In our previous article on Domain Name System (DNS) Infrastructure Hijacking — or simply referred to as domain hijacking or DNS hijacking — we discussed the various areas in an organization’s infrastructure that are often left vulnerable and open to exploitation from outside actors. Today we’ll be discussing the ways you can protect and mitigate these DNS vulnerabilities.
Domain Hijacking Refresher
In a quick recap from our previous blog, DNS hijacking occurs when a threat actor essentially takes control of your website so anyone who visits it is redirected to the criminal’s website, instead. Obviously, when this happens, it’s not a great look for your enterprise. The visitors themselves become compromised and can be manipulated into everything from having their banking credentials stolen, installing malware (often just from visiting the site), or even having their machine added to a botnet campaign. In each of these instances, the visitors’ trust in your organization’s legitimacy is being taken advantage of.
How to Prevent Domain Hijacking
Like with all general cybersecurity, there are numerous steps you can take to prevent the hijacking of your DNS and the resulting impact it has on your site’s traffic.
Install Firewalls Around Your DNS Resolver
Every DNS has legitimate resolvers. Attackers may install fake resolvers in the DNS to compromise it and intercept the legitimate ones. To prevent this from happening, have the IT team place the legitimate resolvers behind a firewall, and shut down all non-required DNS resolvers.
Increase Restrictions on Access to Name Servers
An attacker could be an enemy within your organization. As such, the IT team should ensure a physical security system, multi-factor authentication access, and a reliable firewall to limit access to the organization’s DNS.
Prevent Cache Poisoning
Common measures to prevent website cache poisoning include randomizing user identity, randomizing server source ports, and using both upper and lower cases in your organization’s domain name.
Fix Known Vulnerabilities
Cybercriminals capitalize on obvious vulnerabilities to initiate attacks on DNS. Have your IT team examine the DNS for any vulnerabilities and immediately patch them up to prevent attacks.
Avoid Zone Transfers
DNS zone records are delicate files that contain data that is often targeted by attackers. The hackers may pose as slave name servers requesting for a zone transfer, which involves copying server zone records. To prevent this vulnerability, avoid zone transfers.
Deploy Mitigation Measures for End-Users
Besides advertising products to hijacked traffic, DNS hijackers also target user data and credentials. Website users can prevent hijacking by frequently changing their passwords, installing and updating their computer anti-viruses, and using reliable virtual private networks.
Ensure Secure Access
DNS access should be limited to only a few members of the IT team, who should have a multi-factor authentication whenever accessing the domain name server registrar. This measure will significantly avoid DNS hacking. If convenient for the IT team, only a few whitelisted Internet Protocol addresses should access the domain name registrar.
Deploy a Client Lock
To enhance DNS security, some DNS registrars use client locks. The lock disables the option to change DNS records unless the request is made from a particular IP address. Use A Domain Name Service provider with a Domain Name System Security Extension (DNSSEC). A DNSSEC uses digital signatures and public keys to verify the validity of DNS requests. If your DNS registrar offers DNSSEC, enable it to add a layer of protection that makes it challenging for attackers to intercept and redirect traffic from your website to a fake site.
Keeping your organization’s website safe from DNS hijackers is essential. Your website is the face of your business, and often it’s the very first impression a visitor has about you. If your website redirects traffic to something nefarious, that’s a very bad first impression indeed.
Should you require assistance with implementing the security measures outlined above, please contact us. We’ll make certain your visitors’ trust in your legitimacy is never taken advantage of.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!