Here at Bure Valley Group, we are working more and more with exciting new tech startups including cybersecurity firms. It has brought an important subject to our attention: DNS attacks.
In this article, we’re going to briefly explain what DNS is, and how holes in your DNS security can leave your business and other web assets vulnerable to malicious online threats.
What is DNS?
DNS is one of the foundational architectural pieces of the internet. It is like a phonebook, which your smartphone or desktop computer uses to find websites you search for.
The name of this phonebook is called “DNS”, or domain name system. You use DNS to search for websites using their names, such as bbc.co.uk. Your web browser, however, will find the website by looking past this website name and finding its internet protocol (IP) address.
How hackers attack the DNS architecture
Clearly, DNS is one of the most important pillars of the internet. It is therefore quite alarming that lots of businesses – small and large, old and new – neglect to solidify their defences against DDoS attacks.
DDoS stands for “distributed denial of service”, and it’s a type of attack used by hackers to shut down your website. They do this by overloading your systems, pinging your IP address continuously in order to overwhelm it and shut it down.
Signs of DDoS on your website
Of course, if your website suddenly shuts down it could be due to any number of reasons. Perhaps someone has inadvertently turned something off in your hosting settings, for instance. However, if your company website is down and you are receiving “denial of service” messages, then that could be a sign of a DDoS attack.
To be more certain that you have been attacked, watch your network and website traffic. If you see your website go from a steady stream of traffic and completely functional, to a sudden spike in traffic and shut down, then that’s almost certainly a sign of DDoS.
Although DNS attacks all essentially use the same objective – overloading your company website to make it crash – there are a number of strategies they use to achieve this.
One way they do this is to compromise your DNS servers, by changing the information in your nameservers. This happens when someone manages to break into your hosting provider account, perhaps by exploiting a weakness in the system.
Another approach used by hackers is use of a botnet, which they rent by the hour to launch an overload attack. Finally, cache poisoning is another common approach. Here, the hacker puts incorrect information into your server’s cache. This means that information requests from your server (i.e. people using a browser to access your company website) will receive the false information instead of the correct data you want to deliver to them.
How to prevent DDoS attacks
Obviously, a DNS attack is not something you want to happen to your company website. So what are some of the preemptive steps to can take to reduce the threat?
#1 Focus on your resolver
You should consider restricting access to your resolver only to specific people within the organisation. This helps prevent the cache from being accessed and poisoned by malicious users outside of your company. Make sure your resolver is both protected and private.
If you configure your DNS software to make your outgoing requests variable, then it makes it much hard for hackers to penetrate your systems with a false response. Speak to your IT provider about whether/how to do this.
#3 Watch Your Nameservers
Your nameservers are vitally important, as they point your domain name towards your hosting space. Any unhelpful or malicious tinkering here can easily pull the rug out from underneath the feet of your website. So, make it a habit to set up notifications concerning any changes to them.
#4 Clear the Cache
Every now and then, it is a good idea to clear the cache on both local and wide area networks. Think of it like defragging your hard drive on your personal desktop computer. It benefits your systems to do it periodically.
#5 Different Servers
Beyond using an up-to-date firewall, another good idea is to consider hosting your web assets on different servers. In the event that you experience a DDoS attack, the other server(s) can take over whilst the attack is warded off.
What to do in the event of DDoS
If you believe your website experiencing a DDoS attack, then you need to call your IT security team immediately. Speaking with your internet service provider (ISP) can help you identify any potential attacks, and implement an appropriate defensive strategy to fight off the DDoS attack.
Do not try and resolve the problem yourself. It is always a good idea to work alongside an experienced, qualified IT professional to identify the issue quickly and act fast in response.