Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Universities Offer Practical Advice for Securing DNS

The Research and Education Networking Information Sharing and Analysis Center, or REN-ISAC, recently issued an alert to administrators and IT staffers at some of the world’s most notable institutions of higher learning that urges them to take the matter of securing DNS seriously.

The Research and Education Networking Information Sharing and Analysis Center, or REN-ISAC, recently issued an alert to administrators and IT staffers at some of the world’s most notable institutions of higher learning that urges them to take the matter of securing DNS seriously.

The REN-ISAC alert cites the recent Spamhaus attack as a perfect example of why DNS configuration should be a priority, if only to prevent the institution from becoming an unwitting accomplice to similar attacks in the future – and given the success of the last one, it’s only a matter of time before it happens again.

“These attacks may exploit thousands of institutional DNS servers to create an avalanche of network traffic aimed at a third-party victim. The traffic sourced by any single institutional system may be small enough to go unnoticed at the institution; however, the aggregate experienced at the target can be crippling,” the advisory explains.

“To put that in context, most universities and organizations connect to the Internet at 1 Gbps or less. In this incident not only was the intended victim crippled, Internet service providers and security service providers attempting to mitigate the attack were adversely affected.”

Related Reading: Now is the Time for Source Address Validation

The advisory goes on the list seven things that institutions can do to harden their DNS deployments, but it’s a list that can be used by any organization with a need to strengthen their own infrastructure.

First and foremost, the main piece of advice centers on limiting recursive resolvers, as “it is absolutely critical all university recursive resolvers are properly configured so they only answer queries for the local users they’re meant to be serving,” the advisory states. One way of doing this, the advisory says, by limiting access to the recursive resolvers to only the enterprise’s IP addresses.

Advertisement. Scroll to continue reading.

Further advice includes rate limiting authoritative name servers, and using router ACLs so that queries from the outside can only go to permitted authoritative name servers. This “mitigates risk from various uncontrolled devices, such as Internet appliances that have an embedded DNS service.”

The full advisory, along with additional resources, is available online.  

Related ReadingNow is the Time for Source Address Validation

Related ReadingDutchman Arrested in Spain for ‘Biggest Ever’ Cyberattack

Related Reading: Cyberattack Capable of Downing Entire Internet Is Unlikely

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...