Chapter 3: Securing the Domain Name System

Previous page
Table of content
Next page

Overview

Today's Internet relies heavily on a large number of distinct and simple protocols, many of which have been scaled to their conceivable limit to keep up with the growth of the global network. The Domain Name System (DNS) is a perfect example of such a protocol, though many would consider it theoretically infinitely scaleable. Originally designed for simply translating easy-to-remember names (like http://www.vostrom.com) into hard-to-remember quad- dotted decimal notated numbers (like 69.16.147.21), DNS is now relied upon for virtually all significant applications that ride over the network. To qualify this remark, one must consider that without DNS, e-mail would cease to be delivered, web site names would not resolve, and even if numeric addresses were typed in their place, modern digital certificate validation methodologies and reverse-lookups adopted for security enhancements would render most numeric addresses useless when used apart from DNS. Attempts to add embedded security mechanisms into DNS, such as the DNSSEC initiative, have been slow to proliferate and gain industry acceptance. And in the case of DNS, scalability, reliability, and improved performance seem to outweigh the call for enhanced security in the near term . DNS, as it exists today, is a major challenge to security, and nearly every major network service you rely upon hangs in the balance. In this chapter, we'll discuss some of the little-known implementation techniques that will help you secure your critical DNS infrastructure and explain the dangerous realities of weaknesses in the design of the DNS protocol itself.

This chapter will cover the following:

  • DNS Background and Function A brief explanation of the DNS protocols and how they came to be.

  • Information Disclosure How DNS-based information disclosure can inadvertently allow an attacker to map your network.

  • Global Weaknesses Problems with the global implementation of DNS and how they might affect your organization.

  • Your Organization's DNS Servers An explanation of common threats and how to avoid them or mitigate their impact.


Previous page
Table of content
Next page
Extreme Exploits. Advanced Defenses Against Hardcore Hacks
Extreme Exploits: Advanced Defenses Against Hardcore Hacks (Hacking Exposed)
ISBN: 0072259558
EAN: 2147483647
Year: 2005
Pages: 120
Authors: Victor Oppleman, Oliver Friedrichs, Brett Watson
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
The .NET Developers Guide to Directory Services Programming
Network Security Architectures
An Introduction to Design Patterns in C++ with Qt 4
Comparing, Designing, and Deploying VPNs
Understanding Digital Signal Processing (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy