DNS Security. Ch 1: The Importance of DNS Security. Updated

Similar documents
TOP TEN DNS ATTACKS PROTECTING YOUR ORGANIZATION AGAINST TODAY S FAST-GROWING THREATS

Threat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

CSE 565 Computer Security Fall 2018

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Cloudflare Advanced DDoS Protection

Dan Boneh, John Mitchell, Dawn Song. Denial of Service

DNS: Useful tool or just a hammer? Paul DNS-OARC 06 Oct 2013, Phoenix

DNS Attacks. Haythem EL MIR, CISSP CTO, NACS

CS System Security Mid-Semester Review

CISNTWK-440. Chapter 4 Network Vulnerabilities and Attacks

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

DDoS Testing with XM-2G. Step by Step Guide

Network Security. Thierry Sans

NETWORK SECURITY. Ch. 3: Network Attacks

this security is provided by the administrative authority (AA) of a network, on behalf of itself, its customers, and its legal authorities

CTS2134 Introduction to Networking. Module 08: Network Security

A Look Back at Security Problems in the TCP/IP Protocol Suite Review

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Outline NET 412 NETWORK SECURITY PROTOCOLS. Reference: Lecture 7: DNS Security 3/28/2016

Network Security. Chapter 0. Attacks and Attack Detection

9. Security. Safeguard Engine. Safeguard Engine Settings

August 14th, 2018 PRESENTED BY:

Our Narrow Focus Computer Networking Security Vulnerabilities. IP-level vulnerabilities

Chapter 10: Denial-of-Services

Our Narrow Focus Computer Networking Security Vulnerabilities. Outline Part II

Denial of Service. Serguei A. Mokhov SOEN321 - Fall 2004

20-CS Cyber Defense Overview Fall, Network Basics

CE Advanced Network Security Botnets

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

DOMAIN NAME SECURITY EXTENSIONS

CSCE 463/612 Networks and Distributed Processing Spring 2018

Prevent DoS using IP source address spoofing

Sizing and Scoping ecrime

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

Resources and Credits. Definition. Symptoms. Denial of Service 3/3/2010 COMP Information on Denial of Service attacks can

Routing Security DDoS and Route Hijacks. Merike Kaeo CEO, Double Shot Security

CS System Security 2nd-Half Semester Review

DNS Security. * pers/dnssec/dnssec.html. IT352 Network Security Najwa AlGhamdi

Are You Fully Prepared to Withstand DNS Attacks?

Denial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu

Denial of Service, Traceback and Anonymity

Computer Security: Principles and Practice

10 Defense Mechanisms

Imma Chargin Mah Lazer

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

Attack Prevention Technology White Paper

Flashback.. Internet design goals. Security Part One: Attacks and Countermeasures. Why did they leave it out? Security Vulnerabilities

AN INTRODUCTION TO ARP SPOOFING

Topic 3 part 2 Traffic analysis; Routing Attacks &Traffic Redirection Fourth Stage

Information Technology Enhancing Productivity and Securing Against Cyber Attacks

CSc 466/566. Computer Security. 18 : Network Security Introduction

The big picture. Security. Some consequences. Three types of threat. Warm up: phishing. Danger: malicious servers

Less is More Cipher-Suite Negotiation for DNSSEC

Security. - All kinds of bad things attackers can do over the network. Next lecture: defense building blocks

Chapter 7. Denial of Service Attacks

INTRODUCTION ON D-DOS. Presentation by RAJKUMAR PATOLIYA

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

Quad9: A Free, Secure DNS Resolver. Nishal Goburdhan Internet Infrastructure Analyst Packet Clearing House

INF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015

Comprehensive datacenter protection

NETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

DNS Cache Poisoning Looking at CERT VU#800113

ICS 451: Today's plan

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

DNS Authentication-as-a-Service Preventing Amplification Attacks

Défense In-Depth Security. Samson Oduor - Internet Solutions Kenya Watson Kamanga - Seacom

Network Security (and related topics)

DNS Firewall with Response Policy Zone. Suman Kumar Saha bdcert Amber IT Limited

«On the Internet, nobody knows you are a dog» Twenty years later

Next Week. Network Security (and related topics) Project 3 Q/A. Agenda. My definition of network security. Network Security.

Security Architect Northeast US Enterprise CISSP, GCIA, GCFA Cisco Systems. BRKSEC-2052_c Cisco Systems, Inc. All rights reserved.

DumpsTorrent. Latest dumps torrent provider, real dumps

Proxy server is a server (a computer system or an application program) that acts as an intermediary between for requests from clients seeking

Acceptable Use Policy

Introduction to Network. Topics

Systems and Network Security (NETW-1002)

F5 comprehensive protection against application attacks. Jakub Sumpich Territory Manager Eastern Europe

(Distributed) Denial-of-Service. in theory and in practice

Patch For AR450S Routers

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder. System and Network Engineering July 2014

A policy that the user agrees to follow before being allowed to access a network.

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Int ernet w orking. Internet Security. Literature: Forouzan: TCP/IP Protocol Suite : Ch 28

Network and Internet Vulnerabilities

DNS Security Strategies

The big picture. Security. Some consequences. Three types of threat. LAN Eavesdropping. Network-based access control

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

Configuring attack detection and prevention 1

An Overview of DNSSEC. Cesar Diaz! lacnic.net!

CASE STUDY: REGIONAL BANK

Attacks against the DNS. Dave Piscitello VP Security and ICT Coordination April 2015

Lecture 12. Application Layer. Application Layer 1

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

Security. - All kinds of bad things attackers can do over the network. - Techniques for protecting against these and other attacks

N exam.420q. Number: N Passing Score: 800 Time Limit: 120 min N CompTIA Network+ Certification

Denial of Service. Denial of Service. A metaphor: Denial-of-Dinner Attack. DDoS over the years. Ozalp Babaoglu

Securing Information Systems

CIS 551 / TCOM 401 Computer and Network Security

Transcription:

DNS Security Ch 1: The Importance of DNS Security Updated 8-21-17

DNS is Essential Without DNS, no one can use domain names like ccsf.edu Almost every Internet communication begins with a DNS resolution

Topics DNS Under Attack DNS Assisting Attacks DNS Traffic as a Gauge of Malicious Activity Lack of DNS Authentication and Privacy

DNS Under Attack

Microsoft (2001) In 2001, Microsoft's DNS servers were attacked Link Ch 1a

Single Point of Failure Microsoft's network went through a single switch at that time 25% of the 1000 largest companies had a centralized DNS architecture at that time Companies moved to distributed architectures

Botnet defeated distributed architecture Link Ch 1b

2002 Attack on DNS Root Servers Attacked all 13 root servers simultaneously ICMP flood, 900 Mbps Links Ch 1c, 1d

Defenses in 2002 The attack had little effect, because Root DNS servers are vastly overprovisioned Attack was short; 1 hour DNS records were cached in downstream servers

2007 Attack on DNS Root Six root servers attacked from Asia Volume 1 Gbps per server, bogus DNS requests Only two were affected, because they did not yet have Anycast configured Anycast allows one IP address to be shared by many different servers Traffic automatically goes to closest working serer via BGP Link Ch 1e

2007 Attack on DNS Root

Tracing DNS Root.com.net.edu ccsf.edu ns3.ccsf.edu

Tracing DNS Use the +trace option with dig

Tracing DNS

DNS Caching Root.com.net.edu ccsf.edu "Resolver" servers cache content Clients rarely query the root ns3.ccsf.edu

DNS Cache Poisoning Malicious altering of cache records redirects traffic for users of that server 2005 attack redirected traffic for more than 1000 companies Link Ch 1g, from 2005

Kaminsky DNS Vulnerability Serious vulnerability in 2008 Allowed poisoning caches on many servers Patched before it was widely exploited Link Ch 1h

Changed local DNS server address Link Ch 1h

DNS Assisting Attacks

Wannacry Ransomware Caused hospitals across England to divert emergency patients in May 2017 Used NSA-developed attacks leaked by "Shadow Brokers" (Russians) Microsoft released a patch but hospital systems didn't install it in time Link Ch 1y

Link Ch 1z1

Saved American hospitals & other businesses by freezing Wannacry Arrested in the US after DEF CON; accused of selling banking malware Link Ch 1z, 1z2

Dynamic DNS (DDNS) Allows the IP address of a domain name to change quickly This allows home users to host servers on transient addresses Abused by botnet operators, phishers, and malware download sites Change address rapidly to avoid detection and shutdown

Fast Flux DNS Changes DNS addresses rapidly Hides servers behind reverse proxies that rapidly change Makes it difficult to find the central servers Link Ch 1j

Packet Amplification Smurf attack PING echo request sent to a broadcast address Many replies for each request Attacker Target

DNS Amplification Find a domain name that gives a large response Also called "DRDoS Attack" (Distributed Reflection and Amplification Denial of Service) Link Ch il Attacker DNS Server Target

dig any yahoo.com

dig any yahoo.com Request: 69 bytes Reply: 379 bytes Amplification: 5.5 x

dig any ietf.org Large DNSSEC signatures

dig any ietf.org Request: 28 bytes (+66 header) Reply: 4183 bytes (+ headers) Amplification: 45 x (but via TCP)

Extension Mechanisms for DNS (EDNS) Allows transmission of larger packets via UDP Normal max. is 512 bytes This extends it to larger values, such as 4096 Essential for DNSSEC efficiency, but will make DNS amplification much more powerful Link Ch 1k

DNS as a Conduit of Attacks Sinit Trojan (2003) Used port UDP 53 Allowed by firewalls Link Ch 1m

DNS Traffic as a Gauge of Malicious Activity

DNS Monitoring Infected machines often make many DNS queries Spam relays make DNS requests to find addresses of mail servers Botnets often make many DNS requests to obscure domains

Conficker Worm Domains Algorithm made 50,000 new domains per day Registrars tried to block them all Links Ch 1u, 1v

Requests per hour Bots Normal Traffic From Link Ch 1q

Blocking DNS Resolution for Known Malicious Domains

OpenDNS Anycast for reliability Reports of DNS activity for management Blocks malicious servers Can enforce other rules like Parental Controls

Storm Worm (2007) Distributed C&C (Command and Control) via a peer-to-peer system Fast flux DNS Mutates every 30 minutes Link Ch 1s

Microsoft took over the 3322.org domain, with authorization from a court order, in 2012 Controversial process Only temporary botnet disruption Takes down C&C servers controlled by other researchers; "collateral damage" Link Ch 1t

Lack of DNS Authentication and Privacy

DNS Monitoring DNS monitoring shows every domain visited Used by security team to monitor network usage

Intrinsic Protocol Weakness DNS requests and responses are not encrypted No strong authentication Responses cannot be fully trusted Responses can be spoofed or intercepted and modified Altered responses may be cached for a long time

Financial Impacts and Intangible Losses Availability: DNS outage causes direct loss of revenue Fraud: Modified DNS services can Send spam Drive users to phishing sites Connect bots to C&C servers Locate malware download sites

Cyberwar

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback