Security Market Segment LS
Thursday, 30 May 2019 04:43

Expert details ways to make DNS hacks more difficult

Cricket Liu says he has not yet given up on DNSSEC. Cricket Liu says he has not yet given up on DNSSEC. Supplied

Using stronger passwords and multi-factor authentication on registrar and DNS hosting accounts would help to solve security issues around attacks that have been launched under the hacking campaign known as DNSpionage, the well-known domain name system expert Cricket Liu says.

He told iTWire in response to queries that the DNSpionage hacking campaign, identified by Cisco's Talos Intelligence Group and the security firm FireEye, used compromised credentials for DNS and registrar hosting accounts to intercept Web and email traffic.

As iTWire reported last year, the DNSpionage campaign targeted government domains in Lebanon and the United Arab Emirates, as well as the private Lebanese airline, Middle East Airlines.

Two fake malicious websites were used in the campaign to target possible victims using infected Microsoft Office documents which contained embedded macros. The actors also used the same IP to redirect the DNS of legitimate .gov and private domains, carefully generating certificates for the domains that were redirected.

Liu said the DNSpionage attacks really weren't sophisticated – the attackers used compromised credentials. "What they did with those credentials was fairly sophisticated though," he added.

"They had certificates issued that they could install on their own mail and Web servers, and then used their control over their targets' registrar and DNS hosting accounts to redirect users trying to access their targets' mail and Web servers to the servers they controlled."

The chief DNS architect for Infoblox, a privately held IT automation and security company based in Silicon Valley, Liu was in Australia recently. A global expert on DNS, he is a prolific speaker and has authored a number of books, including the well-known O'Reilly tome, DNS and BIND, a widely used guide.

Asked about plans for implementing Domain Name System Security Extensions, Liu said this would guard against cache poisoning in particular.

"It doesn't address a whole boatload of other threats to DNS, such as DDoS attacks, the use of vulnerabilities in DNS implementations to crash DNS servers, and so on," he said.

"DNSSEC has actually been widely deployed at the top levels of the DNS namespace. Almost all top-level zones are signed using DNSSEC. And under some top-level zones, large percentages of subzones are signed - for example, Sweden's .se, the Netherlands' .nl and many others.

"But adoption under .com and .net – and .au - is very low. The percentage of recursive DNS servers configured to validate DNSSEC-signed data is also uneven and low in some areas."

But he added that he had not given up on DNSSEC. "I believe it addresses a very important threat."

Asked about methods used to compromise DNS, Liu said there were lots of different methods. "Some of the most prosaic methods are those used in the DNSpionage and Sea Turtle attacks – using compromised credentials to registrar and DNS hosting accounts to change DNS zone data."

He said another method was by using a vulnerability in DNS server software to crash it or gain access to the computer on which it was running. "Another is to take advantage of shortcomings in the DNS protocol itself, which could allow you to poison the cache of a DNS server – The Kaminsky attack falls into this last category."

The Kaminsky attack is due to a flaw in the design of DNS and was discovered by security expert Dan Kaminsky.

Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News