The domain name system (DNS) and registry are as much of a target as websites and applications.
Speaking to IT Security Guru, Chris Marrison, EMEA technical director at Infoblox, said that after the attacks against the DNS registrars of AVG, Rapid7 and Aviva last week, the DNS can be a weak point as much as cache poisoning, and protecting it is standard DNS security structures. “In this case you affect the DNS and the change makes the business the weak point.”
He said: “It is important to understand the mechanisms and control of your own DNS data, this is what we do and we manage your infrastructure to protect against DNS attacks.”
The other concern Marrison said, was if a financial institution were hit and their website were redirected to a replicated, malicious site, it can be done without the user realising and if they ignore the SSL certificate, their account details could be handed over.
Talking about DNS security, Marrison admitted that adoption was very slow and the DNS can easily be used as an attack vector for denial-of-service, where an open DNS cache is used to facilitate an attack. “People forget how crucial DNS is, as if it goes down everything goes down.”
