Protecting Against the Critical DNS Bug: Executive Summary

Attack details on how to quickly take over a vulnerable DNS server - essential for every network to guide Internet traffic - are now officially public after researcher Dan Kaminsky's BlackHat presentation. If you want to make sure your company is safe, here's what you need to know.

1. It's real. While some have charged that the risk has been overblown, it's clear that the flaw allows for hijacking an entire network's Internet traffic. All e-mails sent outside the company could be intercepted. Any attempt to visit any external Web site from a company PC could be forced to run an attack page instead. Similar flaws have been hit before in just such ways.

2. It requires a careful fix. While applying a patch to DNS servers is essential, it also has to be done carefully. Any change to crucial network infrastructure such as these servers has the potential to effectively shut down your network if it's done wrong. Make sure your IT does it carefully - and outside of normal work hours.

3. Internal servers aren't safe. Your mistaken IT might tell you your servers are safe because they sit behind a firewall. They aren't. Kaminsky outlined a number of ways that internal, firewall-protected servers could be poisoned (such as sending an e-mail from an attacker's controlled domain, forcing a dns lookup).

4. An easy check: to see if your company servers are vulnerable, run Kaminsky's easy check at doxpara.com (click the 'Check my DNS button on the upper right). A thumbs-up doesn't necessarily mean your entire network is safe, as you may have different dns servers in use for different parts of your network.

5. Your fix-it options: Apply the patch for your particular DNS server. Or switch to a protected service like OpenDNS where you use their servers.

On a final note, Kaminsky says that most home users are probably safe, as the ISP servers they use for DNS are likely updated. But you can use Kaminsky's test from home, and if your ISP has a problem you can also use OpenDNS.

For technical details on the flaw, take a look at from his BlackHat presentation.

Recommend this story?
Vote Yes
Vote No
0 Yes
0 No
Email
Comment

Community Comments

News For Your Business

More News

News

Business Center - September 5, 2008
Oracle Said to Be Making Progress on Fusion Apps Oracle has reportedly made significant progress on its long-awaited Fusion Applications.
Business Center - September 5, 2008
Libertarian Barr, EPIC Outline Privacy Agenda EPIC and Libertarian candidate Bob Barr say presidential candidates need to pay more attention to privacy issues.
Web-based Applications - September 5, 2008
NetSuite Says Chrome-optimized Apps Are Flying NetSuite tweaks its hosted business applications for CRM, e-commerce, accounting and services automation to take advantage of Chrome's fast handling of Ajax elements.
Business Center - September 5, 2008
As Google Turns 10, Enterprise Success in Question Most computer industry companies would feel satisfied with ruling the highly lucrative and technically complex search engine...

Featured Resources

Premier Content From Our Sponsors

HP Ink Center You don't need a big budget to produce high quality marketing materials. Click here for more info...
CDW Virtualization Center What is Virtualization and how can it help you save money? Click here for more info...

Featured Whitepapers

White papers, case studies and product info from top brands

E-Discovery �� Implications for Your Business The first 150 registrants will receive a FREE Amazon.com Gift Card.New Federal Rules of Civil Procedure require companies of every size and type to be able to quickly retrieve electronic files subject to litigation, or pay hefty fines. This can be e...
A New Breed of Data Warehouse The potential benefits of enterprise data warehouse technology are clear: organizations can store and access huge volumes of historical and current information that provide end-users with unprecedented business insight and help them make more inform...