mimNiiu_jF4In February 2019, ICANN (Internet Corporation for Assigned Names and Numbers, the company responsible for assigning domain names and numbers on the Internet) issued a warning about unprecedented global attacks on DNS infrastructure. This is a sign that the DNS service, which is essential for the proper functioning of all network traffic, whether it be internet browsing or internal data flows within companies, is now increasingly targeted by cybercriminals.
To better protect employees' browsing within the company, it is important to include DNS filtering in your web security chain now so that you can block certain malicious traffic and continue to effectively protect all IT resources in the information system.
DNS: the service essential to the proper functioning of the information system
The Domain Name System ( DNS ) service is essential for the proper functioning of the Internet, as it converts domain names into IP addresses. It is equally important for corporate computer networks, as it allows all connected devices (workstations, tablets, smartphones, connected objects, etc.) to access other shared IT resources and services.
All organizations therefore operate DNS services that constantly receive requests from devices and services connected to the TCP/IP network, thereby ensuring the smooth operation of the information system:availability of email, internal or web applications, internet traffic, printers, monitoring, cameras, IoT, etc.
Although DNS traffic is absolutely essential, it is rarely controlled: more and more devices are contacting DNS services without going through the company's proxy server, which is responsible for filtering. This poses a real risk for companies, which must not only ensure that internet traffic complies with legal and cultural requirements, but also protect themselves from potentially malicious requests sent to the DNS server. When it comes to cybersecurity, however, an immediate response is essential: either the first call is blocked, or the organization is exposed to risks.
How can you prevent malware from exploiting DNS security vulnerabilities?
The risk could come, for example, from malware that infiltrates the organization and calls domain names that change frequently via the DGA (Domain Generation Algorithm). In this case, only the malware and its server know the combination. If the DNS service does not filter by default, it will return the IP address of the called domain and the organization will be exposed to hacking risks. But this is just one example among a wide variety of DNS attacks...
In the private sector, connected objects are booming but are often developed in open-source by manufacturers and/or publishers who very rarely integrate a "security by design" policy at this stage. More and more malware can run on these "lightweight" environments, leading to what is known as "DNS spoofing": the connected device is diverted within the network, malware interferes to call up different names instead of the publisher's site (which would have checked, for example, if there was an update) and redirects it to a server that will introduce the threat into the internal network...
The lack of filtering for these increasingly common devices in organizations constitutes a security breach that is nevertheless easy to remedy, as Farid Agha, Customer Success Manager at Olfeo, explains:
Here is your text... Select any part of your text to access the formatting toolbar.
For your cybersecurity strategy, this involves implementing real-time protection to distinguish legitimate network traffic from suspicious traffic that must be filtered by the DNS server, thereby ensuring optimal protection for the information system.
The Olfeo web security gateway meets this need precisely and offers several integration modes that can be implemented very quickly. This allows you to activate a DNS filtering service that will contain users and access, whether for uncontrolled or connected devices, and apply filtering rules. Thanks to the quality of the Olfeo URL database, the 2% of unknown websites are blocked at the DNS server level.
