What is DNS Tunneling?
Cybersecurity is a growing concern for businesses of all sizes. There's a lot to learn about all things cybersecurity, and most businesses, even very small ones, outsource their network management and security planning.
Regardless of whether or not you directly implement security solutions, you should still have a general idea of what the threats are and how to protect against them.
One type of threat is called DNS tunneling. DNS stands for domain name system. It's often grouped in with dynamic host configuration protocol (DHCP) and IP address management (IPAM) for automated security purposes. These together are referred to as DDI in networking.
The domain name system translates URLs into IP addresses. A domain name system is one of many points of entry a cyber attacker may use to gain access to a network, and the following are key things to know about what's referred to as DNS tunneling.
An Overview of DNS Tunneling
A DNS server is a link to an IP address, and tunneling is an attempt on the part of a hacker to seize the protocol. Hackers use DNS tunneling to own a network, and it's not a new concept. Certain relatively well-known types of malware including Feederbot and Morto, have been used for DNS tunneling.
With tunneling, a hacker will take the DNS pathway, which is established, and use it as a way to gain information about the company for malicious reasons. Often, email addresses are the source of data breaching seen with DNS tunneling.
The reason DNS tunneling is popular among hackers and cybercriminals is that DNS is very frequently used and is widely trusted. Also, DNS isn't meant as a way to transfer data, so it's a point of weakness for a lot of organizations because they don't monitor the traffic or activity.
How Does DNS Tunneling Work?
With a DNS tunneling attack, there is an exploitation of the DNS protocol with the objective of tunneling malware and data through the client-server model.
So what could happen is this-a cyber attacker registers a domain, and the domain name server directs to the server of the attacker. This is where tunneling malware is installed.
The attacker infects a computer, which is very often behind a firewall, with malware.
Since DNS requests can always go in and out of a firewall, the infected computer sends the query to the DNS resolver. A connection is established through this DNS resolver, and the tunnel is a way to remove data. It's tough to track this kind of cyber-attack because there isn't a direct connection between an attacker and a victim.
There are two ways DNS tunneling attacks might be detected. One is payload analysis. With this option, defenders look at unusual data that's being transmitted. For example, this might include a different character or a DNS record type not frequently used.
Another way to detect this type of attack is traffic analysis. With this option, defenders look at how many requests are going to a DNS domain and then compare that to the average data usage figures.
When a hacker is in the midst of a DNS tunneling attack, it causes heavy server traffic.
There are other similar ways to use protocols for tunneling.
For example, Command and Control malware, HTTP might be used as a way to disguise communications. In this situation, the data looks like browser traffic to a remote hacker-controlled website.
Pretty much any confidential information can be the target of this type of breach.
Information used in identity theft including Social Security numbers and health care data may be targeted, and financial information can be a target also.
Protecting Your Organization
As was mentioned, DNS is often left unmonitored and unsecured, which is why DNS tunneling occurs so frequently.
The right tools need to be selected to prevent DNS tunneling and detect it quickly if it is occurring. For example, the tool needs to look at complex data extraction that may be happening, and also attacks that stem from pre-configured packages.
A DNS firewall can be a way to identify possible intrusions, and a DNS security solution needs to offer real-time analytics.
A DNS security tool should have the functionality to blacklist certain destinations, and of course, automation is essential to detect any strange patterns because human monitoring just isn't as efficient or comprehensive. DNS protection should be part of a larger DNS infrastructure and network architecture.
The most important takeaway here is the DNS is a point of weakness often exploited and organizations need to be aware, so they can take the necessary steps to prevent it.
MORE IN ITECHPOST
The Role GPS Trackers are Going to Play in 2020
Even though GPS trackers are always going to be used to locate positions, they can do so much more than this.
How Do Personal Emergency Response Systems Work?
Personal emergency response systems, known as PERS for short, are systems that help people to raise the alarm and get immediate help when a medical or personal emergency occurs. They are ideal for older people and anyone with a mobility issue or an injury or illness that can cause falls.
Game Developers’ Different Roles in the Studio
Learn about the different professionals involved in developing video games. Becoming a game developer is one of the coolest jobs around and your 14-year-old self, perched on the edge of your bed as you play PlayStation, will thank you for making such an awesome career move.
Michael Wiener of Albuquerque New Mexico Shares Fun Facts About the History of USA License Plates
Motor vehicle license plates are physical, historical records of motor vehicle history and license plate collecting attracts fans of history, motor vehicles, and classic design. In this article, license plate expert Michael Wiener of Albuquerque New Mexico shares fun facts about license plates in the United States.