As a core backbone of the infrastructure, Domain Name Service (DNS) acts as the phone book of the Internet. It helps route users hunting for a specific domain name and connects them to the resources of the IP address connected to that domain. When it runs the way it is supposed to, it is nearly invisible to the typical user — and even to many technical administrators. This lends an air of obscure simplicity that leads many organizations to assume that DNS is a background service that doesn’t require more than basic protection and is covered by other Web and email defenses.
That couldn’t be farther from the truth, and a new report from Dark Reading outlines the threats against DNS as well as what organizations should to secure DNS infrastructure.
Some of the most common DNS attacks include:
To ensure the proper security of DNS infrastructure, organizations need a solid combination of strong security hygiene around DNS infrastructure and records management, close monitoring of DNS traffic, effective filtering, and deployment of more advanced protocols like DNSSEC. The cost of not employing these measures can be high. The average cost of a successful DNS attack is upward of $1 million.
When attacks happen, sometimes the best that many organizations can do is to literally pull the plug on their DNS or network infrastructure.
The Dark Reading report, “Everything You Need to Know About DNS Attacks,” explores the nuances of the DNS security awareness gap, including why organizations are struggling to implement a full slate of DNS security measures and what it will take to combat these common DNS attacks. The report examines what it takes to harden DNS infrastructure from attacks, the importance of creating more visibility around DNS, and how DNS protection measures can actually be used to improve other areas of cybersecurity awareness.