Today’s topic is a cornerstone topic in cybersecurity. Domain Name Server (DNS) is the system that allow us to reach websites by translating the urls that we enter to the actual IP addresses of the websites we want. Because of their pivotal role in getting us online, they are a favorite target of attacks. Here’s what DNS does and why it is attacked.
When you want to go to a website, you enter the url directly or you click on a link that shows the url. URLs, uniform resource locators, have a protocol and domain name component that tell the web browser where to find the web resource. The actual website resides at an IP (Internet Protocol). An IP address is a set of 4 octets separated by periods, for example the IP address for the url listed below is: 104.18.12.159. No one wants to memorize or look up an IP addresses every time they want to go to a website. We find it difficult enough to remember urls and they are designed to be easy to remember. That is where the DNS comes into the picture. We enter a blahblahblah.com url website address and the DNS looks up IP address for that website and sends your browser there. Meanwhile, you have no idea any of this is goin on behind the scenes.
And now, the hackers come creeping into the picture. There are many ways they can interrupt this process of you accessing a website. DNS Poisoning is one. This is where the url does not translate to the correct IP address. Imagine entering www.target.com, but landing on the website for the Empire State Building. This would be an obvious mismatch and the user would recognize it immediately. But, what if the site is a malicious site that is made to look just like the intended site. Then the user is entering data thinking they are one place, but in fact they are in a clever trap. This type of attack is also called a DNS Spoof.
In order to create a long-term solution to DNS attacks, Domain Name System Security Extensions (DNSSEC) need to implemented on a broad scale. That requires a large effort by a lot of people and we know how long it can take for that to happen. In the meantime, logging strategies can be used to compare the requested site with the loaded site. It’s not ideal, but it will get the job done for now.
For more information on DNS: https://www.pcmag.com/how-to/what-is-dns-how-it-works-domain-name-system
Comments