Understanding the security weaknesses of every component within your digital infrastructure is paramount for true protection. While you may find yourself focusing more on the actual website and server security, one of the biggest threats to the health and performance of your digital platform is also the least discussed.
DNS, which stands for Domain Name System, is an essential communication protocol created to simplify accessing websites while supporting the dramatic expansion of our digital world. It’s common to assume this protocol only determines communication between computers and networks, but it’s capable of much more.
However, its capabilities are another topic. Right now, we’re discussing the very real DNS security issues. Of course, there are unique circumstances, but in general, the majority of security-related issues involve one of the following scenarios.
DNS Amplification & Reflection
This is hacking method forms the foundation for almost every other DNS security issues specific to hacking attempts. Essentially, this method of attack leverages open resolvers. This accomplishes two specific tasks:
- Hides the source of the attack, which makes it harder to determine who is actually responsible
- Dynamically enhances the volume of the attack
Generally, a DNS Amplification & Reflection attack results in the dreaded DDoS, or Distributed Denial of Service, attack. The reason why this method works is because open resolvers respond to literally any source that submits an inquiry.
Cyber criminals send malicious requests through open resolvers under the disguise of the IP address the attack is focused on. Therefore, the resolvers process the request as if its was from the authorized address. This action results in DNS responses sent directly to the target.
A resource utilization attack also uses DNS open resolvers. However, this attack slightly varies from the previous DNS security issues. Rather than spoof an address to gain access for other attacks, this security threat leverages open resolvers to steal, or consume, device resources.
For example, when executed this attack consumes CPU and memory resources, which hinders the resources available within the open resolver. Oftentimes, the only way to treat this level of attack is by stopping and restarting DNS service.
DNS Cache Poisoning
One of the most common types of DNS cyberattacks is known as DNS Cache Poisoning. In a similar way as your web server and browser, DNS servers leverage the power of cacheing to streamline network connectivity and domain responses. While this component is essential, it’s also vulnerable to malicious attacks.
Most commonly, hackers transmit falsified or spoofed data directly to the open resolver. AS the resolver receives and reads the fake data, known as RR information, it automatically gets stored in the DNS server cache for the TTL, or Time To Live, lifespan. So, what does this attack cause? In a way, a giant headache for website owners.
When successful, DNS cache poisoning can make your current domain completely inaccessible by visitors. When end-users enter your domain in their URL search field, or click on a link to your site, the poisoned cache directs visitors to a different domain. The redirected domain is typically a malicious phishing site filled with viruses and other harmful elements capable of infecting all who visit its pages.