Identity theft is getting a lot of press coverage now, and stories abound of big profile names that have been hit, as well as headline numbers of just how many people have been affected. This is leading all of us to be much more cautious than previously with our personal information, and most of us are increasingly on our guard against social engineering attempts to make us part with information such as bank account details and credit card numbers.

Identity theft is getting a lot of press coverage now, and stories abound of big profile names that have been hit, as well as headline numbers of just how many people have been affected. This is leading all of us to be much more cautious than previously with our personal information, and most of us are increasingly on our guard against social engineering attempts to make us part with information such as bank account details and credit card numbers.

We are also much more aware than previously of the dangers contained in e-mails, owing to publicity surrounding phishing attempts, where an e-mail recipient is invited to click on a URL link contained in an e-mail – for example, taking them to a web site that looks like that of their bank in order to update account details. Most people today know that that link is likely to be spoofed and would avoid clicking on it.

But these attacks are relatively unsophisticated and increased public knowledge is leading hackers to look for new avenues to attack. One particular area of vulnerability that is increasingly being exploited is that of the domain name system (DNS) on which the internet relies.

DNS was invented around 20 years ago as a means of translating actual names of web sites, such as IT-director, into a physical IP address, to enable traffic to be efficiently routed among sites. Without DNS, we would have to remember strings of numbers for each web site that we wish to visit, which is highly impractical. Prior to the development of DNS, names of web sites and their associated 4 to 12 digit IP number were recorded manually on paper. However, that system could not scale beyond the original use of the internet, for a small group of academics. With the internet coming into worldwide use, a new system was required – and hence DNS was born. It has since grown into the world’s largest distributed database.

One of the main problems with DNS is that the software was written some years ago and it is known to contain many vulnerabilities. One of the best known pieces of DNS software is BIND, the Berkeley Internet Name Domain program. Written in open source, there have been many changes to the program since it was written some five years ago, leading to vulnerabilities proliferating, such as programmers placing back doors in the technology.

Such vulnerabilities can lead to hackers inserting a piece of code into an unprotected DNS file, which can cause traffic to be redirected to a spoofed web site. This is even more dangerous than a phishing e-mail leading a recipient via a link to a web page, since users will type in the name of the web site themselves and are therefore expecting to be directed to a legitimate web site. This is something that has happened to a number of retail sites – for example, the Dutch flagship department store, De Bijenkorf, was hit by a similar exploit a couple of years ago, causing anyone typing in www.bijenkorf.com to be redirected to a porn site. Another case, affecting a telecommunications company, saw a hacker entering a Unix system via a backdoor and making a couple of changes to unprotected DNS files – causing chaos, embarrassment and eventually loss of business as people no longer trusted the site. This is an emerging type of identity theft – one in which the identity of a company is taken over.

The founder of DNS, Paul Mockapetris, is now the chief scientist at Nominum, a company that provides internet name and address solutions. To combat the problems with existing DNS code, Nominum has completely rewritten the code contained in DNS for commercial use, with many of the vulnerabilities removed and management software built in. The next-generation DNS software and protocol engine that Nominum’s engineers have developed is tested extensively to ensure that it is totally secure, and it is continuously updated so that it can provide the quality of service that commercial enterprises require.

According to Richard Kirk, Nominum’s VP for EMEA, this next-generation DNS technology is easier to manage and highly efficient. For example, the management facilities that it has built into it make it easy to detect if someone is trying to launch something such as a DDoS attack and to prevent that attack occurring in real time. According to Kirk, the technology has not yet been subject to any vulnerability.

The benefits of using this latest version of the DNS technology are not lost on carriers such as ISPs, 80% of which in Europe are using Nominum’s commercial offering. Such businesses know the damage that can be caused to their reputations if their web sites are hijacked, causing a loss of service. But this is something that large enterprises are only now starting to look at as part of their risk mitigation programmes – especially those with customer facing transactional sites, such as retailers and banks. According to Kirk, Microsoft is one company that was recently targeted with a DNS attack, causing its security update service to be taken out for 24 hours.

This is a problem that is only likely to get worse. Hackers are increasingly looking past the low-hanging fruit and making more sophisticated, targeted attacks. Plus, internet protocols are being used for an increasingly wide range of applications, such as the switch from the pubic switched telephone network to VoIP technologies. Since these networks will also rely on the DNS structure, there is a great risk that VoIP networks will be attacked in a similar way that web sites are today.

However, knowledge of the vulnerabilities associated with the DNS structure is not widespread. According to Nominum, DNS technology keeps the electronic business of most companies running, although few in IT are aware of the problems and few are devoting any part of their IT budget to DNS. But this is a problem that companies can fix and that should be part of a company’s technology management programme, including regular updates and reviews – as for any other critical part of the network. Companies should read around to find out the extent of the problem in order to mitigate the risk of a DNS attack being used against them to steal their identities, which will put their reputations at risk.

The FBI has come out and said that DNS is currently the most vulnerable piece of technology affecting the Unix systems on which many companies rely. But many companies are still putting themselves unnecessarily at risk and the potential damage could be huge.

By Fran Howarth

Source: IT-Director.com

Запись опубликована 20.11.2007 в 01:57 в следующих рубриках: Domain Articles. Вы можете отслеживать обсуждение записи, используя ленту RSS 2.0. Вы можете оставить комментарий, или трекбек с Вашего сайта.