DNS Security

Transcript

1. DNS Security Dhaval Kapil Computer Science and Engineering Department IIT

   Roorkee

2. Flow of the presentation • About DNS • Working of

   DNS • Flaws in design of DNS • Threats involving DNS • Mitigation of these threats

3. Domain Name Service http://www.codeguru.com/cpp/sample_chapter/article. php/c12013/Sample-Chapter-Domain-Name-System.htm

4. About DNS • Hierarchical distributed naming system for computers •

   Mapping of 'domain name' and 'IP address' • Internet’s primary directory service

5. Working of DNS DNS Server: ▪ Information about domain names

   stored in text files called zones ▪ Listens on UDP port 53 for name resolution queries ▪ Listens on TCP port 53 for zone transfer queries DNS Client: ▪ Runs a service - resolver ▪ Handles interaction with DNS Server for resolving domain names and IP addresses through records

6. Flaws in the design of DNS • Designed without any

   security considerations • Was initially designed for small networks with trusted hosts • No check for authenticity and integrity added • Unfortunately with growth of network DNS remained unchanged • Resulted in lots of threats because of the above issues

7. Threats involving DNS 1. Zone File Compromise 2. Zone Information

   Leakage/DNS Footprinting 3. DNS Amplification Attack 4. DNS Client flooding 5. DNS Cache poisoning 6. DNS Vulnerabilities in Shared Host Environments 7. DNS Man in the Middle Attacks - DNS Hijacking 8. Typosquatting

8. Zone File Compromise • Administrator can directly interact with DNS

   Server • Command line or GUI interface provided for configuration of DNS records • In this attack, the attacker first gains direct access to the server Security measure: Restrict access to DNS server

9. Zone Information Leakage/DNS Footprinting • Zone Transfer: DNS Server passing

   a copy of its database (called “zone”) to another DNS Server. • Slave DNS Servers ask for zone transfer from Master DNS Server • Attacker pretends to be a Slave DNS Server • DNS records reveal about the topology of the network Security measure: Restrict zone transfers to particular IP addresses or use any other kind of authentication

10. DNS Amplification Attack • Genuine DNS servers used to perform

    DOS attack on victim host • Attacker sends DNS request packets to a genuine DNS Server with source IP spoofed as victim’s IP. • Amplified responses go to victim.

11. DNS Client Flooding • Attacker sends a flood of DNS

    packets to the DNS server • Preferably request for invalid domains • The DNS server tries to spend all of its resources on finding the IP • Resources exhausted for legitimate requests

12. DNS Cache Poisoning https://jfdm.host.cs.st-andrews.ac.uk/notes/netsec/

13. DNS Vulnerabilities in Shared Host Environments http://www.net-security.org/dl/articles/Attacking_the_DNS_Protocol.pdf

14. DNS Man in the Middle Attacks - DNS Hijacking http://www.net-security.org/dl/articles/Attacking_the_DNS_Protocol.pdf

15. Typosquatting • The practice of registering a domain name that

    is confusingly similar to an existing popular brand • The attacker registers similar sounding domain names. • This threat does not target a particular victim.

16. DNSSEC (Domain Name System Security Extensions) • Around 1994, the

    IETF started a discussion to make DNS secure by adding a set of extensions to it. • Backward compatibility ensured • Performance issues kept in mind • Provides authentication and integrity to DNS • Unfortunately still not widely adopted

17. • Widespread need of DNS in internet • Original implementation

    didn’t consider security issues • No check for authenticity and integrity • To add security, IETF added security extensions DNSSEC Conclusion