Keith Glancey at Infoblox explains why DNS security needs to be front of mind in the new, hybrid era
Whilst hybrid working isn’t a totally new phenomenon, as many organisations have looked beyond their on-premise infrastructure for years, there is no doubt its adoption has been drastically accelerated by the pandemic.
However, as applications and data spread across multiple endpoints, the network becomes increasingly decentralised, bringing a unique set of security challenges, including an increase in Distributed Denial-of-Service (DDoS) attacks which target the Domain Name System (DNS). These attacks can cause serious damage to a business, both financially and in terms of reputation.
Despite the government no longer advising people to work from home, many organisations don’t plan on rushing back to the office. In fact, with 84% of UK businesses planning to implement a flexible or fully remote strategy moving forward, it’s clear that the future for many of us will be hybrid. In order to succeed in this new hybrid world, businesses will need to have an effective DNS security strategy in place.
New landscape: new security challenges
In traditional office-based environments, all the IT infrastructure typically sits in one or more regional or centralised data centre, which can be easily managed with on-premise solutions. However, when we expand the environment to incorporate employees’ homes or chosen places of work, we also expand the digital attack surface.
As employees across the globe move towards the edge of the network and increasingly rely on IoT devices, cloud networks and applications, and SaaS-provided services, gaps in security can open up, with malicious attackers waiting in the wings to take advantage.
It’s against this background that DDoS attacks are becoming more popular than ever. In fact, recent research discovered that they increased by 341% over the course of the pandemic. This is because an increasingly remote workforce relies on cloud-based applications and tools and businesses are forced to expose enterprise services that would otherwise be within their secure Local Area Network (LAN) environment to the internet.
To make matters worse, these DDoS attacks are not just increasing in terms of frequency, but also in size and duration. In the first quarter of 2020, Kaspersky reported that the average attack length increased by 24% compared to the same period the year before. Meanwhile, last year, Amazon’s AWS Shield service mitigated the largest DDoS attack ever recorded, at 2.3 Tbps.
In our new hybrid world, a growing number of DDoS attacks target the DNS. DNS has traditionally been referred to as the telephone book of the Internet. Every device connected to the Internet has a unique IP address that other machines use to communicate with this device. DNS ensures that people don’t have to remember these long, complex IP addresses for every website they want to visit. The service has become essential to our every-day lives. However it is also often the weakest part of the security chain, especially in our newly distributed environments.
Because DNS is such a critical part of IT infrastructure, it is often a popular target for hackers who wish to disrupt a business’s services or use it as a distraction for other attacks. A DDoS attack that uses DNS typically will either attack the organisation’s own network or use it to carry out attacks elsewhere.
Both types of attack can have severe financial and reputational consequences, as networks are compromised and taken offline. It has therefore never been more important for organisations to shore up their defenses and protect DNS.
Don’t let DDoS shut down your DNS
There are a number of steps organisations can take to combat these types of attack. If you want to prevent others from misusing your DNS, it is important to protect your own resources. For example, businesses can prevent IP address spoofing, and prevent their own resources from being used in an attack, by blocking all outgoing network traffic that does not use approved addresses.
In order to protect their own network traffic, businesses first need to know what their “normal” is. If you don’t know your average DNS query count, you won’t know when you’re being attacked. Make sure to check more than just server requests. In fact, switch, router and firewall processes should also be continually monitored.
All this can be easily automated with the latest AI technologies. By bundling DNS monitoring with monitoring protocols such as Dynamic Host Configuration Protocol (DHCP) and IP Address Management (IPAM), business leaders can increase the efficiency of threat detection and enable IT teams to focus more on targeted defense of the network.
Many providers also offer filters that route attack traffic through a system that removes any rogue and potentially dangerous requests. Commonly referred to as traffic scrubbing, this method should mean that only approved traffic ends up on the network.
Every day, an increasing number of businesses are announcing plans to incorporate hybrid working as part of their future strategy. And every day, DDoS attacks using DNS increase in response.
As decentralisation becomes the norm, it’s more important than ever that companies are aware of this critical part of their infrastructure and that they deploy the right resources and strategies to protect themselves against these malicious attackers.
Keith Glancey, Systems Engineering Manager, Western Europe, Infoblox
Main image courtesy of iStockPhoto.com