.
Hakun Uzun, CEO of DNSSense.
He cites several types of attacks as examples, including DNS tunneling, DNS poisoning (also known as DNS spoofing), and DNS cache poisoning. “There’s also DNS hijacking and Distributed Denial of Service, or DDoS, attacks.”
DNS security refers to the safeguards and protective measures that companies deploy to prevent attackers from carrying out malicious attacks that use an entity’s DNS, and in fact, he says, one of the most effective aspects superior DNS security solutions is the ability to use the DNS layer to monitor and enforce outgoing web requests to ensure that users and computer systems cannot access unacceptable or malicious websites.
Anticipate, prevent, detect
According to Uzun, the DNS offers security and risk managers real opportunities to anticipate, prevent, detect and respond to dominant threats.
“Organizations should implement DNS security to protect users, devices, and other critical infrastructure.”
Since DNS is such an essential part of the Internet, it will always be a target for attackers, he explains. The best way to protect against these future attacks is to know the techniques used in the attacks and to identify potential entry points (threat hunting) in advance.
“DNS security should be an integral part of the security plan,” concludes Uzun. “Secure DNS server services provide web protection and parental controls by filtering and blocking dangerous, malicious and unwanted websites.”
Delegates attending Uzun’s presentation will learn why threat actors are targeting DNS and why traditional protection is ineffective against evolving DNS threats. Additionally, it will delve into what DNS-based security is and how it can protect (digital) businesses.