Securing DNS should trump budget-cutting, experts say
The discovery of a major DNS flaw in mid-2008 landed the technology in many headlines, but with economic concerns weighing on many in IT, industry watchers worry that revamping systems and security around domain name servers could be put on hold in 2009.
The vulnerability discovered by director of penetration testing at IOActive Dan Kaminsky motivated numerous vendors to upgrade their products to protect enterprise networks against cache poisoning and other DNS attacks, such as distributed denial-of-service (DDoS). IT directors were encouraged to upgrade their DNS systems to guard against potential threats, but a survey by The Measurement Group revealed that about 25% of servers had yet to be upgraded by mid-November. Now, with the year coming to a close, DNS experts worry the projects will take a back seat to cost-cutting measures.
"These name servers are trivially vulnerable to the Kaminsky attack. With an effective exploit script, a hacker can insert arbitrary data into the cache of one of these names servers in about 10 seconds," says Cricket Liu, vice president of architecture at Infoblox.
A separate survey of 466 enterprise online customers conducted by DNSstuff in September revealed that 9.6% hadn't patched their DNS servers and 21.9% didn't know if they were patched. The findings show that despite the DNS community's and several vendors' efforts, a significant number of server administrators have yet to take action. As for the reasons behind the lack of patches, more than 45% cited a lack of internal resources, 30% said they were unaware of the vulnerability and 24% reported they didn't have enough knowledge of DNS to take the appropriate steps. DNSstuff's customer research also found that the most common DNS issues among respondents include e-mail downtime for 69%, DDoS attacks and cache-poisoning attacks for nearly half and spoofing for 18.5%.
That's why the IP address management vendor is looking to dispel what it calls a handful of myths around DNS and get people paying attention to the technology in 2009, despite economic worries.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
DNS security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
