Supplementary Internet Services

Domain Name System Services

Although name service is often stereotyped as being an insignificant service, it is arguably the most important Internet infrastructure- related component because mail and web services rely on it heavily. Internet DNS is essentially a distributed database for mapping names to IP addresses, and vice versa (see Chapter 3 for details).

There are several ways for an attacker to manipulate name service in order to adversely affect your infrastructure. Your systems may be compromised by:

• Modifying the records you have on file at your Domain Registrar

• Using your (or your ISP's) authoritative name servers against you

• Externally influencing your internal, recursive name servers

We cover these risks and mitigation techniques in full detail in Chapter 3.

Electronic Mail Services

(e)SMTP is the (enhanced) Simple Mail Transfer Protocol and is generally responsible for moving electronic mail back and forth across the Internet between disparate domains. SMTP is the protocol used when different mail exchangers (MX), mail transport agents (MTA), or client mail user agents (MUA) need to communicate with each other to send electronic mail. SMTP is defined in RFC 821. Arguably, the operation and security of the Internet mail infrastructure is as important as the Domain Name System.

Mail exchangers are the primary systems that handle electronic mail (sending and receiving) for specific domains. Organizations typically utilize one or more MX hosts to send and receive mail for their domain(s). ISPs may run a large number of geographically diverse MX hosts to exchange mail for many customer domains.

Whether maintained by an ISP or an organization, attackers may manipulate electronic mail service in the following ways:

1. Causing denial of service against the mail servers

2. Using improperly configured mail servers to relay spam or other unsolicited e-mail

We cover these risks and mitigation techniques in full detail in Chapter 7.