DNS expert: More sophisticated Internet attacks coming
Computerworld - Last October's denial-of-service attacks against the Domain Name System (DNS) were only the opening salvo in what will inevitably be far more sophisticated attacks against the Internet's core addressing system, according to Paul Mockapetris, one of the designers of DNS. With the 20th anniversary of DNS coming in April, Mockapetris this week talked about some of the new dangers facing the DNS infrastructure and measures that are being taken to better protect against them.
Was [cybersecurity czar] Richard Clarke right when he identified the DNS and Border Gate Protocols (BGP) as the two major vulnerabilities in the Internet infrastructure? Yeah. I refer to them as the traffic signals and the street signs of the Internet. If you are able to subvert [them], you can bring the Internet to its knees.
Is the DNS infrastructure secure enough today for commercial-grade applications? The initial system was good enough for host addressing and maybe for mail routing. But in the future, if you want to be able to handle transactions for everybody and you want to be able to put things that involve real money over the Internet, you'd like to be able to have something that is a little bit more secure.
How will future attacks be different from those we have seen directed at DNS? Attacks in the future will be directed at things that are not as easily defended as the root servers [attacked in October] (see story). I think attacks of the future are going to come against things like dot-com [name servers], which have 30 million entries, so you are not going to be able to replicate it easily. I think the next level of hacker attacks is forgery or identity theft. If you take a look at the way people dealt with the [October] attacks, they just filtered out ICMP [Internet Control Message Protocol] packets. What if somebody did a DNS attack with just DNS queries? You can't filter that out. We recently found out that just like e-mail can carry [lethal] attachments, there is DNS data that can actually cause applications to crash if they reference it. There is a bunch of these things coming along.
So what's being done about it? The DNS Sec is an add-on to the original DNS that the IETF [Internet Engineering Task Force] is working on. Basically what it does is put a digital signature on the information out of the DNS and verify if that information is [legitimate].
Why is this important? Because right now there are a lot of opportunities for people to
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts