Blog

Internal DNS Monitoring & Restrictions

posted by: FraudWatch International date: Jul 29, 2015 category: All, Pharming, Phishing comments: Comments Off on Internal DNS Monitoring & Restrictions

All companies use a DNS, so monitoring it is a must. A lot of things happen on the border of your Internet Perimeter. By monitoring, you can get feedback on network traffic. What are your employees using the Internet for? What is the most common page being visited? What network traffic is coming in or going out?

“DNS is frequently used as a conduit to surreptitiously tunnel data in and out of the company,” says Cricket Liu, the chief DNS architect at Infoblox, “and the reason people who write malware are using DNS to tunnel out this traffic is because it’s so poorly monitored, most people have no idea what kind of queries are going over their DNS infrastructure.”

There is also the issue of people using DNS to bypass network security controls. Companies may have security policies to block certain websites, but employees can point to another DNS and get around the security inside an organisation, therefore avoiding network restrictions, security policies or content filtering. This can also be used by attackers to avoid detection.

DNS attacks are becoming more of an issue. More companies are suffering DNS attacks around the world, because they are treating DNS as a utility. Companies aren’t aware of what traffic is travelling through their networks. If they knew what information is being transmitted, they would want to be proactive and lock it down more.

By using a DNS layer companies can actively manage your DNS, you can apply network controls at a level employees (and attackers) can’t work around. You can detect phishing attacks and malware command and control more efficiently at the DNS layer than using a web proxy or doing deep packet inspection, and you can detect it as it happens rather than days later. For example you may discover a particular PC which has a lot of traffic coming in or out of. This could be connected to Malware Command and Control.

Imagine a scenario of a disgruntled employee who knows the inner working of your systems and infrastructure, and has direct access to PC’s and information. Or perhaps a careless, uninformed employee who clicks the wrong hyperlink in a spam email, therefore downloading Malware and sharing information. These are very likely scenarios that companies don’t seem to take enough action on. A recent UK survey done by YouGov, sponsored by Blue Coat makes the claim that as little as 1 in 5 employees have received training in IT security. That’s a whopping 82% of your staff that have no idea on the repercussions and dangers they could be putting your business in. An excellent example of this is when the ABC TV studio’s broadcasting systems where taken down by a “Crypo-ransomware” when an employee clicked on a fake email attachment.

Lock it down and stop problems before they start. Monitor your DNS to find any potentially harmful activity that may start, or is already there.

Comments are closed.