Reducing the Risk of DNS Cache Poisoning by the Kaminsky DNS Vulnerability
Published 14th Apr 2009 | Source - Security | Pages - 11In response to growing concerns over the Kaminsky DNS Vulnerability, announced at the 2008 Black Hat event, NitroSecurity has researched additional methods of protecting corporate DNS resources, for use in addition to other identified methods, including:
- The application of DNS server patches, to reduce the probability of exploitation of local DNS.
- The use of trusted remote domain systems, such as Open DNS, to minimize exposure to the exploit.
While both of these mechanisms offer protection, and are recommended by NitroSecurity as well as other industry experts, NitroSecurity believes that there is still a significant risk of DNS cache poisoning, and has developed additional defenses, in order to provide better protection for internal name resolution, and also for
those companies who may be unable to, or unwilling to, use trusted outside DNS services.
NitroSecurity, in conjunction with industry experts (including researchers from the Rochester Institute of Technology), has validated the use of two custom detection signatures, which-when combined with reactive device blocking (also referred to as "blacklisting")-can provide much greater protection than that provided by
DNS patches alone. The need for the best possible protection against this vulnerability is driven by the proliferation of DNS throughout everyday personal and business Internet applications, and the potential risk involved in a successful DNS attack.
While patching DNS servers is a requirement, the patch does not remove the vulnerability: it simply makes it more difficult to accomplish. Successful attacks have already been made against fully patched DNS servers.
Discussion throughout the community is underway to find more layers of randomization to further reduce the chances of a successful attack. Most companies currently deploy Intrusion Prevention Systems, and if those systems support the correct features and signature libraries, they may be used as a further defense against this vulnerability. NitroSecurity has determined that, with the right combination of signatures and IPS features, along with appropriate DNS patches, the probability of a successful attack can be reduced to 0.003% over one year, down from 37.1% over one month using the patch alone.
latest whitepapers
-
Reducing network complexity, boosting performance with HP IRF technology
HP IRF is an innovative technology that lets you ‘flatten’ data center and campus networks, eliminating the need for a dedicated aggregation layer and providing more direct, higher capacity connections between users and network resources. And IRF helps customers achieve these goals in a cost-effective, easy-to-manage way. Learn more in this white paper.
Source HP -
Doubling VM Density and Lowering Costs with HP 3PAR Storage
Download this White Paper to know in detail about VM density and the impacts it has on the broader virtual infrastructure. The paper also talks about how HP 3PAR Utility Storage offerings help overcome typical virtual infrastructure storage issues and increase VM density as a result.
Sponsored by HP -
HP FlexFabric Reference Architecture Overview
New application architectures and software deployment models are fundamentally transforming the data center. Server virtualization, cloud computing, and everything-as-a-service (XaaS) imperatives are altering data center traffic flows, escalating bandwidth and performance demands, and introducing new security and service orchestration requirements.
This white paper reviews data center trends and describes HP solutions for building cost-effective, advanced data center networks that meet the evolving performance, reliability, and agility demands of the 21st century.
Source HP
