In short, the domain name hijacking is to visit a site originally intended users unknowingly, taking to the fake website, such as the user ready access to a well-known brands in the online store, a hacker by domain name hijacking means to bring it to a fake online store, while collecting the user's ID information and password.
this crime generally through DNS server cache poisoning (cache poisoning) or domain name hijacking to achieve. recent months , hackers have to demonstrate the dangers of such attacks. This year in March, SANS Institute found that a well-known brand name will be 1,300 to change the direction of the cache poisoning attack, these brands include ABC, American Express, Citi and Verizon Wireless, etc.; January, Panix an Australian domain name was hijacked by hackers; April, Hushmail's main name server's IP address is modified to connect to a hacker graffiti site.
tracking statistics on domain name hijacking incident has not . However, the anti-phishing Working Group (APWG) that the issue is quite serious, the group has hijacked the domain name go to the task of being the focus of recent work.
experts say, cache poisoning and domain name hijacking problems already caused the attention of relevant bodies, and, with the growing number of online brands, turnover is increasing, this problem has become more prominent, there is reason to fear that crooks will soon be deceived by such a large number of users hacking technology in order to gain valuable personal information, causing confusion in the market online.
Although the technical and domain hijacking to solve very complex organization. But in the present circumstances, we can take some measures to protect the enterprise's DNS domain name server and domain name are not manipulated by liars.
crack
DNS security dilemma is the source Berkeley Internet Domain (BIND). BIND full of widely reported over the past 5 years, the various security issues. VeriSign's chief security officer Ken Silva said that if you use a BIND-based DNS server, DNS management follow best practices to do.
SANS chief research officer Johannes said: measure is consistently patch DNS servers, make it up to date. . However, if not from BlueCat Networks, Cisco, F5 Networks, Lucent and Nortel and other equipment manufacturers to provide DNS management interface, complete such migration is very difficult and time consuming. Some companies, such as Hushmail, chose to use open source Code TinyDNS instead of BIND. alternative DNS software options including from Microsoft, PowerDNS, JH Software and other vendors.
matter what you use DNS, please follow these best practices:
1. in a different separate domain running on the network server to obtain redundancy.
2. to separate the external and internal domain name servers (physically separate or run BIND Views) and use the transponder (forwarders). shall be subject to an external domain name server from almost any address in the query, but the transponders are not accepted. They should be configured to only accept queries from internal addresses. off the external DNS servers, recursive functions (starting from the root down to locate DNS server records the process). This limit which DNS server and Internet links.
3. possible to limit the dynamic DNS updates.
4. to limit zone transfers only to authorized devices.
5. using transaction signatures of regional transmission and regional update the digital signature.
6. hidden BIND running on the server version.
7. remove the DNS server running unnecessary services, such as FTP, telnet, and HTTP.
8. at the network perimeter and the DNS server, firewall services. to restrict access to DNS feature requires that the port / service.
responsibility for domain name registrars hijacking problem is tackled from the organization an important part. Not long ago , a customer service representative fraud hackers modified the Hushmail's primary domain name server's IP address. For this time, Hushmail's CTO Brian Smith has been hurled endless, hackers so easy to deceive their domain name registration business customer service representative, it does so irritating.
Smith said: Since this happened, I have been looking for this registrar. risk. However, if not from BlueCat Networks, Cisco, F5 Networks, Lucent and Nortel and other equipment manufacturers to provide DNS management interface, complete such migration is very difficult and time consuming. Some companies, such as Hushmail, chose to use open instead of source code TinyDNS BIND. alternative DNS software options including from Microsoft, PowerDNS, JH Software and other vendors.
matter what you use DNS, please follow the following best practices:
1. in a different running on separate networks to obtain the domain name server redundancy.
2. to separate the external and internal domain name servers (physically separate or run BIND Views) and use the transponder (forwarders). shall accept from an external domain name server almost any address queries, but do not accept transponder. They should be configured to accept only queries from internal addresses. off the external DNS servers, recursive functions (starting from the root down to locate DNS server records the process). This What DNS server can limit contact with the Internet.
3. possible to limit the dynamic DNS updates.
4. to limit zone transfers only to authorized devices.
5. the use of regional transmission and transaction signatures Regional updates the digital signature.
6. hidden BIND running on the server version.
7. Remove the DNS server running unnecessary services, such as FTP, telnet, and HTTP.
8. in the network DNS servers on the perimeter and firewall services. to restrict access to DNS feature requires that the port / service.
No comments:
Post a Comment