Steps to Protect Yourself against DNS Hijacking or DNS Hacking

This week, you might have come across the news about how turkey-based hackers hijacked DNS servers of several popular websites such as The Register, The Telegraph and National Geographic Channel. They re-directed the traffic to their webpage with the slogan “4 Sept. We TurkGuvenligi declare this day as World Hackers Day - Have fun ;) h4ck y0u”. These popular website DNS servers were handled by NetNames. It’s sufficient to say they had hectic days ahead fixing the problem and allying fears about further intrusion.

We all think that our DNS servers are safe behind a firewall and that these things won’t happen to us. Only when it does happen to us, do we realize how big of a problem this, DNS hijacking, really is.

The concept is quite simple and deadly. The hackers either employs brute force DDOS attack on the servers or use SQL injection method (which was used in the latest attack) to insert a Trojan which then hijacks the original IP address in the DNS server with bogus ones. Once this is complete, visitors who land on this page are silently re-directed to hackers landing page without their knowledge. The landing page contains viruses and malwares which can instantly affect visitors system. Most of the time hackers try to re-creating a website similar to the actual website, so as to fool the users and collect user sensitive data such as usernames and passwords, while the actual website owners stay unaware for sometime before they detect it.

Hence, it is always safe to deploy steps to safe guard your DNS servers and ensure that no funny business is going on. Below are some of the key steps proscribed by various security institutions and experts on how to safe guard DNS servers which I have complied here for your reference:

• DNSSEC – Domain Name System Security Extensions: When DNS was created, the focus was on scaling it for large systems and security wasn't a primary consideration then. However, with frequent hacks, providing security to DNS become primary objective. DNSSEC is a security extension to DNS system which provides adds a security layer to prevent hacks, while maintaining backward compatibility to older versions of DNS. Despite the disagreements present about DNSSEC, its role is slowly gaining support and certainly strengthens your DNS servers against such attacks.

• Strong Password Policies and User Management: Usually DNS servers are managed via web interfaces. While this is much easier for the IT team to manage DNS servers, employing stronger password policies will reinforce its security even further. In addition, provide restrictive access to DNS server management to only those who need them within your IT team. And again enforce proper password policies to those users.

• Demand Better SLAs from DNS Service Providers: Sign up SLAs for your DNS servers with your DNS service providers. Make sure that you know whom to call in case of any problem. You should also monitor these SLAs and ensure that you are receiving better quality and support. In addition, make sure that they have better infrastructure to cope with any kind of attack. Our Site24x7 SLA management feature allows you to monitor not just your ISPs SLAs but also enables you to monitor your DNS service provider’s SLA as well.

• Configure Master-Slave DNS within your Network: If you are configuring and maintaining your own DNS servers, employ Master-Slave DNS configuration. As Michael Cobb from SearchSecurity.com puts it in his article, ensure a Master-Slave DNS network within your network. The Master DNS should be kept behind the firewall with no access to the internet. You can employ two slave DNS servers available to the internet. Even if one of your slave DNS servers is hacked, they will be updated the next time when they receive update from your Master DNS server.

• Constantly Monitor Your DNS Servers: Last but not the least. Constant monitoring of your DNS servers should be a top priority. If you fail to not monitor your DNS server's IP address and something goes wrong, you are to be blamed. Our Site24x7 DNS monitoring service allows you to monitor your DNS server IP address every minute. You can check if your website lookup is actually retuning the correct IP address. If not, then Site24x7 automatically and instantly alerts you via SMS, Email and via Twitter about the problem. This lets you be the first responder to the trouble and take action before your user is affected. 

Any organization, which uses internet to promote its business, cannot afford not to monitor its DNS servers. Hijacking of DNS servers could severely hurt the credibility of the website in question and could end up losing millions if not billions of dollars in revenue.

If you have employed any other means of security for your DNS servers, do share it in our comments section.