Preventing DNS Attacks: Tips and Best Practices

The breakdown of common attack types goes like this:

76% are direct denial of service (DDoS) attacks – Also known as amplification attacks. They use several computers to issue a flood of requests to a server, causing it to overload and stop responding. DDoS attacks involve one attacking system and one server.

33% involve cache poisoning – Involves replacing legitimate cache information with faked or spoofed data to redirect users.

29% are DNS exploits – Attackers search for DNS vulnerabilities to find a weak point to penetrate the system.

29% involve UDP flooding – A form of DDoS DNS attack, these attacks overwhelm a targeted system until it can no longer respond.

24% are the result of DNS tunneling – Hackers embed malicious coding or programs in the DNS queries in an effort to commandeer the session and/or re-direct traffic.

Here are some practices that will improve your defense mechanisms.

1. Audit DNS zones – Many admins concentrate on the main server and forget about other hosting and DNS zones. However, attention should also be paid to test domain names, sub domains, and unrestricted areas that may run outdated or unprotected software.
2. Validate record changes – Related to point number one, you should validate any changes you find in A, NS, CNAME, and MX records that you notice during your audits. You can find examples of this in our basic tech talk webinar.
3. Monitor and validate logs – In addition to auditing main DNS and subdomains, log monitoring is essential. It’s tedious, but not monitoring and validating the source IPs in OWA/Exchange logs could mean overlooking a problem until it leads to a DNS attack.
4. Use multi-factor authentication – Single passwords are no longer enough to restrict access, even if they’re hard to crack. Implement two-factor authentication on your domain’s administration portal as well as other potentially vulnerable access points that hackers probe for entry. This tactic also should reduce the incidence of employees falling for social engineering attacks like phishing and domain spoofing.
5. Use encryption – Hardening access is one thing, but all of your data and information should also be encrypted to protect it from prying eyes. Install and use a strong VPN service to shield your domain name, activity, and other information from hackers and spies. A company policy mandating no one connects to the internet without a VPN turned on is a smart move. You should also search for SSL certificates that are related to your domain and revoke any malicious certificates.
6. Keep software updated – Security and updates are often left up to the web hosting service and individual users, but they are not the only ones incumbent.  Website owners and administrators are responsible for making sure that their hosting service keeps on top of the latest updates and security patches. In addition, you should maintain the most current anti-malware and anti-virus protections yourself. When in conjunction with the other best practices outlined, you have a multiple-layer application of protection.
7. Probe for vulnerabilities – Hackers spend a great deal of their time probing domains and servers for easy access points. Combat these advances with regular internal investigations. Performing these tests will expose points of weakness and harden them before someone else exploits them. This will also allow you to determine if a DNS attack has already happened. It takes an average of six months before the average website admin notices infiltration, and a lot of damage can be done during that time.