DNS is the most fundamental block of the internet. It is
basically used while sending a mail, visiting any website, having an IM
conversation or any kind of work related to the internet. DNS is one of the
most attractive attack targets as it is an infrastructure service. In past, Kaminsky
DNS Vulnerability has affected almost all the DNS implementation over the
world. This problem was a result of some underlying foundations that were weak
specifically at the “last mile.” The “last mile” is the connection between the
ISP and the computer.
DNSCrypt is a way to secure the “last mile” of DNS traffic as well as resolving the
entire class of security issues that may be of serious concern with DNS
protocol. There are several users of the web. Nowadays, mobile usage has been
increased for which people are using several Wi-Fi networks. So, there is a
need for more secure network. There have been several examples like the man in
the middle attacks, tampering, snooping of DNS etc. These are serious security
risks that can’t be avoided. But these need to be fixed.
Significance of DNSCrypt
DNSCrypt
provides Internet security. It encrypts the DNS traffic that becomes secure
from the man in the middle attacks or any tampering. It does not require any
change in the domain name. It simply serves a way to communicate securely by
encrypting between DNS servers and the end users. Claims don’t work out in the internet
world. For this, there is a source to this code that is available over
GitHub.
DNS Denial-of-Service (DoS) Attacks or DNS attacks and Securing DNS Servers
Reflector attacks:
These are the most common example of DNS vulnerabilities in the default
configurations of ISC BIND as well as the DNS Server service.
Dos attacks: These
DNS attacks are
difficult to defend. It was invoked against the application by taking the
specific DNS lookup. Separate the recursive resolvers and the authoritative
name servers so that the sites only with the authoritative name server can be
queried. It prevents the external users and provides security.
Request Redirection:
It occurs when the DNS query gets intercepted on the DNS server. When the
request gets redirected, the name server indicates that the interception has
occurred in a LAN connection. Query interception may occur on recursive queries
that may be outside of the local network.
DNS cache-poisoning
attack: These DNS
attacks can cause high level damage as the information are sent to
malicious sites. The recent attack is named as Kaminsky bug. It happened when
the random values for the transactions were easily guessed. When this issue was
encountered, then it was found that the sites running DNSSEC having DNSSEC
validation is prone to attack.
Zone enumeration:
Enumeration of zone data happens when the user uses the DNS diagnostic commands
like nslookup for a site so as to know the information regarding the network of
the site.
Mitigating zone-Enumeration
threats require advertising over the internet. Most of the sites run internal
and external servers to splits DNS views.
Tunnels: Attention
is mostly focused on the DNS query as well as the response transaction. It is a
UDP transaction. However UDP and TCP transport mechanism are used. DNS TCP is
used for secondary zone transfers.
Mitigating DNS tunneling traffic depends on a combination of
both traffic monitoring as well as server configuration. Zone transfers occur
between the secondary server and the authoritative server.
Secure DNS Servers
DNSCrypt
is used to secure DNS
servers by encrypting the data so as to make sure that every part of the
internet connection to secure
DNS servers. It is a side-project at OpenDNS, which is used to protect
browsing, filter content, speed up browsing experience, and correct wrong or
mistyped URLs. It's a kind of simple software that can be easily downloaded and
installed on the Mac, Linux or Windows system to secure DNS servers.
Conclusion
There are several types of DNS attacks like Mitigating DNS risks that depend
on DNSSEC, traffic monitoring as well as configurations that separate the
various DNS functions. OpenDNS has provided a world class security for several
years. It is the most secure service available on the web. It is an open source
tool used to secure DNS
servers. The packages are available over the internet and can be
downloaded directly from the OpenDNS. Officially it can be downloaded and used
by the Mac OS X and Windows. But nowadays special instructions are available by
following which it can be used with other systems like Android devices.
No comments:
Post a Comment